django-rest-framework/djangorestframework/mixins.py

641 lines
21 KiB
Python
Raw Normal View History

"""
The :mod:`mixins` module provides a set of reusable `mixin`
classes that can be added to a `View`.
"""
2011-04-11 14:47:22 +04:00
2011-05-10 13:49:28 +04:00
from django.contrib.auth.models import AnonymousUser
from django.db.models.query import QuerySet
from django.db.models.fields.related import ForeignKey
2011-04-11 19:54:02 +04:00
from django.http import HttpResponse
2011-05-10 15:51:49 +04:00
from django.http.multipartparser import LimitBytes
2011-05-02 22:49:12 +04:00
2011-05-10 13:49:28 +04:00
from djangorestframework import status
from djangorestframework.parsers import FormParser, MultiPartParser
from djangorestframework.renderers import BaseRenderer
from djangorestframework.resources import Resource, FormResource, ModelResource
2011-05-10 13:49:28 +04:00
from djangorestframework.response import Response, ErrorResponse
from djangorestframework.utils import as_tuple, MSIE_USER_AGENT_REGEX
from djangorestframework.utils.mediatypes import is_form_media_type, order_by_precedence
2011-05-10 13:49:28 +04:00
2011-04-11 19:54:02 +04:00
from decimal import Decimal
import re
2011-05-10 13:49:28 +04:00
from StringIO import StringIO
2011-04-11 19:54:02 +04:00
2011-05-10 15:21:48 +04:00
__all__ = (
# Base behavior mixins
2011-05-10 15:21:48 +04:00
'RequestMixin',
'ResponseMixin',
'AuthMixin',
'ResourceMixin',
# Reverse URL lookup behavior
'InstanceMixin',
# Model behavior mixins
2011-05-10 15:21:48 +04:00
'ReadModelMixin',
'CreateModelMixin',
'UpdateModelMixin',
'DeleteModelMixin',
'ListModelMixin'
)
2011-05-10 13:49:28 +04:00
2011-04-11 19:54:02 +04:00
########## Request Mixin ##########
class RequestMixin(object):
2011-05-10 13:49:28 +04:00
"""
`Mixin` class to provide request parsing behavior.
2011-05-10 13:49:28 +04:00
"""
_USE_FORM_OVERLOADING = True
_METHOD_PARAM = '_method'
_CONTENTTYPE_PARAM = '_content_type'
_CONTENT_PARAM = '_content'
2011-05-13 12:59:36 +04:00
"""
The set of request parsers that the view can handle.
Should be a tuple/list of classes as described in the :mod:`parsers` module.
2011-05-13 12:59:36 +04:00
"""
2011-04-11 14:47:22 +04:00
parsers = ()
2011-05-12 18:11:14 +04:00
@property
def method(self):
"""
2011-05-12 18:11:14 +04:00
Returns the HTTP method.
2011-05-13 12:59:36 +04:00
This should be used instead of just reading :const:`request.method`, as it allows the `method`
to be overridden by using a hidden `form` field on a form POST request.
"""
if not hasattr(self, '_method'):
self._load_method_and_content_type()
return self._method
2011-05-12 18:11:14 +04:00
@property
def content_type(self):
"""
2011-05-10 13:49:28 +04:00
Returns the content type header.
2011-05-13 12:59:36 +04:00
This should be used instead of ``request.META.get('HTTP_CONTENT_TYPE')``,
as it allows the content type to be overridden by using a hidden form
field on a form POST request.
"""
if not hasattr(self, '_content_type'):
self._load_method_and_content_type()
return self._content_type
2011-05-12 18:11:14 +04:00
@property
def DATA(self):
"""
2011-05-13 12:59:36 +04:00
Parses the request body and returns the data.
Similar to ``request.POST``, except that it handles arbitrary parsers,
and also works on methods other than POST (eg PUT).
"""
2011-05-12 18:11:14 +04:00
if not hasattr(self, '_data'):
self._load_data_and_files()
return self._data
@property
def FILES(self):
"""
2011-05-13 12:59:36 +04:00
Parses the request body and returns the files.
Similar to ``request.FILES``, except that it handles arbitrary parsers,
2011-05-13 12:59:36 +04:00
and also works on methods other than POST (eg PUT).
2011-05-12 18:11:14 +04:00
"""
if not hasattr(self, '_files'):
self._load_data_and_files()
return self._files
def _load_data_and_files(self):
"""
Parse the request content into self.DATA and self.FILES.
"""
if not hasattr(self, '_content_type'):
self._load_method_and_content_type()
if not hasattr(self, '_data'):
(self._data, self._files) = self._parse(self._get_stream(), self._content_type)
def _load_method_and_content_type(self):
2011-05-12 18:14:22 +04:00
"""
Set the method and content_type, and then check if they've been overridden.
2011-05-12 18:14:22 +04:00
"""
self._method = self.request.method
self._content_type = self.request.META.get('HTTP_CONTENT_TYPE', self.request.META.get('CONTENT_TYPE', ''))
self._perform_form_overloading()
def _get_stream(self):
"""
Returns an object that may be used to stream the request content.
"""
request = self.request
try:
content_length = int(request.META.get('CONTENT_LENGTH', request.META.get('HTTP_CONTENT_LENGTH')))
except (ValueError, TypeError):
content_length = 0
# TODO: Add 1.3's LimitedStream to compat and use that.
# NOTE: Currently only supports parsing request body as a stream with 1.3
if content_length == 0:
return None
elif hasattr(request, 'read'):
return request
return StringIO(request.raw_post_data)
def _perform_form_overloading(self):
"""
If this is a form POST request, then we need to check if the method and content/content_type have been
overridden by setting them in hidden form fields or not.
"""
2011-05-12 18:11:14 +04:00
# We only need to use form overloading on form POST requests.
if not self._USE_FORM_OVERLOADING or self._method != 'POST' or not is_form_media_type(self._content_type):
return
# At this point we're committed to parsing the request as form data.
self._data = data = self.request.POST.copy()
self._files = self.request.FILES
# Method overloading - change the method and remove the param from the content.
if self._METHOD_PARAM in data:
# NOTE: unlike `get`, `pop` on a `QueryDict` seems to return a list of values.
self._method = self._data.pop(self._METHOD_PARAM)[0].upper()
# Content overloading - modify the content type, and re-parse.
if self._CONTENT_PARAM in data and self._CONTENTTYPE_PARAM in data:
self._content_type = self._data.pop(self._CONTENTTYPE_PARAM)[0]
stream = StringIO(self._data.pop(self._CONTENT_PARAM)[0])
(self._data, self._files) = self._parse(stream, self._content_type)
2011-04-11 16:52:16 +04:00
def _parse(self, stream, content_type):
2011-04-11 14:24:14 +04:00
"""
Parse the request content.
2011-05-10 13:49:28 +04:00
May raise a 415 ErrorResponse (Unsupported Media Type), or a 400 ErrorResponse (Bad Request).
2011-04-11 14:24:14 +04:00
"""
2011-04-11 14:47:22 +04:00
if stream is None or content_type is None:
return (None, None)
2011-04-11 14:47:22 +04:00
2011-04-11 14:24:14 +04:00
parsers = as_tuple(self.parsers)
for parser_cls in parsers:
2011-05-10 13:49:28 +04:00
parser = parser_cls(self)
if parser.can_handle_request(content_type):
return parser.parse(stream)
2011-04-11 14:24:14 +04:00
2011-05-10 13:49:28 +04:00
raise ErrorResponse(status.HTTP_415_UNSUPPORTED_MEDIA_TYPE,
{'error': 'Unsupported media type in request \'%s\'.' %
content_type})
2011-04-11 14:24:14 +04:00
2011-04-11 14:24:14 +04:00
@property
2011-05-12 18:11:14 +04:00
def _parsed_media_types(self):
"""
2011-05-12 18:11:14 +04:00
Return a list of all the media types that this view can parse.
"""
2011-04-11 14:24:14 +04:00
return [parser.media_type for parser in self.parsers]
2011-04-11 19:54:02 +04:00
2011-04-11 14:24:14 +04:00
@property
2011-05-12 18:11:14 +04:00
def _default_parser(self):
"""
Return the view's default parser class.
"""
2011-04-11 14:24:14 +04:00
return self.parsers[0]
2011-04-11 19:54:02 +04:00
2011-04-11 19:54:02 +04:00
########## ResponseMixin ##########
class ResponseMixin(object):
2011-05-10 13:49:28 +04:00
"""
Adds behavior for pluggable `Renderers` to a :class:`views.View` class.
2011-04-11 19:54:02 +04:00
2011-05-10 15:51:49 +04:00
Default behavior is to use standard HTTP Accept header content negotiation.
Also supports overriding the content type by specifying an ``_accept=`` parameter in the URL.
2011-05-10 13:49:28 +04:00
Ignores Accept headers from Internet Explorer user agents and uses a sensible browser Accept header instead.
"""
2011-05-12 18:11:14 +04:00
_ACCEPT_QUERY_PARAM = '_accept' # Allow override of Accept header in URL query params
_IGNORE_IE_ACCEPT_HEADER = True
2011-04-11 19:54:02 +04:00
2011-05-13 12:59:36 +04:00
"""
The set of response renderers that the view can handle.
Should be a tuple/list of classes as described in the :mod:`renderers` module.
2011-05-13 12:59:36 +04:00
"""
2011-04-28 22:54:30 +04:00
renderers = ()
2011-05-13 12:59:36 +04:00
2011-05-10 15:59:13 +04:00
# TODO: wrap this behavior around dispatch(), ensuring it works
# out of the box with existing Django classes that use render_to_response.
2011-04-28 22:54:30 +04:00
def render(self, response):
2011-05-10 13:49:28 +04:00
"""
Takes a :obj:`Response` object and returns an :obj:`HttpResponse`.
2011-05-10 13:49:28 +04:00
"""
2011-04-11 19:54:02 +04:00
self.response = response
try:
renderer, media_type = self._determine_renderer(self.request)
2011-04-11 19:54:02 +04:00
except ErrorResponse, exc:
renderer = self._default_renderer(self)
media_type = renderer.media_type
2011-04-11 19:54:02 +04:00
response = exc.response
# Set the media type of the response
# Note that the renderer *could* override it in .render() if required.
response.media_type = renderer.media_type
2011-04-11 19:54:02 +04:00
# Serialize the response content
if response.has_content_body:
content = renderer.render(response.cleaned_content, media_type)
2011-04-11 19:54:02 +04:00
else:
content = renderer.render()
2011-04-11 19:54:02 +04:00
# Build the HTTP Response
resp = HttpResponse(content, mimetype=response.media_type, status=response.status)
2011-04-11 19:54:02 +04:00
for (key, val) in response.headers.items():
resp[key] = val
return resp
2011-04-28 22:54:30 +04:00
def _determine_renderer(self, request):
2011-05-10 15:51:49 +04:00
"""
Determines the appropriate renderer for the output, given the client's 'Accept' header,
and the :attr:`renderers` set on this class.
Returns a 2-tuple of `(renderer, media_type)`
2011-05-10 15:51:49 +04:00
See: RFC 2616, Section 14 - http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
"""
2011-04-11 19:54:02 +04:00
2011-05-12 18:11:14 +04:00
if self._ACCEPT_QUERY_PARAM and request.GET.get(self._ACCEPT_QUERY_PARAM, None):
2011-04-11 19:54:02 +04:00
# Use _accept parameter override
2011-05-12 18:11:14 +04:00
accept_list = [request.GET.get(self._ACCEPT_QUERY_PARAM)]
elif (self._IGNORE_IE_ACCEPT_HEADER and
2011-04-11 19:54:02 +04:00
request.META.has_key('HTTP_USER_AGENT') and
MSIE_USER_AGENT_REGEX.match(request.META['HTTP_USER_AGENT'])):
# Ignore MSIE's broken accept behavior and do something sensible instead
2011-04-11 19:54:02 +04:00
accept_list = ['text/html', '*/*']
elif request.META.has_key('HTTP_ACCEPT'):
# Use standard HTTP Accept negotiation
accept_list = [token.strip() for token in request.META["HTTP_ACCEPT"].split(',')]
2011-04-11 19:54:02 +04:00
else:
# No accept header specified
accept_list = ['*/*']
# Check the acceptable media types against each renderer,
# attempting more specific media types first
# NB. The inner loop here isn't as bad as it first looks :)
# Worst case is we're looping over len(accept_list) * len(self.renderers)
renderers = [renderer_cls(self) for renderer_cls in self.renderers]
for accepted_media_type_lst in order_by_precedence(accept_list):
for renderer in renderers:
for accepted_media_type in accepted_media_type_lst:
if renderer.can_handle_response(accepted_media_type):
return renderer, accepted_media_type
# No acceptable renderers were found
2011-04-11 19:54:02 +04:00
raise ErrorResponse(status.HTTP_406_NOT_ACCEPTABLE,
{'detail': 'Could not satisfy the client\'s Accept header',
2011-05-12 18:11:14 +04:00
'available_types': self._rendered_media_types})
2011-04-11 19:54:02 +04:00
2011-04-11 19:54:02 +04:00
@property
2011-05-12 18:11:14 +04:00
def _rendered_media_types(self):
2011-05-10 15:51:49 +04:00
"""
2011-05-12 18:11:14 +04:00
Return an list of all the media types that this view can render.
2011-05-10 15:51:49 +04:00
"""
2011-04-28 22:54:30 +04:00
return [renderer.media_type for renderer in self.renderers]
@property
def _rendered_formats(self):
"""
Return a list of all the formats that this view can render.
"""
return [renderer.format for renderer in self.renderers]
2011-04-11 19:54:02 +04:00
@property
2011-05-12 18:11:14 +04:00
def _default_renderer(self):
2011-05-10 15:51:49 +04:00
"""
Return the view's default renderer class.
2011-05-10 15:51:49 +04:00
"""
2011-04-28 22:54:30 +04:00
return self.renderers[0]
2011-04-11 19:54:02 +04:00
########## Auth Mixin ##########
class AuthMixin(object):
2011-05-10 13:49:28 +04:00
"""
Simple :class:`mixin` class to add authentication and permission checking to a :class:`View` class.
2011-05-10 13:49:28 +04:00
"""
2011-05-13 12:59:36 +04:00
"""
The set of authentication types that this view can handle.
2011-05-19 11:49:57 +04:00
Should be a tuple/list of classes as described in the :mod:`authentication` module.
2011-05-13 12:59:36 +04:00
"""
authentication = ()
2011-05-13 12:59:36 +04:00
"""
The set of permissions that will be enforced on this view.
Should be a tuple/list of classes as described in the :mod:`permissions` module.
2011-05-13 12:59:36 +04:00
"""
permissions = ()
2011-05-13 12:59:36 +04:00
@property
2011-05-10 13:49:28 +04:00
def user(self):
2011-05-13 12:59:36 +04:00
"""
Returns the :obj:`user` for the current request, as determined by the set of
:class:`authentication` classes applied to the :class:`View`.
2011-05-13 12:59:36 +04:00
"""
2011-05-10 13:49:28 +04:00
if not hasattr(self, '_user'):
self._user = self._authenticate()
return self._user
def _authenticate(self):
2011-05-10 13:49:28 +04:00
"""
Attempt to authenticate the request using each authentication class in turn.
Returns a ``User`` object, which may be ``AnonymousUser``.
"""
for authentication_cls in self.authentication:
authentication = authentication_cls(self)
2011-05-10 13:49:28 +04:00
user = authentication.authenticate(self.request)
if user:
return user
return AnonymousUser()
2011-05-13 12:59:36 +04:00
2011-05-10 15:51:49 +04:00
# TODO: wrap this behavior around dispatch()
2011-05-10 13:49:28 +04:00
def _check_permissions(self):
"""
Check user permissions and either raise an ``ErrorResponse`` or return.
"""
user = self.user
for permission_cls in self.permissions:
permission = permission_cls(self)
2011-05-13 12:59:36 +04:00
permission.check_permission(user)
########## Resource Mixin ##########
2011-05-12 18:11:14 +04:00
class ResourceMixin(object):
"""
Provides request validation and response filtering behavior.
Should be a class as described in the :mod:`resources` module.
The :obj:`resource` is an object that maps a view onto it's representation on the server.
It provides validation on the content of incoming requests,
and filters the object representation into a serializable object for the response.
"""
resource = None
@property
def CONTENT(self):
2011-05-17 12:15:35 +04:00
"""
Returns the cleaned, validated request content.
May raise an :class:`response.ErrorResponse` with status code 400 (Bad Request).
2011-05-17 12:15:35 +04:00
"""
if not hasattr(self, '_content'):
self._content = self.validate_request(self.DATA, self.FILES)
return self._content
@property
def PARAMS(self):
"""
Returns the cleaned, validated query parameters.
May raise an :class:`response.ErrorResponse` with status code 400 (Bad Request).
"""
return self.validate_request(self.request.GET)
@property
def _resource(self):
if self.resource:
return self.resource(self)
elif getattr(self, 'model', None):
return ModelResource(self)
elif getattr(self, 'form', None):
return FormResource(self)
elif getattr(self, '%s_form' % self.method.lower(), None):
return FormResource(self)
return Resource(self)
def validate_request(self, data, files=None):
"""
Given the request *data* and optional *files*, return the cleaned, validated content.
May raise an :class:`response.ErrorResponse` with status code 400 (Bad Request) on failure.
"""
return self._resource.validate_request(data, files)
def filter_response(self, obj):
"""
Given the response content, filter it into a serializable object.
"""
return self._resource.filter_response(obj)
def get_bound_form(self, content=None, method=None):
return self._resource.get_bound_form(content, method=method)
2011-05-17 12:15:35 +04:00
##########
class InstanceMixin(object):
"""
`Mixin` class that is used to identify a `View` class as being the canonical identifier
for the resources it is mapped to.
2011-05-17 12:15:35 +04:00
"""
@classmethod
def as_view(cls, **initkwargs):
"""
Store the callable object on the resource class that has been associated with this view.
"""
view = super(InstanceMixin, cls).as_view(**initkwargs)
2011-05-23 20:07:31 +04:00
resource = getattr(cls(**initkwargs), 'resource', None)
if resource:
2011-05-17 12:15:35 +04:00
# We do a little dance when we store the view callable...
# we need to store it wrapped in a 1-tuple, so that inspect will treat it
# as a function when we later look it up (rather than turning it into a method).
# This makes sure our URL reversing works ok.
2011-05-23 20:07:31 +04:00
resource.view_callable = (view,)
2011-05-17 12:15:35 +04:00
return view
2011-05-02 22:49:12 +04:00
########## Model Mixins ##########
class ReadModelMixin(object):
2011-05-10 13:49:28 +04:00
"""
Behavior to read a `model` instance on GET requests
2011-05-10 13:49:28 +04:00
"""
2011-05-02 22:49:12 +04:00
def get(self, request, *args, **kwargs):
2011-05-04 12:21:17 +04:00
model = self.resource.model
2011-05-02 22:49:12 +04:00
try:
if args:
# If we have any none kwargs then assume the last represents the primrary key
self.model_instance = model.objects.get(pk=args[-1], **kwargs)
2011-05-02 22:49:12 +04:00
else:
# Otherwise assume the kwargs uniquely identify the model
filtered_keywords = kwargs.copy()
if BaseRenderer._FORMAT_QUERY_PARAM in filtered_keywords:
del filtered_keywords[BaseRenderer._FORMAT_QUERY_PARAM]
self.model_instance = model.objects.get(**filtered_keywords)
2011-05-04 12:21:17 +04:00
except model.DoesNotExist:
2011-05-02 22:49:12 +04:00
raise ErrorResponse(status.HTTP_404_NOT_FOUND)
return self.model_instance
2011-05-02 22:49:12 +04:00
class CreateModelMixin(object):
2011-05-10 13:49:28 +04:00
"""
Behavior to create a `model` instance on POST requests
2011-05-10 13:49:28 +04:00
"""
def post(self, request, *args, **kwargs):
2011-05-04 12:21:17 +04:00
model = self.resource.model
# Copy the dict to keep self.CONTENT intact
content = dict(self.CONTENT)
m2m_data = {}
for field in model._meta.fields:
if isinstance(field, ForeignKey) and kwargs.has_key(field.name):
# translate 'related_field' kwargs into 'related_field_id'
kwargs[field.name + '_id'] = kwargs[field.name]
del kwargs[field.name]
for field in model._meta.many_to_many:
if content.has_key(field.name):
m2m_data[field.name] = (
field.m2m_reverse_field_name(), content[field.name]
)
del content[field.name]
all_kw_args = dict(content.items() + kwargs.items())
2011-05-02 22:49:12 +04:00
if args:
2011-05-04 12:21:17 +04:00
instance = model(pk=args[-1], **all_kw_args)
2011-05-02 22:49:12 +04:00
else:
2011-05-04 12:21:17 +04:00
instance = model(**all_kw_args)
2011-05-02 22:49:12 +04:00
instance.save()
for fieldname in m2m_data:
manager = getattr(instance, fieldname)
if hasattr(manager, 'add'):
manager.add(*m2m_data[fieldname][1])
else:
data = {}
data[manager.source_field_name] = instance
for related_item in m2m_data[fieldname][1]:
data[m2m_data[fieldname][0]] = related_item
manager.through(**data).save()
2011-05-02 22:49:12 +04:00
headers = {}
if hasattr(instance, 'get_absolute_url'):
headers['Location'] = self.resource(self).url(instance)
2011-05-02 22:49:12 +04:00
return Response(status.HTTP_201_CREATED, instance, headers)
class UpdateModelMixin(object):
2011-05-10 13:49:28 +04:00
"""
Behavior to update a `model` instance on PUT requests
2011-05-10 13:49:28 +04:00
"""
2011-05-02 22:49:12 +04:00
def put(self, request, *args, **kwargs):
2011-05-04 12:21:17 +04:00
model = self.resource.model
2011-05-02 22:49:12 +04:00
# TODO: update on the url of a non-existing resource url doesn't work correctly at the moment - will end up with a new url
try:
if args:
# If we have any none kwargs then assume the last represents the primrary key
self.model_instance = model.objects.get(pk=args[-1], **kwargs)
2011-05-02 22:49:12 +04:00
else:
# Otherwise assume the kwargs uniquely identify the model
self.model_instance = model.objects.get(**kwargs)
2011-05-02 22:49:12 +04:00
for (key, val) in self.CONTENT.items():
setattr(self.model_instance, key, val)
2011-05-04 12:21:17 +04:00
except model.DoesNotExist:
self.model_instance = model(**self.CONTENT)
self.model_instance.save()
2011-05-02 22:49:12 +04:00
self.model_instance.save()
return self.model_instance
2011-05-02 22:49:12 +04:00
class DeleteModelMixin(object):
2011-05-10 13:49:28 +04:00
"""
Behavior to delete a `model` instance on DELETE requests
2011-05-10 13:49:28 +04:00
"""
2011-05-02 22:49:12 +04:00
def delete(self, request, *args, **kwargs):
2011-05-04 12:21:17 +04:00
model = self.resource.model
2011-05-02 22:49:12 +04:00
try:
if args:
# If we have any none kwargs then assume the last represents the primrary key
2011-05-04 12:21:17 +04:00
instance = model.objects.get(pk=args[-1], **kwargs)
2011-05-02 22:49:12 +04:00
else:
# Otherwise assume the kwargs uniquely identify the model
2011-05-04 12:21:17 +04:00
instance = model.objects.get(**kwargs)
except model.DoesNotExist:
2011-05-02 22:49:12 +04:00
raise ErrorResponse(status.HTTP_404_NOT_FOUND, None, {})
instance.delete()
return
class ListModelMixin(object):
2011-05-10 13:49:28 +04:00
"""
Behavior to list a set of `model` instances on GET requests
2011-05-10 13:49:28 +04:00
"""
# NB. Not obvious to me if it would be better to set this on the resource?
#
# Presumably it's more useful to have on the view, because that way you can
# have multiple views across different querysets mapping to the same resource.
#
# Perhaps it ought to be:
#
# 1) View.queryset
# 2) if None fall back to Resource.queryset
# 3) if None fall back to Resource.model.objects.all()
#
# Any feedback welcomed.
2011-05-02 22:49:12 +04:00
queryset = None
def get(self, request, *args, **kwargs):
model = self.resource.model
2011-07-01 14:30:28 +04:00
queryset = self.queryset if self.queryset is not None else model.objects.all()
if hasattr(self, 'resource'):
ordering = getattr(self.resource, 'ordering', None)
else:
ordering = None
if ordering:
args = as_tuple(ordering)
queryset = queryset.order_by(*args)
2011-05-02 22:49:12 +04:00
return queryset.filter(**kwargs)