django-rest-framework/djangorestframework/views.py

183 lines
6.4 KiB
Python
Raw Normal View History

"""
The :mod:`views` module provides the Views you will most probably
be subclassing in your implementation.
By setting or modifying class attributes on your view, you change it's predefined behaviour.
"""
2011-05-04 12:21:17 +04:00
from django.core.urlresolvers import set_script_prefix
from django.http import HttpResponse
2011-05-04 12:21:17 +04:00
from django.views.decorators.csrf import csrf_exempt
from djangorestframework.compat import View as DjangoView
2011-05-04 12:21:17 +04:00
from djangorestframework.response import Response, ErrorResponse
from djangorestframework.mixins import *
2011-05-12 18:11:14 +04:00
from djangorestframework import resources, renderers, parsers, authentication, permissions, status
2011-05-04 12:21:17 +04:00
2011-05-10 15:21:48 +04:00
__all__ = (
'View',
2011-05-10 15:21:48 +04:00
'ModelView',
'InstanceModelView',
'ListModelView',
2011-05-10 15:21:48 +04:00
'ListOrCreateModelView'
)
2011-05-04 12:21:17 +04:00
class View(ResourceMixin, RequestMixin, ResponseMixin, AuthMixin, DjangoView):
"""
Handles incoming requests and maps them to REST operations.
Performs request deserialization, response serialization, authentication and input validation.
"""
2011-05-04 12:21:17 +04:00
"""
The resource to use when validating requests and filtering responses,
or `None` to use default behaviour.
"""
resource = None
2011-05-04 12:21:17 +04:00
"""
List of renderers the resource can serialize the response with, ordered by preference.
"""
2011-05-04 12:21:17 +04:00
renderers = ( renderers.JSONRenderer,
renderers.DocumentingHTMLRenderer,
renderers.DocumentingXHTMLRenderer,
renderers.DocumentingPlainTextRenderer,
renderers.XMLRenderer )
"""
List of parsers the resource can parse the request with.
"""
2011-05-04 12:21:17 +04:00
parsers = ( parsers.JSONParser,
parsers.FormParser,
2011-05-10 13:49:28 +04:00
parsers.MultiPartParser )
2011-05-04 12:21:17 +04:00
"""
List of all authenticating methods to attempt.
"""
2011-06-07 17:12:02 +04:00
authentication = ( authentication.UserLoggedInAuthentication,
authentication.BasicAuthentication )
2011-05-04 12:21:17 +04:00
"""
List of all permissions that must be checked.
"""
2011-05-04 12:21:17 +04:00
permissions = ( permissions.FullAnonAccess, )
2011-06-13 22:42:37 +04:00
2011-05-23 20:07:31 +04:00
@classmethod
def as_view(cls, **initkwargs):
"""
Override the default :meth:`as_view` to store an instance of the view
as an attribute on the callable function. This allows us to discover
information about the view when we do URL reverse lookups.
"""
view = super(View, cls).as_view(**initkwargs)
2011-05-23 20:07:31 +04:00
view.cls_instance = cls(**initkwargs)
return view
2011-05-04 12:21:17 +04:00
@property
def allowed_methods(self):
2011-05-12 18:11:14 +04:00
"""
Return the list of allowed HTTP methods, uppercased.
"""
2011-05-04 12:21:17 +04:00
return [method.upper() for method in self.http_method_names if hasattr(self, method)]
2011-05-13 12:59:36 +04:00
2011-05-04 12:21:17 +04:00
def http_method_not_allowed(self, request, *args, **kwargs):
"""
2011-05-13 12:59:36 +04:00
Return an HTTP 405 error if an operation is called which does not have a handler method.
"""
2011-05-04 12:21:17 +04:00
raise ErrorResponse(status.HTTP_405_METHOD_NOT_ALLOWED,
2011-05-12 18:11:14 +04:00
{'detail': 'Method \'%s\' not allowed on this resource.' % self.method})
2011-05-04 12:21:17 +04:00
def initial(self, request, *args, **kargs):
"""
Hook for any code that needs to run prior to anything else.
Required if you want to do things like set `request.upload_handlers` before
the authentication and dispatch handling is run.
"""
pass
2011-06-13 22:42:37 +04:00
def add_header(self, field, value):
"""
Add *field* and *value* to the :attr:`headers` attribute of the :class:`View` class.
"""
self.headers[field] = value
2011-05-04 12:21:17 +04:00
# Note: session based authentication is explicitly CSRF validated,
# all other authentication is CSRF exempt.
@csrf_exempt
def dispatch(self, request, *args, **kwargs):
2011-06-27 13:30:00 +04:00
self.request = request
self.args = args
self.kwargs = kwargs
self.headers = {}
# Calls to 'reverse' will not be fully qualified unless we set the scheme/host/port here.
prefix = '%s://%s' % (request.is_secure() and 'https' or 'http', request.get_host())
set_script_prefix(prefix)
try:
2011-06-27 13:30:00 +04:00
self.initial(request, *args, **kwargs)
# Authenticate and check request has the relevant permissions
self._check_permissions()
# Get the appropriate handler method
if self.method.lower() in self.http_method_names:
handler = getattr(self, self.method.lower(), self.http_method_not_allowed)
else:
handler = self.http_method_not_allowed
response_obj = handler(request, *args, **kwargs)
# Allow return value to be either HttpResponse, Response, or an object, or None
if isinstance(response_obj, HttpResponse):
return response_obj
elif isinstance(response_obj, Response):
response = response_obj
elif response_obj is not None:
response = Response(status.HTTP_200_OK, response_obj)
else:
response = Response(status.HTTP_204_NO_CONTENT)
# Pre-serialize filtering (eg filter complex objects into natively serializable types)
response.cleaned_content = self.filter_response(response.raw_content)
2011-06-27 13:30:00 +04:00
except ErrorResponse, exc:
response = exc.response
# Always add these headers.
#
# TODO - this isn't actually the correct way to set the vary header,
# also it's currently sub-obtimal for HTTP caching - need to sort that out.
response.headers['Allow'] = ', '.join(self.allowed_methods)
response.headers['Vary'] = 'Authenticate, Accept'
2011-06-13 22:42:37 +04:00
2011-06-27 13:30:00 +04:00
# merge with headers possibly set at some point in the view
response.headers.update(self.headers)
return self.render(response)
2011-05-04 12:21:17 +04:00
class ModelView(View):
2011-05-04 12:21:17 +04:00
"""A RESTful view that maps to a model in the database."""
2011-05-12 18:11:14 +04:00
resource = resources.ModelResource
2011-05-04 12:21:17 +04:00
class InstanceModelView(InstanceMixin, ReadModelMixin, UpdateModelMixin, DeleteModelMixin, ModelView):
2011-05-04 12:21:17 +04:00
"""A view which provides default operations for read/update/delete against a model instance."""
2011-05-23 20:07:31 +04:00
_suffix = 'Instance'
2011-05-04 12:21:17 +04:00
2011-05-10 13:49:28 +04:00
class ListModelView(ListModelMixin, ModelView):
2011-05-23 20:07:31 +04:00
"""A view which provides default operations for list, against a model in the database."""
_suffix = 'List'
2011-05-04 12:21:17 +04:00
2011-05-10 13:49:28 +04:00
class ListOrCreateModelView(ListModelMixin, CreateModelMixin, ModelView):
2011-05-23 20:07:31 +04:00
"""A view which provides default operations for list and create, against a model in the database."""
_suffix = 'List'