django-rest-framework/djangorestframework/views.py

"""
The :mod:`views` module provides the Views you will most probably
be subclassing in your implementation.

By setting or modifying class attributes on your view, you change it's predefined behaviour.
"""

import re
from django.utils.html import escape
from django.utils.safestring import mark_safe
from django.views.decorators.csrf import csrf_exempt

from djangorestframework.compat import View as DjangoView, apply_markdown
from djangorestframework.response import Response, ImmediateResponse
from djangorestframework.request import Request
from djangorestframework import renderers, parsers, authentication, permissions, status, exceptions


__all__ = (
    'View',
    'ModelView',
    'InstanceModelView',
    'ListModelView',
    'ListOrCreateModelView'
)


def _remove_trailing_string(content, trailing):
    """
    Strip trailing component `trailing` from `content` if it exists.
    Used when generating names from view classes.
    """
    if content.endswith(trailing) and content != trailing:
        return content[:-len(trailing)]
    return content


def _remove_leading_indent(content):
    """
    Remove leading indent from a block of text.
    Used when generating descriptions from docstrings.
    """
    whitespace_counts = [len(line) - len(line.lstrip(' '))
                         for line in content.splitlines()[1:] if line.lstrip()]

    # unindent the content if needed
    if whitespace_counts:
        whitespace_pattern = '^' + (' ' * min(whitespace_counts))
        return re.sub(re.compile(whitespace_pattern, re.MULTILINE), '', content)
    return content


def _camelcase_to_spaces(content):
    """
    Translate 'CamelCaseNames' to 'Camel Case Names'.
    Used when generating names from view classes.
    """
    camelcase_boundry = '(((?<=[a-z])[A-Z])|([A-Z](?![A-Z]|$)))'
    return re.sub(camelcase_boundry, ' \\1', content).strip()


class View(DjangoView):
    """
    Handles incoming requests and maps them to REST operations.
    Performs request deserialization, response serialization, authentication and input validation.
    """

    renderers = renderers.DEFAULT_RENDERERS
    """
    List of renderer classes the view can serialize the response with, ordered by preference.
    """

    parsers = parsers.DEFAULT_PARSERS
    """
    List of parser classes the view can parse the request with.
    """

    authentication = (authentication.UserLoggedInAuthentication,
                      authentication.BasicAuthentication)
    """
    List of all authenticating methods to attempt.
    """

    permission_classes = (permissions.FullAnonAccess,)
    """
    List of all permissions that must be checked.
    """

    @classmethod
    def as_view(cls, **initkwargs):
        """
        Override the default :meth:`as_view` to store an instance of the view
        as an attribute on the callable function.  This allows us to discover
        information about the view when we do URL reverse lookups.
        """
        view = super(View, cls).as_view(**initkwargs)
        view.cls_instance = cls(**initkwargs)
        return view

    @property
    def allowed_methods(self):
        """
        Return the list of allowed HTTP methods, uppercased.
        """
        return [method.upper() for method in self.http_method_names
                if hasattr(self, method)]

    @property
    def default_response_headers(self):
        return {
            'Allow': ', '.join(self.allowed_methods),
            'Vary': 'Authenticate, Accept'
        }

    def get_name(self):
        """
        Return the resource or view class name for use as this view's name.
        Override to customize.
        """
        name = self.__class__.__name__
        name = _remove_trailing_string(name, 'View')
        return _camelcase_to_spaces(name)

    def get_description(self, html=False):
        """
        Return the resource or view docstring for use as this view's description.
        Override to customize.
        """
        description = self.__doc__ or ''
        description = _remove_leading_indent(description)
        if html:
            return self.markup_description(description)
        return description

    def markup_description(self, description):
        """
        Apply HTML markup to the description of this view.
        """
        if apply_markdown:
            description = apply_markdown(description)
        else:
            description = escape(description).replace('\n', '<br />')
        return mark_safe(description)

    def http_method_not_allowed(self, request, *args, **kwargs):
        """
        Return an HTTP 405 error if an operation is called which does not have
        a handler method.
        """
        raise exceptions.MethodNotAllowed(request.method)

    @property
    def _parsed_media_types(self):
        """
        Return a list of all the media types that this view can parse.
        """
        return [parser.media_type for parser in self.parsers]

    @property
    def _default_parser(self):
        """
        Return the view's default parser class.
        """
        return self.parsers[0]

    @property
    def _rendered_media_types(self):
        """
        Return an list of all the media types that this response can render.
        """
        return [renderer.media_type for renderer in self.renderers]

    @property
    def _rendered_formats(self):
        """
        Return a list of all the formats that this response can render.
        """
        return [renderer.format for renderer in self.renderers]

    @property
    def _default_renderer(self):
        """
        Return the response's default renderer class.
        """
        return self.renderers[0]

    def get_permissions(self):
        """
        Instantiates and returns the list of permissions that this view requires.
        """
        return [permission(self) for permission in self.permission_classes]

    def check_permissions(self, user):
        """
        Check user permissions and either raise an ``ImmediateResponse`` or return.
        """
        for permission in self.get_permissions():
            permission.check_permission(user)

    def initial(self, request, *args, **kargs):
        """
        This method is a hook for any code that needs to run prior to
        anything else.
        Required if you want to do things like set `request.upload_handlers`
        before the authentication and dispatch handling is run.
        """
        pass

    def final(self, request, response, *args, **kargs):
        """
        This method is a hook for any code that needs to run after everything
        else in the view.
        Returns the final response object.
        """
        response.view = self
        response.request = request
        response.renderers = self.renderers
        for key, value in self.headers.items():
            response[key] = value
        return response

    # Note: session based authentication is explicitly CSRF validated,
    # all other authentication is CSRF exempt.
    @csrf_exempt
    def dispatch(self, request, *args, **kwargs):
        request = Request(request, parsers=self.parsers, authentication=self.authentication)
        self.request = request

        self.args = args
        self.kwargs = kwargs
        self.headers = self.default_response_headers

        try:
            self.initial(request, *args, **kwargs)

            # check that user has the relevant permissions
            self.check_permissions(request.user)

            # Get the appropriate handler method
            if request.method.lower() in self.http_method_names:
                handler = getattr(self, request.method.lower(), self.http_method_not_allowed)
            else:
                handler = self.http_method_not_allowed

            response = handler(request, *args, **kwargs)

        except ImmediateResponse, exc:
            response = exc.response
        except (exceptions.ParseError, exceptions.PermissionDenied) as exc:
            response = Response({'detail': exc.detail}, status=exc.status_code)

        self.response = self.final(request, response, *args, **kwargs)
        return self.response

    def options(self, request, *args, **kwargs):
        content = {
            'name': self.get_name(),
            'description': self.get_description(),
            'renders': self._rendered_media_types,
            'parses': self._parsed_media_types,
        }
        form = self.get_bound_form()
        if form is not None:
            field_name_types = {}
            for name, field in form.fields.iteritems():
                field_name_types[name] = field.__class__.__name__
            content['fields'] = field_name_types
        raise ImmediateResponse(content, status=status.HTTP_200_OK)
The core is now documented from the docstrings in the source. 2011-05-19 21:36:30 +04:00			`"""`
			The :mod:`views` module provides the Views you will most probably
			`be subclassing in your implementation.`

			`By setting or modifying class attributes on your view, you change it's predefined behaviour.`
			`"""`

Refactored get_name()/get_description() 2012-01-23 22:32:37 +04:00			`import re`
			`from django.utils.html import escape`
			`from django.utils.safestring import mark_safe`
Decouple views and resources 2011-05-04 12:21:17 +04:00			`from django.views.decorators.csrf import csrf_exempt`

Refactored get_name()/get_description() 2012-01-23 22:32:37 +04:00			`from djangorestframework.compat import View as DjangoView, apply_markdown`
Massive merge 2012-02-25 22:45:17 +04:00			`from djangorestframework.response import Response, ImmediateResponse`
Remove RequestMixinx / ReponseMixin 2012-08-24 23:50:24 +04:00			`from djangorestframework.request import Request`
Add ParseError (Removing ImmediateResponse) 2012-08-25 16:27:55 +04:00			`from djangorestframework import renderers, parsers, authentication, permissions, status, exceptions`
Decouple views and resources 2011-05-04 12:21:17 +04:00

renderer API work 2011-05-10 15:21:48 +04:00			`__all__ = (`
Allow views to return HttpResponses. Add initial() hook method 2011-05-24 13:27:24 +04:00			`'View',`
renderer API work 2011-05-10 15:21:48 +04:00			`'ModelView',`
			`'InstanceModelView',`
All top level modules are included. Ready for diving into the modules and documenting/ enhancing already existing docs. 2011-05-17 02:18:45 +04:00			`'ListModelView',`
renderer API work 2011-05-10 15:21:48 +04:00			`'ListOrCreateModelView'`
			`)`
Decouple views and resources 2011-05-04 12:21:17 +04:00

Refactoring get_name/get_description 2012-01-26 00:39:01 +04:00			`def _remove_trailing_string(content, trailing):`
			`"""`
			Strip trailing component `trailing` from `content` if it exists.
Drop out resources & mixins 2012-08-25 01:11:00 +04:00			`Used when generating names from view classes.`
Refactoring get_name/get_description 2012-01-26 00:39:01 +04:00			`"""`
			`if content.endswith(trailing) and content != trailing:`
			`return content[:-len(trailing)]`
			`return content`

Tidy up auto-escaping. 2012-01-28 18:38:06 +04:00
Refactoring get_name/get_description 2012-01-26 00:39:01 +04:00			`def _remove_leading_indent(content):`
			`"""`
			`Remove leading indent from a block of text.`
			`Used when generating descriptions from docstrings.`
			`"""`
			`whitespace_counts = [len(line) - len(line.lstrip(' '))`
			`for line in content.splitlines()[1:] if line.lstrip()]`

			`# unindent the content if needed`
			`if whitespace_counts:`
			`whitespace_pattern = '^' + (' ' * min(whitespace_counts))`
			`return re.sub(re.compile(whitespace_pattern, re.MULTILINE), '', content)`
			`return content`

Tidy up auto-escaping. 2012-01-28 18:38:06 +04:00
Refactoring get_name/get_description 2012-01-26 00:39:01 +04:00			`def _camelcase_to_spaces(content):`
			`"""`
			`Translate 'CamelCaseNames' to 'Camel Case Names'.`
Drop out resources & mixins 2012-08-25 01:11:00 +04:00			`Used when generating names from view classes.`
Refactoring get_name/get_description 2012-01-26 00:39:01 +04:00			`"""`
			`camelcase_boundry = '(((?<=[a-z])[A-Z])\|([A-Z](?![A-Z]\|$)))'`
			`return re.sub(camelcase_boundry, ' \\1', content).strip()`


Drop out resources & mixins 2012-08-25 01:11:00 +04:00			`class View(DjangoView):`
Sorting out resources. Doing some crazy magic automatic url resolving stuff. Yum. 2011-05-13 20:19:12 +04:00			`"""`
			`Handles incoming requests and maps them to REST operations.`
			`Performs request deserialization, response serialization, authentication and input validation.`
			`"""`
Decouple views and resources 2011-05-04 12:21:17 +04:00
Massive merge 2012-02-25 22:45:17 +04:00			`renderers = renderers.DEFAULT_RENDERERS`
forms/models can be set on the view as well as the resource 2011-05-27 12:58:21 +04:00			`"""`
Drop out resources & mixins 2012-08-25 01:11:00 +04:00			`List of renderer classes the view can serialize the response with, ordered by preference.`
forms/models can be set on the view as well as the resource 2011-05-27 12:58:21 +04:00			`"""`
Merge meurig's absolute_url fix. 2011-12-09 16:54:11 +04:00
Massive merge 2012-02-25 22:45:17 +04:00			`parsers = parsers.DEFAULT_PARSERS`
forms/models can be set on the view as well as the resource 2011-05-27 12:58:21 +04:00			`"""`
Drop out resources & mixins 2012-08-25 01:11:00 +04:00			`List of parser classes the view can parse the request with.`
forms/models can be set on the view as well as the resource 2011-05-27 12:58:21 +04:00			`"""`
Decouple views and resources 2011-05-04 12:21:17 +04:00
pep8/pyflakes cleanup 2012-01-21 22:33:34 +04:00			`authentication = (authentication.UserLoggedInAuthentication,`
Merge work from sebpiq 2012-04-11 20:38:47 +04:00			`authentication.BasicAuthentication)`
forms/models can be set on the view as well as the resource 2011-05-27 12:58:21 +04:00			`"""`
			`List of all authenticating methods to attempt.`
			`"""`
Merge meurig's absolute_url fix. 2011-12-09 16:54:11 +04:00
Remove PermissionsMixin 2012-08-24 23:57:10 +04:00			`permission_classes = (permissions.FullAnonAccess,)`
forms/models can be set on the view as well as the resource 2011-05-27 12:58:21 +04:00			`"""`
			`List of all permissions that must be checked.`
			`"""`
Merge meurig's absolute_url fix. 2011-12-09 16:54:11 +04:00
name and description 2011-05-23 20:07:31 +04:00			`@classmethod`
			`def as_view(cls, **initkwargs):`
			`"""`
			Override the default :meth:`as_view` to store an instance of the view
			`as an attribute on the callable function. This allows us to discover`
Merge meurig's absolute_url fix. 2011-12-09 16:54:11 +04:00			`information about the view when we do URL reverse lookups.`
name and description 2011-05-23 20:07:31 +04:00			`"""`
Allow views to return HttpResponses. Add initial() hook method 2011-05-24 13:27:24 +04:00			`view = super(View, cls).as_view(**initkwargs)`
name and description 2011-05-23 20:07:31 +04:00			`view.cls_instance = cls(**initkwargs)`
			`return view`

Decouple views and resources 2011-05-04 12:21:17 +04:00			`@property`
			`def allowed_methods(self):`
yet more API cleanup 2011-05-12 18:11:14 +04:00			`"""`
			`Return the list of allowed HTTP methods, uppercased.`
			`"""`
Massive merge 2012-02-25 22:45:17 +04:00			`return [method.upper() for method in self.http_method_names`
			`if hasattr(self, method)]`

			`@property`
			`def default_response_headers(self):`
			`return {`
			`'Allow': ', '.join(self.allowed_methods),`
			`'Vary': 'Authenticate, Accept'`
			`}`
Decouple views and resources 2011-05-04 12:21:17 +04:00
Refactored get_name()/get_description() 2012-01-23 22:32:37 +04:00			`def get_name(self):`
			`"""`
			`Return the resource or view class name for use as this view's name.`
			`Override to customize.`
			`"""`
Drop out resources & mixins 2012-08-25 01:11:00 +04:00			`name = self.__class__.__name__`
			`name = _remove_trailing_string(name, 'View')`
Refactoring get_name/get_description 2012-01-26 00:39:01 +04:00			`return _camelcase_to_spaces(name)`
Refactored get_name()/get_description() 2012-01-23 22:32:37 +04:00
			`def get_description(self, html=False):`
			`"""`
			`Return the resource or view docstring for use as this view's description.`
			`Override to customize.`
			`"""`
Drop out resources & mixins 2012-08-25 01:11:00 +04:00			`description = self.__doc__ or ''`
Refactoring get_name/get_description 2012-01-26 00:39:01 +04:00			`description = _remove_leading_indent(description)`
			`if html:`
			`return self.markup_description(description)`
			`return description`

			`def markup_description(self, description):`
Some cleanup 2012-02-20 13:36:03 +04:00			`"""`
			`Apply HTML markup to the description of this view.`
			`"""`
Refactoring get_name/get_description 2012-01-26 00:39:01 +04:00			`if apply_markdown:`
Tidy up auto-escaping. 2012-01-28 18:38:06 +04:00			`description = apply_markdown(description)`
Refactored get_name()/get_description() 2012-01-23 22:32:37 +04:00			`else:`
Tidy up auto-escaping. 2012-01-28 18:38:06 +04:00			`description = escape(description).replace('\n', '<br />')`
			`return mark_safe(description)`
Refactored get_name()/get_description() 2012-01-23 22:32:37 +04:00
Decouple views and resources 2011-05-04 12:21:17 +04:00			`def http_method_not_allowed(self, request, args, *kwargs):`
refactoring resource specfic stuff into ResourceMixin - validators now defunct 2011-05-12 15:55:13 +04:00			`"""`
Some cleanup 2012-02-20 13:36:03 +04:00			`Return an HTTP 405 error if an operation is called which does not have`
			`a handler method.`
refactoring resource specfic stuff into ResourceMixin - validators now defunct 2011-05-12 15:55:13 +04:00			`"""`
Remove 405 method not allowed ImmediateResponse 2012-08-27 01:13:26 +04:00			`raise exceptions.MethodNotAllowed(request.method)`
Decouple views and resources 2011-05-04 12:21:17 +04:00
Remove RequestMixinx / ReponseMixin 2012-08-24 23:50:24 +04:00			`@property`
			`def _parsed_media_types(self):`
			`"""`
			`Return a list of all the media types that this view can parse.`
			`"""`
			`return [parser.media_type for parser in self.parsers]`

			`@property`
			`def _default_parser(self):`
			`"""`
			`Return the view's default parser class.`
			`"""`
			`return self.parsers[0]`

			`@property`
			`def _rendered_media_types(self):`
			`"""`
			`Return an list of all the media types that this response can render.`
			`"""`
			`return [renderer.media_type for renderer in self.renderers]`

			`@property`
			`def _rendered_formats(self):`
			`"""`
			`Return a list of all the formats that this response can render.`
			`"""`
			`return [renderer.format for renderer in self.renderers]`

			`@property`
			`def _default_renderer(self):`
			`"""`
			`Return the response's default renderer class.`
			`"""`
			`return self.renderers[0]`

Remove PermissionsMixin 2012-08-24 23:57:10 +04:00			`def get_permissions(self):`
			`"""`
			`Instantiates and returns the list of permissions that this view requires.`
			`"""`
			`return [permission(self) for permission in self.permission_classes]`

			`def check_permissions(self, user):`
			`"""`
			Check user permissions and either raise an ``ImmediateResponse`` or return.
			`"""`
			`for permission in self.get_permissions():`
			`permission.check_permission(user)`

Allow views to return HttpResponses. Add initial() hook method 2011-05-24 13:27:24 +04:00			`def initial(self, request, args, *kargs):`
			`"""`
Massive merge 2012-02-25 22:45:17 +04:00			`This method is a hook for any code that needs to run prior to`
			`anything else.`
			Required if you want to do things like set `request.upload_handlers`
			`before the authentication and dispatch handling is run.`
Allow views to return HttpResponses. Add initial() hook method 2011-05-24 13:27:24 +04:00			`"""`
Merging master into develop 2012-02-22 00:12:14 +04:00			`pass`
Allow views to return HttpResponses. Add initial() hook method 2011-05-24 13:27:24 +04:00
Some minor tidy up 2012-01-11 18:42:16 +04:00			`def final(self, request, response, args, *kargs):`
			`"""`
Massive merge 2012-02-25 22:45:17 +04:00			`This method is a hook for any code that needs to run after everything`
			`else in the view.`
			`Returns the final response object.`
Some minor tidy up 2012-01-11 18:42:16 +04:00			`"""`
Massive merge 2012-02-25 22:45:17 +04:00			`response.view = self`
			`response.request = request`
			`response.renderers = self.renderers`
			`for key, value in self.headers.items():`
			`response[key] = value`
Response as a subclass of HttpResponse - first draft, not quite there yet. 2012-02-02 20:19:44 +04:00			`return response`
Merge throttling and fix up a coupla things 2011-06-15 17:41:09 +04:00
Decouple views and resources 2011-05-04 12:21:17 +04:00			`# Note: session based authentication is explicitly CSRF validated,`
			`# all other authentication is CSRF exempt.`
			`@csrf_exempt`
			`def dispatch(self, request, args, *kwargs):`
Remove RequestMixinx / ReponseMixin 2012-08-24 23:50:24 +04:00			`request = Request(request, parsers=self.parsers, authentication=self.authentication)`
Massive merge 2012-02-25 22:45:17 +04:00			`self.request = request`
Merge work from sebpiq 2012-04-11 20:38:47 +04:00
tidy up last bits of renderer media type handling 2011-05-24 19:31:17 +04:00			`self.args = args`
			`self.kwargs = kwargs`
Massive merge 2012-02-25 22:45:17 +04:00			`self.headers = self.default_response_headers`
tidy up last bits of renderer media type handling 2011-05-24 19:31:17 +04:00
Sorting out resources. Doing some crazy magic automatic url resolving stuff. Yum. 2011-05-13 20:19:12 +04:00			`try:`
Some cleanup 2012-02-20 13:36:03 +04:00			`self.initial(request, args, *kwargs)`
Merge meurig's absolute_url fix. 2011-12-09 16:54:11 +04:00
authentication refactor : request.user + tests pass 2012-02-24 00:47:45 +04:00			`# check that user has the relevant permissions`
			`self.check_permissions(request.user)`
tidy up last bits of renderer media type handling 2011-05-24 19:31:17 +04:00
			`# Get the appropriate handler method`
.DATA, .FILES, overloaded HTTP method, content type and content available directly on the request - see #128 2012-01-22 23:28:34 +04:00			`if request.method.lower() in self.http_method_names:`
			`handler = getattr(self, request.method.lower(), self.http_method_not_allowed)`
tidy up last bits of renderer media type handling 2011-05-24 19:31:17 +04:00			`else:`
			`handler = self.http_method_not_allowed`
Some cleanup 2012-02-20 13:36:03 +04:00
Response as a subclass of HttpResponse - first draft, not quite there yet. 2012-02-02 20:19:44 +04:00			`response = handler(request, args, *kwargs)`

Massive merge 2012-02-25 22:45:17 +04:00			`except ImmediateResponse, exc:`
			`response = exc.response`
Removing 403 immediate response 2012-08-25 16:43:28 +04:00			`except (exceptions.ParseError, exceptions.PermissionDenied) as exc:`
			`response = Response({'detail': exc.detail}, status=exc.status_code)`
Merge meurig's absolute_url fix. 2011-12-09 16:54:11 +04:00
Massive merge 2012-02-25 22:45:17 +04:00			`self.response = self.final(request, response, args, *kwargs)`
			`return self.response`
Added support for OPTIONS method, including a few unit tests 2011-07-31 00:23:53 +04:00
Merge meurig's absolute_url fix. 2011-12-09 16:54:11 +04:00			`def options(self, request, args, *kwargs):`
Response as a subclass of HttpResponse - first draft, not quite there yet. 2012-02-02 20:19:44 +04:00			`content = {`
Refactored get_name()/get_description() 2012-01-23 22:32:37 +04:00			`'name': self.get_name(),`
			`'description': self.get_description(),`
Added support for OPTIONS method, including a few unit tests 2011-07-31 00:23:53 +04:00			`'renders': self._rendered_media_types,`
cleaned Request/Response/mixins to have similar interface 2012-02-07 17:38:54 +04:00			`'parses': self._parsed_media_types,`
Added support for OPTIONS method, including a few unit tests 2011-07-31 00:23:53 +04:00			`}`
			`form = self.get_bound_form()`
			`if form is not None:`
			`field_name_types = {}`
			`for name, field in form.fields.iteritems():`
			`field_name_types[name] = field.__class__.__name__`
Response as a subclass of HttpResponse - first draft, not quite there yet. 2012-02-02 20:19:44 +04:00			`content['fields'] = field_name_types`
made suggested fixes 2012-02-10 12:18:39 +04:00			`raise ImmediateResponse(content, status=status.HTTP_200_OK)`