diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..0ba2c5d9d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,7 @@ +blank_issues_enabled: false +contact_links: +- name: Discussions + url: https://github.com/encode/django-rest-framework/discussions + about: > + The "Discussions" forum is where you want to start. 💖 + Please note that at this point in its lifespan, we consider Django REST framework to be feature-complete. diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index bf158311a..8ae01735c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -3,7 +3,7 @@ name: CI on: push: branches: - - master + - main pull_request: jobs: @@ -14,18 +14,19 @@ jobs: strategy: matrix: python-version: - - '3.9' - '3.10' - '3.11' - '3.12' - '3.13' + - '3.14' steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} + allow-prereleases: true cache: 'pip' cache-dependency-path: 'requirements/*.txt' @@ -39,7 +40,7 @@ jobs: run: tox run -f py$(echo ${{ matrix.python-version }} | tr -d . | cut -f 1 -d '-') - name: Run extra tox targets - if: ${{ matrix.python-version == '3.9' }} + if: ${{ matrix.python-version == '3.13' }} run: | tox -e base,dist,docs @@ -52,11 +53,11 @@ jobs: name: Test documentation links runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: - python-version: '3.9' + python-version: '3.13' - name: Install dependencies run: pip install -r requirements/requirements-documentation.txt diff --git a/.github/workflows/mkdocs-deploy.yml b/.github/workflows/mkdocs-deploy.yml new file mode 100644 index 000000000..ef58e9b77 --- /dev/null +++ b/.github/workflows/mkdocs-deploy.yml @@ -0,0 +1,29 @@ +name: mkdocs + +on: + push: + branches: + - main + paths: + - docs/** + - docs_theme/** + - requirements/requirements-documentation.txt + - mkdocs.yml + - .github/workflows/mkdocs-deploy.yml + +jobs: + deploy: + runs-on: ubuntu-latest + environment: github-pages + permissions: + contents: write + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + steps: + - uses: actions/checkout@v6 + - run: git fetch --no-tags --prune --depth=1 origin gh-pages + - uses: actions/setup-python@v6 + with: + python-version: 3.x + - run: pip install -r requirements/requirements-documentation.txt + - run: mkdocs gh-deploy diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 892235175..a1b678919 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -3,7 +3,7 @@ name: pre-commit on: push: branches: - - master + - main pull_request: jobs: @@ -11,11 +11,11 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.10" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 27bbcb763..5780c8e31 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v6.0.0 hooks: - id: check-added-large-files - id: check-case-conflict @@ -8,32 +8,43 @@ repos: - id: check-merge-conflict - id: check-symlinks - id: check-toml -- repo: https://github.com/pycqa/isort - rev: 5.13.2 +- repo: https://github.com/PyCQA/isort + rev: 7.0.0 hooks: - id: isort - repo: https://github.com/PyCQA/flake8 - rev: 7.0.0 + rev: 7.3.0 hooks: - id: flake8 additional_dependencies: - flake8-tidy-imports + - flake8-bugbear - repo: https://github.com/adamchainz/blacken-docs - rev: 1.16.0 + rev: 1.20.0 hooks: - id: blacken-docs - exclude: ^(?!docs).*$ additional_dependencies: - - black==23.1.0 + - black==25.9.0 - repo: https://github.com/codespell-project/codespell # Configuration for codespell is in .codespellrc - rev: v2.2.6 + rev: v2.4.1 hooks: - id: codespell + args: [ + "--builtin", "clear,rare,code,names,en-GB_to_en-US", + "--ignore-words", "codespell-ignore-words.txt", + "--skip", "*.css", + ] exclude: locale|kickstarter-announcement.md|coreapi-0.1.1.js - + additional_dependencies: + # python doesn't come with a toml parser prior to 3.11 + - "tomli; python_version < '3.11'" - repo: https://github.com/asottile/pyupgrade - rev: v3.19.1 + rev: v3.21.0 hooks: - id: pyupgrade - args: ["--py39-plus", "--keep-percent-format"] + args: ["--py310-plus", "--keep-percent-format"] +- repo: https://github.com/tox-dev/pyproject-fmt + rev: v2.11.0 + hooks: + - id: pyproject-fmt diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 644a719c8..af7d55f13 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,4 +2,6 @@ At this point in its lifespan we consider Django REST framework to be essentially feature-complete. We may accept pull requests that track the continued development of Django versions, but would prefer not to accept new features or code formatting changes. +Apart from minor documentation changes, the [GitHub discussions page](https://github.com/encode/django-rest-framework/discussions) should generally be your starting point. Please only open a pull request if you've been recommended to do so **after discussion**. + The [Contributing guide in the documentation](https://www.django-rest-framework.org/community/contributing/) gives some more information on our process and code of conduct. diff --git a/MANIFEST.in b/MANIFEST.in index f7b975e6f..3d0ca3745 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,8 +1,3 @@ -include README.md -include LICENSE.md recursive-include tests/ * -recursive-include rest_framework/static *.js *.css *.map *.png *.ico *.eot *.svg *.ttf *.woff *.woff2 -recursive-include rest_framework/templates *.html schema.js -recursive-include rest_framework/locale *.mo global-exclude __pycache__ global-exclude *.py[co] diff --git a/README.md b/README.md index be6619b4e..2e843074a 100644 --- a/README.md +++ b/README.md @@ -10,30 +10,6 @@ Full documentation for the project is available at [https://www.django-rest-fram --- -# Funding - -REST framework is a *collaboratively funded project*. If you use -REST framework commercially we strongly encourage you to invest in its -continued development by [signing up for a paid plan][funding]. - -The initial aim is to provide a single full-time position on REST framework. -*Every single sign-up makes a significant impact towards making that possible.* - -[![][sentry-img]][sentry-url] -[![][stream-img]][stream-url] -[![][spacinov-img]][spacinov-url] -[![][retool-img]][retool-url] -[![][bitio-img]][bitio-url] -[![][posthog-img]][posthog-url] -[![][cryptapi-img]][cryptapi-url] -[![][fezto-img]][fezto-url] -[![][svix-img]][svix-url] -[![][zuplo-img]][zuplo-url] - -Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry][sentry-url], [Stream][stream-url], [Spacinov][spacinov-url], [Retool][retool-url], [bit.io][bitio-url], [PostHog][posthog-url], [CryptAPI][cryptapi-url], [FEZTO][fezto-url], [Svix][svix-url], and [Zuplo][zuplo-url]. - ---- - # Overview Django REST framework is a powerful and flexible toolkit for building Web APIs. @@ -54,7 +30,7 @@ Some reasons you might want to use REST framework: # Requirements -* Python 3.9+ +* Python 3.10+ * Django 4.2, 5.0, 5.1, 5.2 We **highly recommend** and only officially support the latest patch release of @@ -67,10 +43,11 @@ Install using `pip`... pip install djangorestframework Add `'rest_framework'` to your `INSTALLED_APPS` setting. + ```python INSTALLED_APPS = [ - ... - 'rest_framework', + # ... + "rest_framework", ] ``` @@ -99,7 +76,7 @@ from rest_framework import routers, serializers, viewsets class UserSerializer(serializers.HyperlinkedModelSerializer): class Meta: model = User - fields = ['url', 'username', 'email', 'is_staff'] + fields = ["url", "username", "email", "is_staff"] # ViewSets define the view behavior. @@ -110,13 +87,13 @@ class UserViewSet(viewsets.ModelViewSet): # Routers provide a way of automatically determining the URL conf. router = routers.DefaultRouter() -router.register(r'users', UserViewSet) +router.register(r"users", UserViewSet) # Wire up our API using automatic URL routing. # Additionally, we include login URLs for the browsable API. urlpatterns = [ - path('', include(router.urls)), - path('api-auth/', include('rest_framework.urls', namespace='rest_framework')), + path("", include(router.urls)), + path("api-auth/", include("rest_framework.urls", namespace="rest_framework")), ] ``` @@ -126,15 +103,15 @@ Add the following to your `settings.py` module: ```python INSTALLED_APPS = [ - ... # Make sure to include the default installed apps here. - 'rest_framework', + # ... make sure to include the default installed apps here. + "rest_framework", ] REST_FRAMEWORK = { # Use Django's standard `django.contrib.auth` permissions, # or allow read-only access for unauthenticated users. - 'DEFAULT_PERMISSION_CLASSES': [ - 'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly', + "DEFAULT_PERMISSION_CLASSES": [ + "rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly", ] } ``` @@ -179,8 +156,8 @@ Please see the [security policy][security-policy]. [build-status-image]: https://github.com/encode/django-rest-framework/actions/workflows/main.yml/badge.svg [build-status]: https://github.com/encode/django-rest-framework/actions/workflows/main.yml -[coverage-status-image]: https://img.shields.io/codecov/c/github/encode/django-rest-framework/master.svg -[codecov]: https://codecov.io/github/encode/django-rest-framework?branch=master +[coverage-status-image]: https://img.shields.io/codecov/c/github/encode/django-rest-framework/main.svg +[codecov]: https://codecov.io/github/encode/django-rest-framework?branch=main [pypi-version]: https://img.shields.io/pypi/v/djangorestframework.svg [pypi]: https://pypi.org/project/djangorestframework/ [group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework @@ -188,28 +165,6 @@ Please see the [security policy][security-policy]. [funding]: https://fund.django-rest-framework.org/topics/funding/ [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors -[sentry-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/sentry-readme.png -[stream-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/stream-readme.png -[spacinov-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/spacinov-readme.png -[retool-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/retool-readme.png -[bitio-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/bitio-readme.png -[posthog-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/posthog-readme.png -[cryptapi-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/cryptapi-readme.png -[fezto-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/fezto-readme.png -[svix-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/svix-premium.png -[zuplo-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/zuplo-readme.png - -[sentry-url]: https://getsentry.com/welcome/ -[stream-url]: https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage -[spacinov-url]: https://www.spacinov.com/ -[retool-url]: https://retool.com/?utm_source=djangorest&utm_medium=sponsorship -[bitio-url]: https://bit.io/jobs?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship -[posthog-url]: https://posthog.com?utm_source=drf&utm_medium=sponsorship&utm_campaign=open-source-sponsorship -[cryptapi-url]: https://cryptapi.io -[fezto-url]: https://www.fezto.xyz/?utm_source=DjangoRESTFramework -[svix-url]: https://www.svix.com/?utm_source=django-REST&utm_medium=sponsorship -[zuplo-url]: https://zuplo.link/django-gh - [oauth1-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-rest-framework-oauth [oauth2-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit [serializer-section]: https://www.django-rest-framework.org/api-guide/serializers/#serializers diff --git a/codespell-ignore-words.txt b/codespell-ignore-words.txt new file mode 100644 index 000000000..07c9fdb9b --- /dev/null +++ b/codespell-ignore-words.txt @@ -0,0 +1,7 @@ +Tim +assertIn +IAM +endcode +deque +thead +lets \ No newline at end of file diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index 84e58bf4b..2f4d42959 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -426,6 +426,11 @@ HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a [Djoser][djoser] library provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. The package works with a custom user model and uses token-based authentication. This is a ready to use REST implementation of the Django authentication system. +## DRF Auth Kit + +[DRF Auth Kit][drf-auth-kit] library provides a modern REST authentication solution with JWT cookies, social login, multi-factor authentication, and comprehensive user management. The package offers full type safety, automatic OpenAPI schema generation with DRF Spectacular. It supports multiple authentication types (JWT, DRF Token, or Custom) and includes built-in internationalization for 50+ languages. + + ## django-rest-auth / dj-rest-auth This library provides a set of REST API endpoints for registration, authentication (including social media authentication), password reset, retrieve and update user details, etc. By having these API endpoints, your client apps such as AngularJS, iOS, Android, and others can communicate to your Django backend site independently via REST APIs for user management. @@ -454,7 +459,7 @@ There are currently two forks of this project. More information can be found in the [Documentation](https://django-rest-durin.readthedocs.io/en/latest/index.html). -## django-pyoidc +## django-pyoidc [dango-pyoidc][django_pyoidc] adds support for OpenID Connect (OIDC) authentication. This allows you to delegate user management to an Identity Provider, which can be used to implement Single-Sign-On (SSO). It provides support for most uses-cases, such as customizing how token info are mapped to user models, using OIDC audiences for access control, etc. @@ -497,4 +502,5 @@ More information can be found in the [Documentation](https://django-pyoidc.readt [django-rest-authemail]: https://github.com/celiao/django-rest-authemail [django-rest-durin]: https://github.com/eshaan7/django-rest-durin [login-required-middleware]: https://docs.djangoproject.com/en/stable/ref/middleware/#django.contrib.auth.middleware.LoginRequiredMiddleware -[django-pyoidc] : https://github.com/makinacorpus/django_pyoidc +[django-pyoidc]: https://github.com/makinacorpus/django_pyoidc +[drf-auth-kit]: https://github.com/huynguyengl99/drf-auth-kit diff --git a/docs/api-guide/fields.md b/docs/api-guide/fields.md index 888996eec..eb93119d0 100644 --- a/docs/api-guide/fields.md +++ b/docs/api-guide/fields.md @@ -180,7 +180,7 @@ The `allow_null` option is also available for string fields, although its usage ## EmailField -A text representation, validates the text to be a valid e-mail address. +A text representation, validates the text to be a valid email address. Corresponds to `django.db.models.fields.EmailField` @@ -269,6 +269,18 @@ Corresponds to `django.db.models.fields.IntegerField`, `django.db.models.fields. * `max_value` Validate that the number provided is no greater than this value. * `min_value` Validate that the number provided is no less than this value. +## BigIntegerField + +A biginteger representation. + +Corresponds to `django.db.models.fields.BigIntegerField`. + +**Signature**: `BigIntegerField(max_value=None, min_value=None, coerce_to_string=None)` + +* `max_value` Validate that the number provided is no greater than this value. +* `min_value` Validate that the number provided is no less than this value. +* `coerce_to_string` Set to `True` if string values should be returned for the representation, or `False` if `BigInteger` objects should be returned. Defaults to the same value as the `COERCE_BIGINT_TO_STRING` settings key, which will be `False` unless overridden. If `BigInteger` objects are returned by the serializer, then the final output format will be determined by the renderer. + ## FloatField A floating point representation. @@ -377,13 +389,16 @@ A Duration representation. Corresponds to `django.db.models.fields.DurationField` The `validated_data` for these fields will contain a `datetime.timedelta` instance. -The representation is a string following this format `'[DD] [HH:[MM:]]ss[.uuuuuu]'`. -**Signature:** `DurationField(max_value=None, min_value=None)` +**Signature:** `DurationField(format=api_settings.DURATION_FORMAT, max_value=None, min_value=None)` +* `format` - A string representing the output format. If not specified, this defaults to the same value as the `DURATION_FORMAT` settings key, which will be `'django'` unless set. Formats are described below. Setting this value to `None` indicates that Python `timedelta` objects should be returned by `to_representation`. In this case the date encoding will be determined by the renderer. * `max_value` Validate that the duration provided is no greater than this value. * `min_value` Validate that the duration provided is no less than this value. +#### `DurationField` formats +Format may either be the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style intervals should be used (eg `'P4DT1H15M20S'`), or `'django'` which indicates that Django interval format `'[DD] [HH:[MM:]]ss[.uuuuuu]'` should be used (eg: `'4 1:15:20'`). + --- # Choice selection fields @@ -759,7 +774,7 @@ suitable for updating our target object. With `source='*'`, the return from ('y_coordinate', 4), ('x_coordinate', 3)]) -For completeness lets do the same thing again but with the nested serializer +For completeness let's do the same thing again but with the nested serializer approach suggested above: class NestedCoordinateSerializer(serializers.Serializer): diff --git a/docs/api-guide/filtering.md b/docs/api-guide/filtering.md index 6c80dc754..d36d4ce95 100644 --- a/docs/api-guide/filtering.md +++ b/docs/api-guide/filtering.md @@ -235,7 +235,7 @@ For example: search_fields = ['=username', '=email'] -By default, the search parameter is named `'search'`, but this may be overridden with the `SEARCH_PARAM` setting. +By default, the search parameter is named `'search'`, but this may be overridden with the `SEARCH_PARAM` setting in the `REST_FRAMEWORK` configuration. To dynamically change search fields based on request content, it's possible to subclass the `SearchFilter` and override the `get_search_fields()` function. For example, the following subclass will only search on `title` if the query parameter `title_only` is in the request: @@ -257,7 +257,7 @@ The `OrderingFilter` class supports simple query parameter controlled ordering o ![Ordering Filter](../img/ordering-filter.png) -By default, the query parameter is named `'ordering'`, but this may be overridden with the `ORDERING_PARAM` setting. +By default, the query parameter is named `'ordering'`, but this may be overridden with the `ORDERING_PARAM` setting in the `REST_FRAMEWORK` configuration. For example, to order users by username: diff --git a/docs/api-guide/generic-views.md b/docs/api-guide/generic-views.md index 62a27263c..4c81299c5 100644 --- a/docs/api-guide/generic-views.md +++ b/docs/api-guide/generic-views.md @@ -102,6 +102,39 @@ For example: --- +### Avoiding N+1 Queries + +When listing objects (e.g. using `ListAPIView` or `ModelViewSet`), serializers may trigger an N+1 query pattern if related objects are accessed individually for each item. + +To prevent this, optimize the queryset in `get_queryset()` or by setting the `queryset` class attribute using [`select_related()`](https://docs.djangoproject.com/en/stable/ref/models/querysets/#select-related) and [`prefetch_related()`](https://docs.djangoproject.com/en/stable/ref/models/querysets/#prefetch-related), depending on the type of relationship. + +**For ForeignKey and OneToOneField**: + +Use `select_related()` to fetch related objects in the same query: + + def get_queryset(self): + return Order.objects.select_related("customer", "billing_address") + +**For reverse and many-to-many relationships**: + +Use `prefetch_related()` to efficiently load collections of related objects: + + def get_queryset(self): + return Book.objects.prefetch_related("categories", "reviews__user") + +**Combining both**: + + def get_queryset(self): + return ( + Order.objects + .select_related("customer") + .prefetch_related("items__product") + ) + +These optimizations reduce repeated database access and improve list view performance. + +--- + #### `get_object(self)` Returns an object instance that should be used for detail views. Defaults to using the `lookup_field` parameter to filter the base queryset. @@ -374,8 +407,6 @@ Allowing `PUT` as create operations is problematic, as it necessarily exposes in Both styles "`PUT` as 404" and "`PUT` as create" can be valid in different circumstances, but from version 3.0 onwards we now use 404 behavior as the default, due to it being simpler and more obvious. -If you need to generic PUT-as-create behavior you may want to include something like [this `AllowPUTAsCreateMixin` class](https://gist.github.com/tomchristie/a2ace4577eff2c603b1b) as a mixin to your views. - --- # Third party packages diff --git a/docs/api-guide/metadata.md b/docs/api-guide/metadata.md index 20708c6e3..f4e8ed2da 100644 --- a/docs/api-guide/metadata.md +++ b/docs/api-guide/metadata.md @@ -66,7 +66,7 @@ The REST framework package only includes a single metadata class implementation, ## Creating schema endpoints -If you have specific requirements for creating schema endpoints that are accessed with regular `GET` requests, you might consider re-using the metadata API for doing so. +If you have specific requirements for creating schema endpoints that are accessed with regular `GET` requests, you might consider reusing the metadata API for doing so. For example, the following additional route could be used on a viewset to provide a linkable schema endpoint. diff --git a/docs/api-guide/pagination.md b/docs/api-guide/pagination.md index 41887ffd8..e4e5f4979 100644 --- a/docs/api-guide/pagination.md +++ b/docs/api-guide/pagination.md @@ -108,7 +108,7 @@ To set these attributes you should override the `PageNumberPagination` class, an * `page_query_param` - A string value indicating the name of the query parameter to use for the pagination control. * `page_size_query_param` - If set, this is a string value indicating the name of a query parameter that allows the client to set the page size on a per-request basis. Defaults to `None`, indicating that the client may not control the requested page size. * `max_page_size` - If set, this is a numeric value indicating the maximum allowable requested page size. This attribute is only valid if `page_size_query_param` is also set. -* `last_page_strings` - A list or tuple of string values indicating values that may be used with the `page_query_param` to request the final page in the set. Defaults to `('last',)` +* `last_page_strings` - A list or tuple of string values indicating values that may be used with the `page_query_param` to request the final page in the set. Defaults to `('last',)`. For example, use `?page=last` to go directly to the last page. * `template` - The name of a template to use when rendering pagination controls in the browsable API. May be overridden to modify the rendering style, or set to `None` to disable HTML pagination controls completely. Defaults to `"rest_framework/pagination/numbers.html"`. --- diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index 775888fb6..f96aa18dd 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -201,7 +201,7 @@ As with `DjangoModelPermissions` you can use custom model permissions by overrid --- -**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests and are using django-guardian for your object-level permissions backend, you'll want to consider using the `DjangoObjectPermissionsFilter` class provided by the [`djangorestframework-guardian2` package][django-rest-framework-guardian2]. It ensures that list endpoints only return results including objects for which the user has appropriate view permissions. +**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests and are using django-guardian for your object-level permissions backend, you'll want to consider using the `DjangoObjectPermissionsFilter` class provided by the [`djangorestframework-guardian` package][django-rest-framework-guardian]. It ensures that list endpoints only return results including objects for which the user has appropriate view permissions. --- @@ -340,6 +340,10 @@ The [Django Rest Framework Role Filters][django-rest-framework-role-filters] pac The [Django Rest Framework PSQ][drf-psq] package is an extension that gives support for having action-based **permission_classes**, **serializer_class**, and **queryset** dependent on permission-based rules. +## Axioms DRF PY + +The [Axioms DRF PY][axioms-drf-py] package is an extension that provides support for authentication and claim-based fine-grained authorization (**scopes**, **roles**, **groups**, **permissions**, etc. including object-level checks) using JWT tokens issued by an OAuth2/OIDC Authorization Server including AWS Cognito, Auth0, Okta, Microsoft Entra, etc. + [cite]: https://developer.apple.com/library/mac/#documentation/security/Conceptual/AuthenticationAndAuthorizationGuide/Authorization/Authorization.html [authentication]: authentication.md @@ -356,6 +360,7 @@ The [Django Rest Framework PSQ][drf-psq] package is an extension that gives supp [rest-framework-roles]: https://github.com/Pithikos/rest-framework-roles [djangorestframework-api-key]: https://florimondmanca.github.io/djangorestframework-api-key/ [django-rest-framework-role-filters]: https://github.com/allisson/django-rest-framework-role-filters -[django-rest-framework-guardian2]: https://github.com/johnthagen/django-rest-framework-guardian2 +[django-rest-framework-guardian]: https://github.com/rpkilby/django-rest-framework-guardian [drf-access-policy]: https://github.com/rsinger86/drf-access-policy [drf-psq]: https://github.com/drf-psq/drf-psq +[axioms-drf-py]: https://github.com/abhishektiwari/axioms-drf-py diff --git a/docs/api-guide/relations.md b/docs/api-guide/relations.md index 7c4eece4b..b6d9918b0 100644 --- a/docs/api-guide/relations.md +++ b/docs/api-guide/relations.md @@ -300,7 +300,7 @@ For example, the following serializer: Would serialize to a nested representation like this: - >>> album = Album.objects.create(album_name="The Grey Album", artist='Danger Mouse') + >>> album = Album.objects.create(album_name="The Gray Album", artist='Danger Mouse') >>> Track.objects.create(album=album, order=1, title='Public Service Announcement', duration=245) >>> Track.objects.create(album=album, order=2, title='What More Can I Say', duration=264) @@ -310,7 +310,7 @@ Would serialize to a nested representation like this: >>> serializer = AlbumSerializer(instance=album) >>> serializer.data { - 'album_name': 'The Grey Album', + 'album_name': 'The Gray Album', 'artist': 'Danger Mouse', 'tracks': [ {'order': 1, 'title': 'Public Service Announcement', 'duration': 245}, @@ -344,7 +344,7 @@ By default nested serializers are read-only. If you want to support write-operat return album >>> data = { - 'album_name': 'The Grey Album', + 'album_name': 'The Gray Album', 'artist': 'Danger Mouse', 'tracks': [ {'order': 1, 'title': 'Public Service Announcement', 'duration': 245}, diff --git a/docs/api-guide/renderers.md b/docs/api-guide/renderers.md index 7a6bd39f4..2801c53da 100644 --- a/docs/api-guide/renderers.md +++ b/docs/api-guide/renderers.md @@ -134,7 +134,7 @@ An example of a view that uses `TemplateHTMLRenderer`: You can use `TemplateHTMLRenderer` either to return regular HTML pages using REST framework, or to return both HTML and API responses from a single endpoint. -If you're building websites that use `TemplateHTMLRenderer` along with other renderer classes, you should consider listing `TemplateHTMLRenderer` as the first class in the `renderer_classes` list, so that it will be prioritised first even for browsers that send poorly formed `ACCEPT:` headers. +If you're building websites that use `TemplateHTMLRenderer` along with other renderer classes, you should consider listing `TemplateHTMLRenderer` as the first class in the `renderer_classes` list, so that it will be prioritized first even for browsers that send poorly formed `ACCEPT:` headers. See the [_HTML & Forms_ Topic Page][html-and-forms] for further examples of `TemplateHTMLRenderer` usage. diff --git a/docs/api-guide/responses.md b/docs/api-guide/responses.md index dbdc8ff2c..00fe95196 100644 --- a/docs/api-guide/responses.md +++ b/docs/api-guide/responses.md @@ -11,7 +11,7 @@ source: REST framework supports HTTP content negotiation by providing a `Response` class which allows you to return content that can be rendered into multiple content types, depending on the client request. -The `Response` class subclasses Django's `SimpleTemplateResponse`. `Response` objects are initialised with data, which should consist of native Python primitives. REST framework then uses standard HTTP content negotiation to determine how it should render the final response content. +The `Response` class subclasses Django's `SimpleTemplateResponse`. `Response` objects are initialized with data, which should consist of native Python primitives. REST framework then uses standard HTTP content negotiation to determine how it should render the final response content. There's no requirement for you to use the `Response` class, you can also return regular `HttpResponse` or `StreamingHttpResponse` objects from your views if required. Using the `Response` class simply provides a nicer interface for returning content-negotiated Web API responses, that can be rendered to multiple formats. diff --git a/docs/api-guide/schemas.md b/docs/api-guide/schemas.md index 0eee3c99f..5208929a6 100644 --- a/docs/api-guide/schemas.md +++ b/docs/api-guide/schemas.md @@ -20,7 +20,7 @@ package and then subsequently retired over the next releases. As a full-fledged replacement, we recommend the [drf-spectacular] package. It has extensive support for generating OpenAPI 3 schemas from -REST framework APIs, with both automatic and customisable options available. +REST framework APIs, with both automatic and customizable options available. For further information please refer to [Documenting your API](../topics/documenting-your-api.md#drf-spectacular). @@ -392,7 +392,7 @@ introspection. #### `get_operation_id()` -There must be a unique [operationid](openapi-operationid) for each operation. +There must be a unique [operationid][openapi-operationid] for each operation. By default the `operationId` is deduced from the model name, serializer name or view name. The operationId looks like "listItems", "retrieveItem", "updateItem", etc. The `operationId` is camelCase by convention. @@ -453,12 +453,12 @@ create a base `AutoSchema` subclass for your project that takes additional [cite]: https://www.heroku.com/blog/json_schema_for_heroku_platform_api/ [openapi]: https://github.com/OAI/OpenAPI-Specification -[openapi-specification-extensions]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#specification-extensions -[openapi-operation]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#operationObject +[openapi-specification-extensions]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#specification-extensions +[openapi-operation]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#operationObject [openapi-tags]: https://swagger.io/specification/#tagObject -[openapi-operationid]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#fixed-fields-17 -[openapi-components]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#componentsObject -[openapi-reference]: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#referenceObject +[openapi-operationid]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#fixed-fields-17 +[openapi-components]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#componentsObject +[openapi-reference]: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#referenceObject [openapi-generator]: https://github.com/OpenAPITools/openapi-generator [swagger-codegen]: https://github.com/swagger-api/swagger-codegen [info-object]: https://swagger.io/specification/#infoObject diff --git a/docs/api-guide/serializers.md b/docs/api-guide/serializers.md index 8d56d36f5..8d4da4ee4 100644 --- a/docs/api-guide/serializers.md +++ b/docs/api-guide/serializers.md @@ -48,7 +48,7 @@ We can now use `CommentSerializer` to serialize a comment, or list of comments. serializer.data # {'email': 'leila@example.com', 'content': 'foo bar', 'created': '2016-01-27T15:17:10.375877'} -At this point we've translated the model instance into Python native datatypes. To finalise the serialization process we render the data into `json`. +At this point we've translated the model instance into Python native datatypes. To finalize the serialization process we render the data into `json`. from rest_framework.renderers import JSONRenderer @@ -155,7 +155,7 @@ When deserializing data, you always need to call `is_valid()` before attempting serializer.is_valid() # False serializer.errors - # {'email': ['Enter a valid e-mail address.'], 'created': ['This field is required.']} + # {'email': ['Enter a valid email address.'], 'created': ['This field is required.']} Each key in the dictionary will be the field name, and the values will be lists of strings of any error messages corresponding to that field. The `non_field_errors` key may also be present, and will list any general validation errors. The name of the `non_field_errors` key may be customized using the `NON_FIELD_ERRORS_KEY` REST framework setting. @@ -298,7 +298,7 @@ When dealing with nested representations that support deserializing the data, an serializer.is_valid() # False serializer.errors - # {'user': {'email': ['Enter a valid e-mail address.']}, 'created': ['This field is required.']} + # {'user': {'email': ['Enter a valid email address.']}, 'created': ['This field is required.']} Similarly, the `.validated_data` property will include nested data structures. @@ -1189,6 +1189,10 @@ The [drf-writable-nested][drf-writable-nested] package provides writable nested The [drf-encrypt-content][drf-encrypt-content] package helps you encrypt your data, serialized through ModelSerializer. It also contains some helper functions. Which helps you to encrypt your data. +## Shapeless Serializers + +The [drf-shapeless-serializers][drf-shapeless-serializers] package provides dynamic serializer configuration capabilities, allowing runtime field selection, renaming, attribute modification, and nested relationship configuration without creating multiple serializer classes. It helps eliminate serializer boilerplate while providing flexible API responses. + [cite]: https://groups.google.com/d/topic/django-users/sVFaOfQi4wY/discussion [relations]: relations.md @@ -1212,3 +1216,4 @@ The [drf-encrypt-content][drf-encrypt-content] package helps you encrypt your da [djangorestframework-queryfields]: https://djangorestframework-queryfields.readthedocs.io/ [drf-writable-nested]: https://github.com/beda-software/drf-writable-nested [drf-encrypt-content]: https://github.com/oguzhancelikarslan/drf-encrypt-content +[drf-shapeless-serializers]: https://github.com/khaledsukkar2/drf-shapeless-serializers diff --git a/docs/api-guide/settings.md b/docs/api-guide/settings.md index 7bee3166d..390dbd911 100644 --- a/docs/api-guide/settings.md +++ b/docs/api-guide/settings.md @@ -314,6 +314,15 @@ May be a list including the string `'iso-8601'` or Python [strftime format][strf Default: `['iso-8601']` + +#### DURATION_FORMAT + +Indicates the default format that should be used for rendering the output of `DurationField` serializer fields. If `None`, then `DurationField` serializer fields will return Python `timedelta` objects, and the duration encoding will be determined by the renderer. + +May be any of `None`, `'iso-8601'` or `'django'` (the format accepted by `django.utils.dateparse.parse_duration`). + +Default: `'django'` + --- ## Encodings @@ -362,6 +371,14 @@ When set to `True`, the serializer `DecimalField` class will return strings inst Default: `True` +#### COERCE_BIGINT_TO_STRING + +When returning biginteger objects in API representations that do not support numbers up to 2^64, it is best to return the value as a string. This avoids the loss of precision that occurs with biginteger implementations. + +When set to `True`, the serializer `BigIntegerField` class (by default) will return strings instead of `BigInteger` objects. When set to `False`, serializers will return `BigInteger` objects, which the default JSON encoder will return as numbers. + +Default: `False` + --- ## View names and descriptions diff --git a/docs/api-guide/testing.md b/docs/api-guide/testing.md index ed585faf2..a9665873a 100644 --- a/docs/api-guide/testing.md +++ b/docs/api-guide/testing.md @@ -92,7 +92,7 @@ For example, when forcibly authenticating using a token, you might do something --- -**Note**: `force_authenticate` directly sets `request.user` to the in-memory `user` instance. If you are re-using the same `user` instance across multiple tests that update the saved `user` state, you may need to call [`refresh_from_db()`][refresh_from_db_docs] between tests. +**Note**: `force_authenticate` directly sets `request.user` to the in-memory `user` instance. If you are reusing the same `user` instance across multiple tests that update the saved `user` state, you may need to call [`refresh_from_db()`][refresh_from_db_docs] between tests. --- @@ -105,6 +105,20 @@ This means that setting attributes directly on the request object may not always request.user = user response = view(request) +If you want to test a request involving the REST framework’s 'Request' object, you’ll need to manually transform it first: + + class DummyView(APIView): + ... + + factory = APIRequestFactory() + request = factory.get('/', {'demo': 'test'}) + drf_request = DummyView().initialize_request(request) + assert drf_request.query_params == {'demo': ['test']} + + request = factory.post('/', {'example': 'test'}) + drf_request = DummyView().initialize_request(request) + assert drf_request.data.get('example') == 'test' + --- ## Forcing CSRF validation @@ -250,7 +264,7 @@ For example... csrftoken = response.cookies['csrftoken'] # Interact with the API. - response = client.post('http://testserver/organisations/', json={ + response = client.post('http://testserver/organizations/', json={ 'name': 'MegaCorp', 'status': 'active' }, headers={'X-CSRFToken': csrftoken}) @@ -278,12 +292,12 @@ The CoreAPIClient allows you to interact with your API using the Python client = CoreAPIClient() schema = client.get('http://testserver/schema/') - # Create a new organisation + # Create a new organization params = {'name': 'MegaCorp', 'status': 'active'} - client.action(schema, ['organisations', 'create'], params) + client.action(schema, ['organizations', 'create'], params) - # Ensure that the organisation exists in the listing - data = client.action(schema, ['organisations', 'list']) + # Ensure that the organization exists in the listing + data = client.action(schema, ['organizations', 'list']) assert(len(data) == 1) assert(data == [{'name': 'MegaCorp', 'status': 'active'}]) @@ -339,6 +353,7 @@ REST framework also provides a test case class for isolating `urlpatterns` on a ## Example from django.urls import include, path, reverse + from rest_framework import status from rest_framework.test import APITestCase, URLPatternsTestCase @@ -417,5 +432,5 @@ For example, to add support for using `format='html'` in test requests, you migh [requestfactory]: https://docs.djangoproject.com/en/stable/topics/testing/advanced/#django.test.client.RequestFactory [configuration]: #configuration [refresh_from_db_docs]: https://docs.djangoproject.com/en/stable/ref/models/instances/#django.db.models.Model.refresh_from_db -[session_objects]: https://requests.readthedocs.io/en/master/user/advanced/#session-objects +[session_objects]: https://requests.readthedocs.io/en/latest/user/advanced/#session-objects [provided_test_case_classes]: https://docs.djangoproject.com/en/stable/topics/testing/tools/#provided-test-case-classes diff --git a/docs/api-guide/throttling.md b/docs/api-guide/throttling.md index e6d7774a6..0ea8b4158 100644 --- a/docs/api-guide/throttling.md +++ b/docs/api-guide/throttling.md @@ -110,7 +110,7 @@ You'll need to remember to also set your custom throttle class in the `'DEFAULT_ The built-in throttle implementations are open to [race conditions][race], so under high concurrency they may allow a few extra requests through. -If your project relies on guaranteeing the number of requests during concurrent requests, you will need to implement your own throttle class. +If your project relies on guaranteeing the number of requests during concurrent requests, you will need to implement your own throttle class. See [issue #5181][gh5181] for more details. --- @@ -220,4 +220,5 @@ The following is an example of a rate throttle, that will randomly throttle 1 in [identifying-clients]: http://oxpedia.org/wiki/index.php?title=AppSuite:Grizzly#Multiple_Proxies_in_front_of_the_cluster [cache-setting]: https://docs.djangoproject.com/en/stable/ref/settings/#caches [cache-docs]: https://docs.djangoproject.com/en/stable/topics/cache/#setting-up-the-cache +[gh5181]: https://github.com/encode/django-rest-framework/issues/5181 [race]: https://en.wikipedia.org/wiki/Race_condition#Data_race diff --git a/docs/api-guide/validators.md b/docs/api-guide/validators.md index 57bcb8628..a0ceaf12d 100644 --- a/docs/api-guide/validators.md +++ b/docs/api-guide/validators.md @@ -5,7 +5,7 @@ source: # Validators -> Validators can be useful for re-using validation logic between different types of fields. +> Validators can be useful for reusing validation logic between different types of fields. > > — [Django documentation][cite] @@ -13,7 +13,7 @@ Most of the time you're dealing with validation in REST framework you'll simply However, sometimes you'll want to place your validation logic into reusable components, so that it can easily be reused throughout your codebase. This can be achieved by using validator functions and validator classes. -## Validation in REST framework +## Validation in REST framework Validation in Django REST framework serializers is handled a little differently to how validation works in Django's `ModelForm` class. @@ -75,7 +75,7 @@ This validator should be applied to *serializer fields*, like so: validators=[UniqueValidator(queryset=BlogPost.objects.all())] ) -## UniqueTogetherValidator +## UniqueTogetherValidator This validator can be used to enforce `unique_together` constraints on model instances. It has two required arguments, and a single optional `messages` argument: @@ -92,7 +92,7 @@ The validator should be applied to *serializer classes*, like so: # ... class Meta: # ToDo items belong to a parent list, and have an ordering defined - # by the 'position' field. No two items in a given list may share + # by the 'position' field. No two items in a given list may share # the same position. validators = [ UniqueTogetherValidator( @@ -166,7 +166,7 @@ If you want the date field to be entirely hidden from the user, then use `Hidden --- -**Note:** `HiddenField()` does not appear in `partial=True` serializer (when making `PATCH` request). +**Note:** `HiddenField()` does not appear in `partial=True` serializer (when making `PATCH` request). --- @@ -175,7 +175,7 @@ If you want the date field to be entirely hidden from the user, then use `Hidden Validators that are applied across multiple fields in the serializer can sometimes require a field input that should not be provided by the API client, but that *is* available as input to the validator. For this purposes use `HiddenField`. This field will be present in `validated_data` but *will not* be used in the serializer output representation. -**Note:** Using a `read_only=True` field is excluded from writable fields so it won't use a `default=…` argument. Look [3.8 announcement](https://www.django-rest-framework.org/community/3.8-announcement/#altered-the-behaviour-of-read_only-plus-default-on-field). +**Note:** Using a `read_only=True` field is excluded from writable fields so it won't use a `default=…` argument. Look [3.8 announcement](https://www.django-rest-framework.org/community/3.8-announcement/#altered-the-behavior-of-read_only-plus-default-on-field). REST framework includes a couple of defaults that may be useful in this context. diff --git a/docs/api-guide/views.md b/docs/api-guide/views.md index b293de75a..05a35c3d6 100644 --- a/docs/api-guide/views.md +++ b/docs/api-guide/views.md @@ -186,8 +186,13 @@ The available decorators are: * `@authentication_classes(...)` * `@throttle_classes(...)` * `@permission_classes(...)` +* `@content_negotiation_class(...)` +* `@metadata_class(...)` +* `@versioning_class(...)` -Each of these decorators takes a single argument which must be a list or tuple of classes. +Each of these decorators is equivalent to setting their respective [api policy attributes][api-policy-attributes]. + +All decorators take a single argument. The ones that end with `_class` expect a single class while the ones ending in `_classes` expect a list or tuple of classes. ## View schema decorator @@ -224,4 +229,5 @@ You may pass `None` in order to exclude the view from schema generation. [throttling]: throttling.md [schemas]: schemas.md [classy-drf]: http://www.cdrf.co +[api-policy-attributes]: views.md#api-policy-attributes diff --git a/docs/api-guide/viewsets.md b/docs/api-guide/viewsets.md index 22acfe327..102bac40e 100644 --- a/docs/api-guide/viewsets.md +++ b/docs/api-guide/viewsets.md @@ -231,7 +231,7 @@ Using the example from the previous section: Alternatively, you can use the `url_name` attribute set by the `@action` decorator. ```pycon ->>> view.reverse_action(view.set_password.url_name, args=['1']) +>>> view.reverse_action(view.set_password.url_name, args=["1"]) 'http://localhost:8000/api/users/1/set_password' ``` diff --git a/docs/community/3.0-announcement.md b/docs/community/3.0-announcement.md index 0cb79fc2e..52acd10e2 100644 --- a/docs/community/3.0-announcement.md +++ b/docs/community/3.0-announcement.md @@ -632,7 +632,7 @@ The `MultipleChoiceField` class has been added. This field acts like `ChoiceFiel The `from_native(self, value)` and `to_native(self, data)` method names have been replaced with the more obviously named `to_internal_value(self, data)` and `to_representation(self, value)`. -The `field_from_native()` and `field_to_native()` methods are removed. Previously you could use these methods if you wanted to customise the behavior in a way that did not simply lookup the field value from the object. For example... +The `field_from_native()` and `field_to_native()` methods are removed. Previously you could use these methods if you wanted to customize the behavior in a way that did not simply lookup the field value from the object. For example... def field_to_native(self, obj, field_name): """A custom read-only field that returns the class name.""" @@ -961,5 +961,5 @@ You can follow development on the GitHub site, where we use [milestones to indic [kickstarter]: https://www.kickstarter.com/projects/tomchristie/django-rest-framework-3 [sponsors]: https://www.django-rest-framework.org/community/kickstarter-announcement/#sponsors -[mixins.py]: https://github.com/encode/django-rest-framework/blob/master/rest_framework/mixins.py +[mixins.py]: https://github.com/encode/django-rest-framework/blob/main/rest_framework/mixins.py [django-localization]: https://docs.djangoproject.com/en/stable/topics/i18n/translation/#localization-how-to-create-language-files diff --git a/docs/community/3.1-announcement.md b/docs/community/3.1-announcement.md index 641f313d0..2b4b83d57 100644 --- a/docs/community/3.1-announcement.md +++ b/docs/community/3.1-announcement.md @@ -46,7 +46,7 @@ The cursor based pagination renders a more simple style of control: The pagination API was previously only able to alter the pagination style in the body of the response. The API now supports being able to write pagination information in response headers, making it possible to use pagination schemes that use the `Link` or `Content-Range` headers. -For more information, see the [custom pagination styles](../api-guide/pagination/#custom-pagination-styles) documentation. +For more information, see the [custom pagination styles](../api-guide/pagination.md#custom-pagination-styles) documentation. --- diff --git a/docs/community/3.11-announcement.md b/docs/community/3.11-announcement.md index 2fc37a764..e913d5e0a 100644 --- a/docs/community/3.11-announcement.md +++ b/docs/community/3.11-announcement.md @@ -50,11 +50,9 @@ class DocStringExampleListView(APIView): permission_classes = [permissions.IsAuthenticatedOrReadOnly] - def get(self, request, *args, **kwargs): - ... + def get(self, request, *args, **kwargs): ... - def post(self, request, *args, **kwargs): - ... + def post(self, request, *args, **kwargs): ... ``` ## Validator / Default Context @@ -76,8 +74,7 @@ Validator implementations will look like this: class CustomValidator: requires_context = True - def __call__(self, value, serializer_field): - ... + def __call__(self, value, serializer_field): ... ``` Default implementations will look like this: @@ -86,8 +83,7 @@ Default implementations will look like this: class CustomDefault: requires_context = True - def __call__(self, serializer_field): - ... + def __call__(self, serializer_field): ... ``` --- diff --git a/docs/community/3.12-announcement.md b/docs/community/3.12-announcement.md index b192f7290..5264ddd85 100644 --- a/docs/community/3.12-announcement.md +++ b/docs/community/3.12-announcement.md @@ -50,7 +50,7 @@ See [the schema documentation](https://www.django-rest-framework.org/api-guide/s ## Customizing the operation ID. REST framework automatically determines operation IDs to use in OpenAPI -schemas. The latest version provides more control for overriding the behaviour +schemas. The latest version provides more control for overriding the behavior used to generate the operation IDs. See [the schema documentation](https://www.django-rest-framework.org/api-guide/schemas/#operationid) for more information. @@ -96,7 +96,7 @@ for details on using custom `AutoSchema` subclasses. ## Support for JSONField. Django 3.1 deprecated the existing `django.contrib.postgres.fields.JSONField` -in favour of a new database-agnositic `JSONField`. +in favor of a new database-agnositic `JSONField`. REST framework 3.12 now supports this new model field, and `ModelSerializer` classes will correctly map the model field. diff --git a/docs/community/3.13-announcement.md b/docs/community/3.13-announcement.md index e2c1fefa6..10d31b764 100644 --- a/docs/community/3.13-announcement.md +++ b/docs/community/3.13-announcement.md @@ -50,6 +50,6 @@ They must now use the more explicit keyword argument style... aliases = serializers.ListField(child=serializers.CharField()) ``` -This change has been made because using positional arguments here *does not* result in the expected behaviour. +This change has been made because using positional arguments here *does not* result in the expected behavior. See Pull Request [#7632](https://github.com/encode/django-rest-framework/pull/7632) for more details. diff --git a/docs/community/3.15-announcement.md b/docs/community/3.15-announcement.md index 848d534b2..fbe0c759b 100644 --- a/docs/community/3.15-announcement.md +++ b/docs/community/3.15-announcement.md @@ -39,12 +39,12 @@ By default the URLs created by `SimpleRouter` use regular expressions. This beha Dependency on pytz has been removed and deprecation warnings have been added, Django will provide ZoneInfo instances as long as USE_DEPRECATED_PYTZ is not enabled. More info on the migration can be found [in this guide](https://pytz-deprecation-shim.readthedocs.io/en/latest/migration.html). -## Align `SearchFilter` behaviour to `django.contrib.admin` search +## Align `SearchFilter` behavior to `django.contrib.admin` search Searches now may contain _quoted phrases_ with spaces, each phrase is considered as a single search term, and it will raise a validation error if any null-character is provided in search. See the [Filtering API guide](../api-guide/filtering.md) for more information. ## Other fixes and improvements -There are a number of fixes and minor improvements in this release, ranging from documentation, internal infrastructure (typing, testing, requirements, deprecation, etc.), security and overall behaviour. +There are a number of fixes and minor improvements in this release, ranging from documentation, internal infrastructure (typing, testing, requirements, deprecation, etc.), security and overall behavior. See the [release notes](release-notes.md) page for a complete listing. diff --git a/docs/community/3.16-announcement.md b/docs/community/3.16-announcement.md index b8f460ae7..97e102c09 100644 --- a/docs/community/3.16-announcement.md +++ b/docs/community/3.16-announcement.md @@ -29,7 +29,7 @@ The current minimum versions of Django is now 4.2 and Python 3.9. ## Django LoginRequiredMiddleware -The new `LoginRequiredMiddleware` introduced by Django 5.1 can now be used alongside Django REST Framework, however it is not honored for API views as an equivalent behaviour can be configured via `DEFAULT_AUTHENTICATION_CLASSES`. See [our dedicated section](../api-guide/authentication.md#django-51-loginrequiredmiddleware) in the docs for more information. +The new `LoginRequiredMiddleware` introduced by Django 5.1 can now be used alongside Django REST Framework, however it is not honored for API views as an equivalent behavior can be configured via `DEFAULT_AUTHENTICATION_CLASSES`. See [our dedicated section](../api-guide/authentication.md#django-51-loginrequiredmiddleware) in the docs for more information. ## Improved support for UniqueConstraint @@ -37,6 +37,6 @@ The generation of validators for [UniqueConstraint](https://docs.djangoproject.c ## Other fixes and improvements -There are a number of fixes and minor improvements in this release, ranging from documentation, internal infrastructure (typing, testing, requirements, deprecation, etc.), security and overall behaviour. +There are a number of fixes and minor improvements in this release, ranging from documentation, internal infrastructure (typing, testing, requirements, deprecation, etc.), security and overall behavior. See the [release notes](release-notes.md) page for a complete listing. diff --git a/docs/community/3.3-announcement.md b/docs/community/3.3-announcement.md index 24f493dcd..3f6427c53 100644 --- a/docs/community/3.3-announcement.md +++ b/docs/community/3.3-announcement.md @@ -54,7 +54,7 @@ The `ModelSerializer` and `HyperlinkedModelSerializer` classes should now includ [forms-api]: ../topics/html-and-forms.md [ajax-form]: https://github.com/encode/ajax-form -[jsonfield]: ../api-guide/fields#jsonfield +[jsonfield]: ../api-guide/fields.md#jsonfield [accept-headers]: ../topics/browser-enhancements.md#url-based-accept-headers [method-override]: ../topics/browser-enhancements.md#http-header-based-method-overriding [django-supported-versions]: https://www.djangoproject.com/download/#supported-versions diff --git a/docs/community/3.4-announcement.md b/docs/community/3.4-announcement.md index 2954b36b8..2c68b178a 100644 --- a/docs/community/3.4-announcement.md +++ b/docs/community/3.4-announcement.md @@ -157,7 +157,7 @@ will result in a list of the available choices being returned in the response. In cases where there is a relational field, the previous behavior would be to return a list of available instances to choose from for that relational field. -In order to minimise exposed information the behavior now is to *not* return +In order to minimize exposed information the behavior now is to *not* return choices information for relational fields. If you want to override this new behavior you'll need to [implement a custom @@ -179,16 +179,16 @@ The full set of itemized release notes [are available here][release-notes]. [moss]: mozilla-grant.md [funding]: funding.md [core-api]: https://www.coreapi.org/ -[command-line-client]: api-clients#command-line-client -[client-library]: api-clients#python-client-library +[command-line-client]: https://github.com/encode/django-rest-framework/blob/3.4.7/docs/topics/api-clients.md#command-line-client +[client-library]: https://github.com/encode/django-rest-framework/blob/3.4.7/docs/topics/api-clients.md#python-client-library [core-json]: https://www.coreapi.org/specification/encoding/#core-json-encoding [swagger]: https://openapis.org/specification [hyperschema]: https://json-schema.org/latest/json-schema-hypermedia.html [api-blueprint]: https://apiblueprint.org/ -[tut-7]: ../tutorial/7-schemas-and-client-libraries/ -[schema-generation]: ../api-guide/schemas/ +[tut-7]: https://github.com/encode/django-rest-framework/blob/3.4.7/docs/tutorial/7-schemas-and-client-libraries.md +[schema-generation]: ../api-guide/schemas.md [api-clients]: https://github.com/encode/django-rest-framework/blob/3.14.0/docs/topics/api-clients.md [milestone]: https://github.com/encode/django-rest-framework/milestone/35 -[release-notes]: release-notes#34 -[metadata]: ../api-guide/metadata/#custom-metadata-classes +[release-notes]: ./release-notes.md#34x-series +[metadata]: ../api-guide/metadata.md#custom-metadata-classes [gh3751]: https://github.com/encode/django-rest-framework/issues/3751 diff --git a/docs/community/3.5-announcement.md b/docs/community/3.5-announcement.md index 43a628dd4..eb3bf7fd5 100644 --- a/docs/community/3.5-announcement.md +++ b/docs/community/3.5-announcement.md @@ -81,7 +81,7 @@ a dynamic client library to interact with your API. Finally, we're also now exposing the schema generation as a [publicly documented API][schema-generation-api], allowing you to more easily -override the behaviour. +override the behavior. ## Requests test client @@ -106,12 +106,12 @@ client library. client = CoreAPIClient() schema = client.get('http://testserver/schema/') - # Create a new organisation + # Create a new organization params = {'name': 'MegaCorp', 'status': 'active'} - client.action(schema, ['organisations', 'create'], params) + client.action(schema, ['organizations', 'create'], params) - # Ensure that the organisation exists in the listing - data = client.action(schema, ['organisations', 'list']) + # Ensure that the organization exists in the listing + data = client.action(schema, ['organizations', 'list']) assert(len(data) == 1) assert(data == [{'name': 'MegaCorp', 'status': 'active'}]) @@ -204,10 +204,10 @@ The `'pk'` identifier in schema paths is now mapped onto the actually model fiel name by default. This will typically be `'id'`. This gives a better external representation for schemas, with less implementation -detail being exposed. It also reflects the behaviour of using a ModelSerializer +detail being exposed. It also reflects the behavior of using a ModelSerializer class with `fields = '__all__'`. -You can revert to the previous behaviour by setting `'SCHEMA_COERCE_PATH_PK': False` +You can revert to the previous behavior by setting `'SCHEMA_COERCE_PATH_PK': False` in the REST framework settings. ### Schema action name representations @@ -215,7 +215,7 @@ in the REST framework settings. The internal `retrieve()` and `destroy()` method names are now coerced to an external representation of `read` and `delete`. -You can revert to the previous behaviour by setting `'SCHEMA_COERCE_METHOD_NAMES': {}` +You can revert to the previous behavior by setting `'SCHEMA_COERCE_METHOD_NAMES': {}` in the REST framework settings. ### DjangoFilterBackend @@ -254,9 +254,9 @@ in version 3.3 and raised a deprecation warning in 3.4. Its usage is now mandato [funding]: funding.md [uploads]: https://core-api.github.io/python-client/api-guide/utils/#file [downloads]: https://core-api.github.io/python-client/api-guide/codecs/#downloadcodec -[schema-generation-api]: ../api-guide/schemas/#schemagenerator -[schema-docs]: ../api-guide/schemas/#schemas-as-documentation -[schema-view]: ../api-guide/schemas/#the-get_schema_view-shortcut +[schema-generation-api]: ../api-guide/schemas.md#schemagenerator +[schema-docs]: ../api-guide/schemas.md#schemas-as-documentation +[schema-view]: ../api-guide/schemas.md#get_schema_view [django-rest-raml]: https://github.com/encode/django-rest-raml [raml-image]: ../img/raml.png [raml-codec]: https://github.com/core-api/python-raml-codec diff --git a/docs/community/3.7-announcement.md b/docs/community/3.7-announcement.md index d1a39fa60..49f68ead2 100644 --- a/docs/community/3.7-announcement.md +++ b/docs/community/3.7-announcement.md @@ -53,7 +53,7 @@ In order to try to address this we're now adding the ability for per-view custom Let's take a quick look at using the new functionality... -The `APIView` class has a `schema` attribute, that is used to control how the Schema for that particular view is generated. The default behaviour is to use the `AutoSchema` class. +The `APIView` class has a `schema` attribute, that is used to control how the Schema for that particular view is generated. The default behavior is to use the `AutoSchema` class. from rest_framework.views import APIView from rest_framework.schemas import AutoSchema diff --git a/docs/community/3.8-announcement.md b/docs/community/3.8-announcement.md index f33b220fd..eef3ae0c9 100644 --- a/docs/community/3.8-announcement.md +++ b/docs/community/3.8-announcement.md @@ -36,7 +36,7 @@ If you use REST framework commercially and would like to see this work continue, ## Breaking Changes -### Altered the behaviour of `read_only` plus `default` on Field. +### Altered the behavior of `read_only` plus `default` on Field. [#5886][gh5886] `read_only` fields will now **always** be excluded from writable fields. @@ -44,7 +44,7 @@ Previously `read_only` fields when combined with a `default` value would use the operations. This was counter-intuitive in some circumstances and led to difficulties supporting dotted `source` attributes on nullable relations. -In order to maintain the old behaviour you may need to pass the value of `read_only` fields when calling `save()` in +In order to maintain the old behavior you may need to pass the value of `read_only` fields when calling `save()` in the view: def perform_create(self, serializer): diff --git a/docs/community/3.9-announcement.md b/docs/community/3.9-announcement.md index 6bc5e3cc3..bd886482c 100644 --- a/docs/community/3.9-announcement.md +++ b/docs/community/3.9-announcement.md @@ -152,7 +152,7 @@ See [#5990][gh5990]. ### `action` decorator replaces `list_route` and `detail_route` -Both `list_route` and `detail_route` are now deprecated in favour of the single `action` decorator. +Both `list_route` and `detail_route` are now deprecated in favor of the single `action` decorator. They will be removed entirely in 3.10. The `action` decorator takes a boolean `detail` argument. diff --git a/docs/community/contributing.md b/docs/community/contributing.md index 5a9188943..797bf72e3 100644 --- a/docs/community/contributing.md +++ b/docs/community/contributing.md @@ -4,6 +4,8 @@ > > — [Tim Berners-Lee][cite] +There are many ways you can contribute to Django REST framework. We'd like it to be a community-led project, so please get involved and help shape the future of the project. + !!! note At this point in its lifespan we consider Django REST framework to be feature-complete. We focus on pull requests that track the continued development of Django versions, and generally do not accept new features or code formatting changes. @@ -28,9 +30,22 @@ The [Django code of conduct][code-of-conduct] gives a fuller set of guidelines f # Issues +Our contribution process is that the [GitHub discussions page](https://github.com/encode/django-rest-framework/discussions) should generally be your starting point. Some tips on good potential issue reporting: + * Django REST framework is considered feature-complete. Please do not file requests to change behavior, unless it is required for security reasons or to maintain compatibility with upcoming Django or Python versions. +* Search the GitHub project page for related items, and make sure you're running the latest version of REST framework before reporting an issue. * Feature requests will typically be closed with a recommendation that they be implemented outside the core REST framework library (e.g. as third-party libraries). This approach allows us to keep down the maintenance overhead of REST framework, so that the focus can be on continued stability and great documentation. +## Triaging issues + +Getting involved in triaging incoming issues is a good way to start contributing. Every single ticket that comes into the ticket tracker needs to be reviewed in order to determine what the next steps should be. Anyone can help out with this, you just need to be willing to + +* Read through the ticket - does it make sense, is it missing any context that would help explain it better? +* Is the ticket reported in the correct place, would it be better suited as a discussion on the discussion group? +* If the ticket is a bug report, can you reproduce it? Are you able to write a failing test case that demonstrates the issue and that can be submitted as a pull request? +* If the ticket is a feature request, could the feature request instead be implemented as a third party package? +* If a ticket hasn't had much activity and addresses something you need, then comment on the ticket and try to find out what's needed to get it moving again. + # Development To start developing on Django REST framework, first create a Fork from the @@ -66,12 +81,45 @@ To run the tests, clone the repository, and then: # Run the tests ./runtests.py +--- + +**Note:** if your tests require access to the database, do not forget to inherit from `django.test.TestCase` or use the `@pytest.mark.django_db()` decorator. + +For example, with TestCase: + + from django.test import TestCase + + class MyDatabaseTest(TestCase): + def test_something(self): + # Your test code here + pass + +Or with decorator: + + import pytest + + @pytest.mark.django_db() + class MyDatabaseTest: + def test_something(self): + # Your test code here + pass + +You can reuse existing models defined in `tests/models.py` for your tests. + +--- + ### Test options Run using a more concise output style. ./runtests.py -q + +If you do not want the output to be captured (for example, to see print statements directly), you can use the `-s` flag. + + ./runtests.py -s + + Run the tests for a given test case. ./runtests.py MyTestCase @@ -84,6 +132,7 @@ Shorter form to run the tests for a given test method. ./runtests.py test_this_method + Note: The test case and test method matching is fuzzy and will sometimes run other tests that contain a partial string match to the given command line input. ### Running against multiple environments @@ -194,7 +243,7 @@ If you want to draw attention to a note or warning, use a pair of enclosing line [pull-requests]: https://help.github.com/articles/using-pull-requests [tox]: https://tox.readthedocs.io/en/latest/ [markdown]: https://daringfireball.net/projects/markdown/basics -[docs]: https://github.com/encode/django-rest-framework/tree/master/docs +[docs]: https://github.com/encode/django-rest-framework/tree/main/docs [mou]: http://mouapp.com/ [repo]: https://github.com/encode/django-rest-framework [how-to-fork]: https://help.github.com/articles/fork-a-repo/ diff --git a/docs/community/funding.md b/docs/community/funding.md deleted file mode 100644 index 7bca4bae4..000000000 --- a/docs/community/funding.md +++ /dev/null @@ -1,388 +0,0 @@ - - - - -# Funding - -If you use REST framework commercially we strongly encourage you to invest in its continued development by signing up for a paid plan. - -**We believe that collaboratively funded software can offer outstanding returns on investment, by encouraging our users to collectively share the cost of development.** - -Signing up for a paid plan will: - -* Directly contribute to faster releases, more features, and higher quality software. -* Allow more time to be invested in keeping the package up to date. -* Safeguard the future development of REST framework. - -REST framework continues to be open-source and permissively licensed, but we firmly believe it is in the commercial best-interest for users of the project to invest in its ongoing development. - ---- - -## What funding has enabled so far - -* The [3.4](https://www.django-rest-framework.org/community/3.4-announcement/) and [3.5](https://www.django-rest-framework.org/community/3.5-announcement/) releases, including schema generation for both Swagger and RAML, a Python client library, a Command Line client, and addressing of a large number of outstanding issues. -* The [3.6](https://www.django-rest-framework.org/community/3.6-announcement/) release, including JavaScript client library, and API documentation, complete with auto-generated code samples. -* The [3.7 release](https://www.django-rest-framework.org/community/3.7-announcement/), made possible due to our collaborative funding model, focuses on improvements to schema generation and the interactive API documentation. -* The recent [3.8 release](https://www.django-rest-framework.org/community/3.8-announcement/). -* Tom Christie, the creator of Django REST framework, working on the project full-time. -* Around 80-90 issues and pull requests closed per month since Tom Christie started working on the project full-time. -* A community & operations manager position part-time for 4 months, helping mature the business and grow sponsorship. -* Contracting development time for the work on the JavaScript client library and API documentation tooling. - ---- - -## What our sponsors and users say - -> As a developer, Django REST framework feels like an obvious and natural extension to all the great things that make up Django and it's community. Getting started is easy while providing simple abstractions which makes it flexible and customizable. Contributing and supporting Django REST framework helps ensure its future and one way or another it also helps Django, and the Python ecosystem. -> -> — José Padilla, Django REST framework contributor - -  - -> The number one feature of the Python programming language is its community. Such a community is only possible because of the Open Source nature of the language and all the culture that comes from it. Building great Open Source projects require great minds. Given that, we at Vinta are not only proud to sponsor the team behind DRF but we also recognize the ROI that comes from it. -> -> — Filipe Ximenes, Vinta Software - -  - -> It's really awesome that this project continues to endure. The code base is top notch and the maintainers are committed to the highest level of quality. -DRF is one of the core reasons why Django is top choice among web frameworks today. In my opinion, it sets the standard for rest frameworks for the development community at large. -> -> — Andrew Conti, Django REST framework user - -Sign up for a paid plan today, and help ensure that REST framework becomes a sustainable, full-time funded project. - ---- - -## Individual plan - -This subscription is recommended for individuals with an interest in seeing REST framework continue to improve. - -If you are using REST framework as a full-time employee, consider recommending that your company takes out a [corporate plan](#corporate-plans). - -
-
-
-
- {{ symbol }} - {{ rates.personal1 }} - /month{% if vat %} +VAT{% endif %} -
-
Individual
-
-
- Support ongoing development -
-
- Credited on the site -
-
- -
-
-
-
- -*Billing is monthly and you can cancel at any time.* - ---- - -## Corporate plans - -These subscriptions are recommended for companies and organizations using REST framework either publicly or privately. - -In exchange for funding you'll also receive advertising space on our site, allowing you to **promote your company or product to many tens of thousands of developers worldwide**. - -Our professional and premium plans also include **priority support**. At any time your engineers can escalate an issue or discussion group thread, and we'll ensure it gets a guaranteed response within the next working day. - -
-
-
-
- {{ symbol }} - {{ rates.corporate1 }} - /month{% if vat %} +VAT{% endif %} -
-
Basic
-
-
- Support ongoing development -
-
- Funding page ad placement -
-
- -
-
-
-
-
- {{ symbol }} - {{ rates.corporate2 }} - /month{% if vat %} +VAT{% endif %} -
-
Professional
-
-
- Support ongoing development -
-
- Sidebar ad placement -
-
- Priority support for your engineers -
-
- -
-
-
-
-
- {{ symbol }} - {{ rates.corporate3 }} - /month{% if vat %} +VAT{% endif %} -
-
Premium
-
-
- Support ongoing development -
-
- Homepage ad placement -
-
- Sidebar ad placement -
-
- Priority support for your engineers -
-
- -
-
-
- -
- -*Billing is monthly and you can cancel at any time.* - -Once you've signed up, we will contact you via email and arrange your ad placements on the site. - -For further enquires please contact funding@django-rest-framework.org. - ---- - -## Accountability - -In an effort to keep the project as transparent as possible, we are releasing [monthly progress reports](https://www.encode.io/reports/march-2018/) and regularly include financial reports and cost breakdowns. - - - - -
-
-
-

Stay up to date, with our monthly progress reports...

-
- - -
-
- - -
- -
-
-
-
- - - ---- - -## Frequently asked questions - -**Q: Can you issue monthly invoices?** -A: Yes, we are happy to issue monthly invoices. Please just email us and let us know who to issue the invoice to (name and address) and which email address to send it to each month. - -**Q: Does sponsorship include VAT?** -A: Sponsorship is VAT exempt. - -**Q: Do I have to sign up for a certain time period?** -A: No, we appreciate your support for any time period that is convenient for you. Also, you can cancel your sponsorship anytime. - -**Q: Can I pay yearly? Can I pay upfront fox X amount of months at a time?** -A: We are currently only set up to accept monthly payments. However, if you'd like to support Django REST framework and you can only do yearly/upfront payments, we are happy to work with you and figure out a convenient solution. - -**Q: Are you only looking for corporate sponsors?** -A: No, we value individual sponsors just as much as corporate sponsors and appreciate any kind of support. - ---- - -## Our sponsors - -
- - diff --git a/docs/community/project-management.md b/docs/community/project-management.md index daf2cda8d..5c7577ec8 100644 --- a/docs/community/project-management.md +++ b/docs/community/project-management.md @@ -31,9 +31,10 @@ Team members have the following responsibilities. Further notes for maintainers: -* Code changes should come in the form of a pull request - do not push directly to master. +* Code changes should come in the form of a pull request - do not push directly to main. * Maintainers should typically not merge their own pull requests. * Each issue/pull request should have exactly one label once triaged. +* Search for un-triaged issues with [is:open no:label][un-triaged]. --- @@ -50,28 +51,24 @@ The following template should be used for the description of the issue, and serv Release manager is @***. Pull request is #***. - During development cycle: - - - [ ] Upload the new content to be translated to [transifex](https://www.django-rest-framework.org/topics/project-management/#translations). - - Checklist: - - [ ] Create pull request for [release notes](https://github.com/encode/django-rest-framework/blob/master/docs/topics/release-notes.md) based on the [*.*.* milestone](https://github.com/encode/django-rest-framework/milestones/***). + - [ ] Create pull request for [release notes](https://github.com/encode/django-rest-framework/blob/mains/docs/topics/release-notes.md) based on the [*.*.* milestone](https://github.com/encode/django-rest-framework/milestones/***). - [ ] Update supported versions: - - [ ] `setup.py` `python_requires` list - - [ ] `setup.py` Python & Django version trove classifiers + - [ ] `pyproject.toml` `python_requires` list + - [ ] `pyproject.toml` Python & Django version trove classifiers - [ ] `README` Python & Django versions - [ ] `docs` Python & Django versions - - [ ] Update the translations from [transifex](https://www.django-rest-framework.org/topics/project-management/#translations). - - [ ] Ensure the pull request increments the version to `*.*.*` in [`restframework/__init__.py`](https://github.com/encode/django-rest-framework/blob/master/rest_framework/__init__.py). + - [ ] Ensure the pull request increments the version to `*.*.*` in [`restframework/__init__.py`](https://github.com/encode/django-rest-framework/blob/main/rest_framework/__init__.py). - [ ] Ensure documentation validates - Build and serve docs `mkdocs serve` - Validate links `pylinkvalidate.py -P http://127.0.0.1:8000` - [ ] Confirm with @tomchristie that release is finalized and ready to go. - [ ] Ensure that release date is included in pull request. - [ ] Merge the release pull request. - - [ ] Push the package to PyPI with `./setup.py publish`. + - [ ] Install the release tools: `pip install build twine` + - [ ] Build the package: `python -m build` + - [ ] Push the package to PyPI with `twine upload dist/*` - [ ] Tag the release, with `git tag -a *.*.* -m 'version *.*.*'; git push --tags`. - [ ] Deploy the documentation with `mkdocs gh-deploy`. - [ ] Make a release announcement on the [discussion group](https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework). @@ -84,55 +81,6 @@ When pushing the release to PyPI ensure that your environment has been installed --- -## Translations - -The maintenance team are responsible for managing the translation packs include in REST framework. Translating the source strings into multiple languages is managed through the [transifex service][transifex-project]. - -### Managing Transifex - -The [official Transifex client][transifex-client] is used to upload and download translations to Transifex. The client is installed using pip: - - pip install transifex-client - -To use it you'll need a login to Transifex which has a password, and you'll need to have administrative access to the Transifex project. You'll need to create a `~/.transifexrc` file which contains your credentials. - - [https://www.transifex.com] - username = *** - token = *** - password = *** - hostname = https://www.transifex.com - -### Upload new source files - -When any user visible strings are changed, they should be uploaded to Transifex so that the translators can start to translate them. To do this, just run: - - # 1. Update the source django.po file, which is the US English version. - cd rest_framework - django-admin makemessages -l en_US - # 2. Push the source django.po file to Transifex. - cd .. - tx push -s - -When pushing source files, Transifex will update the source strings of a resource to match those from the new source file. - -Here's how differences between the old and new source files will be handled: - -* New strings will be added. -* Modified strings will be added as well. -* Strings which do not exist in the new source file will be removed from the database, along with their translations. If that source strings gets re-added later then [Transifex Translation Memory][translation-memory] will automatically include the translation string. - -### Download translations - -When a translator has finished translating their work needs to be downloaded from Transifex into the REST framework repository. To do this, run: - - # 3. Pull the translated django.po files from Transifex. - tx pull -a --minimum-perc 10 - cd rest_framework - # 4. Compile the binary .mo files for all supported languages. - django-admin compilemessages - ---- - ## Project requirements All our test requirements are pinned to exact versions, in order to ensure that our test runs are reproducible. We maintain the requirements in the `requirements` directory. The requirements files are referenced from the `tox.ini` configuration file, ensuring we have a single source of truth for package versions used in testing. @@ -156,7 +104,5 @@ The following issues still need to be addressed: * Document ownership and management of the security mailing list. [bus-factor]: https://en.wikipedia.org/wiki/Bus_factor -[transifex-project]: https://www.transifex.com/projects/p/django-rest-framework/ -[transifex-client]: https://pypi.org/project/transifex-client/ -[translation-memory]: http://docs.transifex.com/guides/tm#let-tm-automatically-populate-translations +[un-triaged]: https://github.com/encode/django-rest-framework/issues?q=is%3Aopen+no%3Alabel [mailing-list]: https://groups.google.com/forum/#!forum/django-rest-framework diff --git a/docs/community/release-notes.md b/docs/community/release-notes.md index c7b82e985..86cab8e2b 100644 --- a/docs/community/release-notes.md +++ b/docs/community/release-notes.md @@ -38,20 +38,83 @@ You can determine your currently installed version using `pip show`: ## 3.16.x series +### 3.16.1 + +**Date**: 6th August 2025 + +This release fixes a few bugs, clean-up some old code paths for unsupported Python versions and improve translations. + +#### Minor changes + +* Cleanup optional `backports.zoneinfo` dependency and conditions on unsupported Python 3.8 and lower in [#9681](https://github.com/encode/django-rest-framework/pull/9681). Python versions prior to 3.9 were already unsupported so this shouldn't be a breaking change. + +#### Bug fixes + +* Fix regression in `unique_together` validation with `SerializerMethodField` in [#9712](https://github.com/encode/django-rest-framework/pull/9712) +* Fix `UniqueTogetherValidator` to handle fields with `source` attribute in [#9688](https://github.com/encode/django-rest-framework/pull/9688) +* Drop HTML line breaks on long headers in browsable API in [#9438](https://github.com/encode/django-rest-framework/pull/9438) + +#### Translations + +* Add Kazakh locale support in [#9713](https://github.com/encode/django-rest-framework/pull/9713) +* Update translations for Korean translations in [#9571](https://github.com/encode/django-rest-framework/pull/9571) +* Update German translations in [#9676](https://github.com/encode/django-rest-framework/pull/9676) +* Update Chinese translations in [#9675](https://github.com/encode/django-rest-framework/pull/9675) +* Update Arabic translations-sal in [#9595](https://github.com/encode/django-rest-framework/pull/9595) +* Update Persian translations in [#9576](https://github.com/encode/django-rest-framework/pull/9576) +* Update Spanish translations in [#9701](https://github.com/encode/django-rest-framework/pull/9701) +* Update Turkish Translations in [#9749](https://github.com/encode/django-rest-framework/pull/9749) +* Fix some typos in Brazilian Portuguese translations in [#9673](https://github.com/encode/django-rest-framework/pull/9673) + +#### Documentation + +* Removed reference to GitHub Issues and Discussions in [#9660](https://github.com/encode/django-rest-framework/pull/9660) +* Add `drf-restwind` and update outdated images in `browsable-api.md` in [#9680](https://github.com/encode/django-rest-framework/pull/9680) +* Updated funding page to represent current scope in [#9686](https://github.com/encode/django-rest-framework/pull/9686) +* Fix broken Heroku JSON Schema link in [#9693](https://github.com/encode/django-rest-framework/pull/9693) +* Update Django documentation links to use stable version in [#9698](https://github.com/encode/django-rest-framework/pull/9698) +* Expand docs on unique constraints cause 'required=True' in [#9725](https://github.com/encode/django-rest-framework/pull/9725) +* Revert extension back from `djangorestframework-guardian2` to `djangorestframework-guardian` in [#9734](https://github.com/encode/django-rest-framework/pull/9734) +* Add note to tutorial about required `request` in serializer context when using `HyperlinkedModelSerializer` in [#9732](https://github.com/encode/django-rest-framework/pull/9732) + +#### Internal changes + +* Update GitHub Actions to use Ubuntu 24.04 for testing in [#9677](https://github.com/encode/django-rest-framework/pull/9677) +* Update test matrix to use Django 5.2 stable version in [#9679](https://github.com/encode/django-rest-framework/pull/9679) +* Add `pyupgrade` to `pre-commit` hooks in [#9682](https://github.com/encode/django-rest-framework/pull/9682) +* Fix test with Django 5 when `pytz` is available in [#9715](https://github.com/encode/django-rest-framework/pull/9715) + +#### New Contributors + +* [`@araggohnxd`](https://github.com/araggohnxd) made their first contribution in [#9673](https://github.com/encode/django-rest-framework/pull/9673) +* [`@mbeijen`](https://github.com/mbeijen) made their first contribution in [#9660](https://github.com/encode/django-rest-framework/pull/9660) +* [`@stefan6419846`](https://github.com/stefan6419846) made their first contribution in [#9676](https://github.com/encode/django-rest-framework/pull/9676) +* [`@ren000thomas`](https://github.com/ren000thomas) made their first contribution in [#9675](https://github.com/encode/django-rest-framework/pull/9675) +* [`@ulgens`](https://github.com/ulgens) made their first contribution in [#9682](https://github.com/encode/django-rest-framework/pull/9682) +* [`@bukh-sal`](https://github.com/bukh-sal) made their first contribution in [#9595](https://github.com/encode/django-rest-framework/pull/9595) +* [`@rezatn0934`](https://github.com/rezatn0934) made their first contribution in [#9576](https://github.com/encode/django-rest-framework/pull/9576) +* [`@Rohit10jr`](https://github.com/Rohit10jr) made their first contribution in [#9693](https://github.com/encode/django-rest-framework/pull/9693) +* [`@kushibayev`](https://github.com/kushibayev) made their first contribution in [#9713](https://github.com/encode/django-rest-framework/pull/9713) +* [`@alihassancods`](https://github.com/alihassancods) made their first contribution in [#9732](https://github.com/encode/django-rest-framework/pull/9732) +* [`@kulikjak`](https://github.com/kulikjak) made their first contribution in [#9715](https://github.com/encode/django-rest-framework/pull/9715) +* [`@Natgho`](https://github.com/Natgho) made their first contribution in [#9749](https://github.com/encode/django-rest-framework/pull/9749) + +**Full Changelog**: https://github.com/encode/django-rest-framework/compare/3.16.0...3.16.1 + ### 3.16.0 **Date**: 28th March 2025 -This release is considered a significant release to improve upstream support with Django and Python. Some of these may change the behaviour of existing features and pre-existing behaviour. Specifically, some fixes were added to around the support of `UniqueConstraint` with nullable fields which will improve built-in serializer validation. +This release is considered a significant release to improve upstream support with Django and Python. Some of these may change the behavior of existing features and pre-existing behavior. Specifically, some fixes were added to around the support of `UniqueConstraint` with nullable fields which will improve built-in serializer validation. -## Features +#### Features * Add official support for Django 5.1 and its new `LoginRequiredMiddleware` in [#9514](https://github.com/encode/django-rest-framework/pull/9514) and [#9657](https://github.com/encode/django-rest-framework/pull/9657) * Add official Django 5.2a1 support in [#9634](https://github.com/encode/django-rest-framework/pull/9634) * Add support for Python 3.13 in [#9527](https://github.com/encode/django-rest-framework/pull/9527) and [#9556](https://github.com/encode/django-rest-framework/pull/9556) * Support Django 2.1+ test client JSON data automatically serialized in [#6511](https://github.com/encode/django-rest-framework/pull/6511) and fix a regression in [#9615](https://github.com/encode/django-rest-framework/pull/9615) -## Bug fixes +#### Bug fixes * Fix unique together validator to respect condition's fields from `UniqueConstraint` in [#9360](https://github.com/encode/django-rest-framework/pull/9360) * Fix raising on nullable fields part of `UniqueConstraint` in [#9531](https://github.com/encode/django-rest-framework/pull/9531) @@ -62,19 +125,19 @@ This release is considered a significant release to improve upstream support wit * Fix noisy warning and accept integers as min/max values of `DecimalField` in [#9515](https://github.com/encode/django-rest-framework/pull/9515) * Fix usages of `open()` in `setup.py` in [#9661](https://github.com/encode/django-rest-framework/pull/9661) -## Translations +#### Translations * Add some missing Chinese translations in [#9505](https://github.com/encode/django-rest-framework/pull/9505) * Fix spelling mistakes in Farsi language were corrected in [#9521](https://github.com/encode/django-rest-framework/pull/9521) * Fixing and adding missing Brazilian Portuguese translations in [#9535](https://github.com/encode/django-rest-framework/pull/9535) -## Removals +#### Removals * Remove support for Python 3.8 in [#9670](https://github.com/encode/django-rest-framework/pull/9670) * Remove long deprecated code from request wrapper in [#9441](https://github.com/encode/django-rest-framework/pull/9441) * Remove deprecated `AutoSchema._get_reference` method in [#9525](https://github.com/encode/django-rest-framework/pull/9525) -## Documentation and internal changes +#### Documentation and internal changes * Provide tests for hashing of `OperandHolder` in [#9437](https://github.com/encode/django-rest-framework/pull/9437) * Update documentation: Add `adrf` third party package in [#9198](https://github.com/encode/django-rest-framework/pull/9198) @@ -94,7 +157,7 @@ This release is considered a significant release to improve upstream support wit * Fix a number of typos in the test suite in the docs in [#9662](https://github.com/encode/django-rest-framework/pull/9662) * Add `django-pyoidc` as a third party authentication library in [#9667](https://github.com/encode/django-rest-framework/pull/9667) -## New Contributors +#### New Contributors * [`@maerteijn`](https://github.com/maerteijn) made their first contribution in [#9198](https://github.com/encode/django-rest-framework/pull/9198) * [`@FraCata00`](https://github.com/FraCata00) made their first contribution in [#9444](https://github.com/encode/django-rest-framework/pull/9444) @@ -152,7 +215,7 @@ Date: 15th March 2024 * Partial serializer should not have required fields [[#7563](https://github.com/encode/django-rest-framework/pull/7563)] * Propagate 'default' from model field to serializer field. [[#9030](https://github.com/encode/django-rest-framework/pull/9030)] * Allow to override child.run_validation call in ListSerializer [[#8035](https://github.com/encode/django-rest-framework/pull/8035)] -* Align SearchFilter behaviour to django.contrib.admin search [[#9017](https://github.com/encode/django-rest-framework/pull/9017)] +* Align SearchFilter behavior to django.contrib.admin search [[#9017](https://github.com/encode/django-rest-framework/pull/9017)] * Class name added to unknown field error [[#9019](https://github.com/encode/django-rest-framework/pull/9019)] * Fix: Pagination response schemas. [[#9049](https://github.com/encode/django-rest-framework/pull/9049)] * Fix choices in ChoiceField to support IntEnum [[#8955](https://github.com/encode/django-rest-framework/pull/8955)] @@ -306,7 +369,7 @@ Date: 28th September 2020 * Add `--file` option to `generateschema` command. [#7130] * Support `tags` for OpenAPI schema generation. See [the schema docs](https://www.django-rest-framework.org/api-guide/schemas/#grouping-operations-with-tags). [#7184] -* Support customising the operation ID for schema generation. See [the schema docs](https://www.django-rest-framework.org/api-guide/schemas/#operationid). [#7190] +* Support customizing the operation ID for schema generation. See [the schema docs](https://www.django-rest-framework.org/api-guide/schemas/#operationid). [#7190] * Support OpenAPI components for schema generation. See [the schema docs](https://www.django-rest-framework.org/api-guide/schemas/#components). [#7124] * The following methods on `AutoSchema` become public API: `get_path_parameters`, `get_pagination_parameters`, `get_filter_parameters`, `get_request_body`, `get_responses`, `get_serializer`, `get_paginator`, `map_serializer`, `map_field`, `map_choice_field`, `map_field_validators`, `allows_filters`. See [the schema docs](https://www.django-rest-framework.org/api-guide/schemas/#autoschema) * Add support for Django 3.1's database-agnositic `JSONField`. [#7467] @@ -344,7 +407,7 @@ Date: 28th September 2020 * Fix `PrimaryKeyRelatedField` and `HyperlinkedRelatedField` when source field is actually a property. [#7142] * `Token.generate_key` is now a class method. [#7502] * `@action` warns if method is wrapped in a decorator that does not preserve information using `@functools.wraps`. [#7098] -* Deprecate `serializers.NullBooleanField` in favour of `serializers.BooleanField` with `allow_null=True` [#7122] +* Deprecate `serializers.NullBooleanField` in favor of `serializers.BooleanField` with `allow_null=True` [#7122] --- @@ -354,7 +417,7 @@ Date: 28th September 2020 **Date**: 30th September 2020 -* **Security**: Drop `urlize_quoted_links` template tag in favour of Django's built-in `urlize`. Removes a XSS vulnerability for some kinds of content in the browsable API. +* **Security**: Drop `urlize_quoted_links` template tag in favor of Django's built-in `urlize`. Removes a XSS vulnerability for some kinds of content in the browsable API. ### 3.11.1 @@ -366,7 +429,7 @@ Date: 28th September 2020 **Date**: 12th December 2019 -* Drop `.set_context` API [in favour of a `requires_context` marker](3.11-announcement.md#validator-default-context). +* Drop `.set_context` API [in favor of a `requires_context` marker](3.11-announcement.md#validator-default-context). * Changed default widget for TextField with choices to select box. [#6892][gh6892] * Supported nested writes on non-relational fields, such as JSONField. [#6916][gh6916] * Include request/response media types in OpenAPI schemas, based on configured parsers/renderers. [#6865][gh6865] @@ -558,13 +621,13 @@ Be sure to upgrade to Python 3 before upgrading to Django REST Framework 3.10. **Date**: [3rd April 2018][3.8.0-milestone] -* **Breaking Change**: Alter `read_only` plus `default` behaviour. [#5886][gh5886] +* **Breaking Change**: Alter `read_only` plus `default` behavior. [#5886][gh5886] `read_only` fields will now **always** be excluded from writable fields. Previously `read_only` fields with a `default` value would use the `default` for create and update operations. - In order to maintain the old behaviour you may need to pass the value of `read_only` fields when calling `save()` in + In order to maintain the old behavior you may need to pass the value of `read_only` fields when calling `save()` in the view: def perform_create(self, serializer): @@ -572,13 +635,13 @@ Be sure to upgrade to Python 3 before upgrading to Django REST Framework 3.10. Alternatively you may override `save()` or `create()` or `update()` on the serializer as appropriate. -* Correct allow_null behaviour when required=False [#5888][gh5888] +* Correct allow_null behavior when required=False [#5888][gh5888] Without an explicit `default`, `allow_null` implies a default of `null` for outgoing serialization. Previously such fields were being skipped when read-only or otherwise not required. **Possible backwards compatibility break** if you were relying on such fields being excluded from the outgoing - representation. In order to restore the old behaviour you can override `data` to exclude the field when `None`. + representation. In order to restore the old behavior you can override `data` to exclude the field when `None`. For example: @@ -635,7 +698,7 @@ Be sure to upgrade to Python 3 before upgrading to Django REST Framework 3.10. * Add HStoreField, postgres fields tests [#5654][gh5654] * Always fully qualify ValidationError in docs [#5751][gh5751] * Remove unreachable code from ManualSchema [#5766][gh5766] -* Allowed customising API documentation code samples [#5752][gh5752] +* Allowed customizing API documentation code samples [#5752][gh5752] * Updated docs to use `pip show` [#5757][gh5757] * Load 'static' instead of 'staticfiles' in templates [#5773][gh5773] * Fixed a typo in `fields` docs [#5783][gh5783] @@ -698,7 +761,7 @@ Be sure to upgrade to Python 3 before upgrading to Django REST Framework 3.10. * Schema: Extract method for `manual_fields` processing [#5633][gh5633] - Allows for easier customisation of `manual_fields` processing, for example + Allows for easier customization of `manual_fields` processing, for example to provide per-method manual fields. `AutoSchema` adds `get_manual_fields`, as the intended override point, and a utility method `update_fields`, to handle by-name field replacement from a list, which, in general, you are not @@ -820,7 +883,7 @@ Be sure to upgrade to Python 3 before upgrading to Django REST Framework 3.10. * Don't strip microseconds from `time` when encoding. Makes consistent with `datetime`. **BC Change**: Previously only milliseconds were encoded. [#5440][gh5440] * Added `STRICT_JSON` setting (default `True`) to raise exception for the extended float values (`nan`, `inf`, `-inf`) accepted by Python's `json` module. - **BC Change**: Previously these values would converted to corresponding strings. Set `STRICT_JSON` to `False` to restore the previous behaviour. [#5265][gh5265] + **BC Change**: Previously these values would converted to corresponding strings. Set `STRICT_JSON` to `False` to restore the previous behavior. [#5265][gh5265] * Add support for `page_size` parameter in CursorPaginator class [#5250][gh5250] * Make `DEFAULT_PAGINATION_CLASS` `None` by default. **BC Change**: If your were **just** setting `PAGE_SIZE` to enable pagination you will need to add `DEFAULT_PAGINATION_CLASS`. @@ -858,10 +921,10 @@ Be sure to upgrade to Python 3 before upgrading to Django REST Framework 3.10. * Fix naming collisions in Schema Generation [#5464][gh5464] * Call Django's authenticate function with the request object [#5295][gh5295] * Update coreapi JS to 0.1.1 [#5479][gh5479] -* Have `is_list_view` recognise RetrieveModel… views [#5480][gh5480] +* Have `is_list_view` recognize RetrieveModel… views [#5480][gh5480] * Remove Django 1.8 & 1.9 compatibility code [#5481][gh5481] * Remove deprecated schema code from DefaultRouter [#5482][gh5482] -* Refactor schema generation to allow per-view customisation. +* Refactor schema generation to allow per-view customization. **BC Change**: `SchemaGenerator.get_serializer_fields` has been refactored as `AutoSchema.get_serializer_fields` and drops the `view` argument [#5354][gh5354] ## 3.6.x series diff --git a/docs/community/third-party-packages.md b/docs/community/third-party-packages.md index d213cac3d..1a9e4e468 100644 --- a/docs/community/third-party-packages.md +++ b/docs/community/third-party-packages.md @@ -58,6 +58,7 @@ To submit new content, [create a pull request][drf-create-pr]. * [hawkrest][hawkrest] - Provides Hawk HTTP Authorization. * [djangorestframework-httpsignature][djangorestframework-httpsignature] - Provides an easy to use HTTP Signature Authentication mechanism. * [djoser][djoser] - Provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. +* [DRF Auth Kit][drf-auth-kit] - Provides complete REST authentication with JWT cookies, social login, MFA, and user management. Features full type safety and automatic OpenAPI schema generation. * [dj-rest-auth][dj-rest-auth] - Provides a set of REST API endpoints for registration, authentication (including social media authentication), password reset, retrieve and update user details, etc. * [drf-oidc-auth][drf-oidc-auth] - Implements OpenID Connect token authentication for DRF. * [drfpasswordless][drfpasswordless] - Adds (Medium, Square Cash inspired) passwordless logins and signups via email and mobile numbers. @@ -72,6 +73,7 @@ To submit new content, [create a pull request][drf-create-pr]. * [dry-rest-permissions][dry-rest-permissions] - Provides a simple way to define permissions for individual api actions. * [drf-access-policy][drf-access-policy] - Declarative and flexible permissions inspired by AWS' IAM policies. * [drf-psq][drf-psq] - An extension that gives support for having action-based **permission_classes**, **serializer_class**, and **queryset** dependent on permission-based rules. +* [axioms-drf-py][axioms-drf-py] - Supports authentication and claim-based fine-grained authorization (**scopes**, **roles**, **groups**, **permissions**, etc. including object-level checks) using JWT tokens issued by an OAuth2/OIDC Authorization Server. ### Serializers @@ -88,6 +90,7 @@ To submit new content, [create a pull request][drf-create-pr]. * [djangorestframework-dataclasses][djangorestframework-dataclasses] - Serializer providing automatic field generation for Python dataclasses, like the built-in ModelSerializer does for models. * [django-restql][django-restql] - Turn your REST API into a GraphQL like API(It allows clients to control which fields will be sent in a response, uses GraphQL like syntax, supports read and write on both flat and nested fields). * [graphwrap][graphwrap] - Transform your REST API into a fully compliant GraphQL API with just two lines of code. Leverages [Graphene-Django](https://docs.graphene-python.org/projects/django/en/latest/) to dynamically build, at runtime, a GraphQL ObjectType for each view in your API. +* [drf-shapeless-serializers][drf-shapeless-serializers] - Dynamically assemble, configure, and shape your Django Rest Framework serializers at runtime, much like connecting Lego bricks. ### Serializer fields @@ -126,7 +129,7 @@ To submit new content, [create a pull request][drf-create-pr]. * [djangorestframework-chain][djangorestframework-chain] - Allows arbitrary chaining of both relations and lookup filters. * [django-url-filter][django-url-filter] - Allows a safe way to filter data via human-friendly URLs. It is a generic library which is not tied to DRF but it provides easy integration with DRF. * [drf-url-filter][drf-url-filter] is a simple Django app to apply filters on drf `ModelViewSet`'s `Queryset` in a clean, simple and configurable way. It also supports validations on incoming query params and their values. -* [django-rest-framework-guardian2][django-rest-framework-guardian2] - Provides integration with django-guardian, including the `DjangoObjectPermissionsFilter` previously found in DRF. +* [django-rest-framework-guardian][django-rest-framework-guardian] - Provides integration with django-guardian, including the `DjangoObjectPermissionsFilter` previously found in DRF. ### Misc @@ -157,6 +160,7 @@ To submit new content, [create a pull request][drf-create-pr]. * [django-requestlogs] - Providing middleware and other helpers for audit logging for REST framework. * [drf-standardized-errors][drf-standardized-errors] - DRF exception handler to standardize error responses for all API endpoints. * [drf-api-action][drf-api-action] - uses the power of DRF also as a library functions +* [apitally] - A simple API monitoring, analytics, and request logging tool using middleware. For DRF-specific setup guide, [click here](https://docs.apitally.io/frameworks/django-rest-framework). ### Customization @@ -172,13 +176,14 @@ To submit new content, [create a pull request][drf-create-pr]. [pypi-register]: https://pypi.org/account/register/ [semver]: https://semver.org/ [tox-docs]: https://tox.readthedocs.io/en/latest/ -[drf-compat]: https://github.com/encode/django-rest-framework/blob/master/rest_framework/compat.py +[drf-compat]: https://github.com/encode/django-rest-framework/blob/main/rest_framework/compat.py [rest-framework-grid]: https://www.djangopackages.com/grids/g/django-rest-framework/ [drf-create-pr]: https://github.com/encode/django-rest-framework/compare [authentication]: ../api-guide/authentication.md [permissions]: ../api-guide/permissions.md -[third-party-packages]: ../topics/third-party-packages/#existing-third-party-packages +[third-party-packages]: #existing-third-party-packages [discussion-group]: https://groups.google.com/forum/#!forum/django-rest-framework +[drf-auth-kit]: https://github.com/huynguyengl99/drf-auth-kit [djangorestframework-digestauth]: https://github.com/juanriaza/django-rest-framework-digestauth [django-oauth-toolkit]: https://github.com/evonove/django-oauth-toolkit [djangorestframework-jwt]: https://github.com/GetBlimp/django-rest-framework-jwt @@ -242,7 +247,7 @@ To submit new content, [create a pull request][drf-create-pr]. [djangorestframework-dataclasses]: https://github.com/oxan/djangorestframework-dataclasses [django-restql]: https://github.com/yezyilomo/django-restql [djangorestframework-mvt]: https://github.com/corteva/djangorestframework-mvt -[django-rest-framework-guardian2]: https://github.com/johnthagen/django-rest-framework-guardian2 +[django-rest-framework-guardian]: https://github.com/rpkilby/django-rest-framework-guardian [drf-viewset-profiler]: https://github.com/fvlima/drf-viewset-profiler [djangorestframework-features]: https://github.com/cloudcode-hungary/django-rest-framework-features/ [django-elasticsearch-dsl-drf]: https://github.com/barseghyanartur/django-elasticsearch-dsl-drf @@ -259,3 +264,6 @@ To submit new content, [create a pull request][drf-create-pr]. [drf-redesign]: https://github.com/youzarsiph/drf-redesign [drf-material]: https://github.com/youzarsiph/drf-material [django-pyoidc]: https://github.com/makinacorpus/django_pyoidc +[apitally]: https://github.com/apitally/apitally-py +[drf-shapeless-serializers]: https://github.com/khaledsukkar2/drf-shapeless-serializers +[axioms-drf-py]: https://github.com/abhishektiwari/axioms-drf-py diff --git a/docs/index.md b/docs/index.md index d590d2c04..3888880fa 100644 --- a/docs/index.md +++ b/docs/index.md @@ -53,33 +53,7 @@ Some reasons you might want to use REST framework: * [Serialization][serializers] that supports both [ORM][modelserializer-section] and [non-ORM][serializer-section] data sources. * Customizable all the way down - just use [regular function-based views][functionview-section] if you don't need the [more][generic-views] [powerful][viewsets] [features][routers]. * Extensive documentation, and [great community support][group]. -* Used and trusted by internationally recognised companies including [Mozilla][mozilla], [Red Hat][redhat], [Heroku][heroku], and [Eventbrite][eventbrite]. - ---- - -## Funding - -REST framework is a *collaboratively funded project*. If you use -REST framework commercially we strongly encourage you to invest in its -continued development by **[signing up for a paid plan][funding]**. - -*Every single sign-up helps us make REST framework long-term financially sustainable.* - - -
- -*Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage), [Spacinov](https://www.spacinov.com/), [Retool](https://retool.com/?utm_source=djangorest&utm_medium=sponsorship), [bit.io](https://bit.io/jobs?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [PostHog](https://posthog.com?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [CryptAPI](https://cryptapi.io), [FEZTO](https://www.fezto.xyz/?utm_source=DjangoRESTFramework), [Svix](https://www.svix.com/?utm_source=django-REST&utm_medium=sponsorship), , and [Zuplo](https://zuplo.link/django-web).* +* Used and trusted by internationally recognized companies including [Mozilla][mozilla], [Red Hat][redhat], [Heroku][heroku], and [Eventbrite][eventbrite]. --- @@ -88,7 +62,7 @@ continued development by **[signing up for a paid plan][funding]**. REST framework requires the following: * Django (4.2, 5.0, 5.1, 5.2) -* Python (3.9, 3.10, 3.11, 3.12, 3.13) +* Python (3.10, 3.11, 3.12, 3.13, 3.14) We **highly recommend** and only officially support the latest patch release of each Python and Django series. @@ -192,8 +166,6 @@ Framework. For support please see the [REST framework discussion group][group], try the `#restframework` channel on `irc.libera.chat`, or raise a question on [Stack Overflow][stack-overflow], making sure to include the ['django-rest-framework'][django-rest-framework-tag] tag. -For priority support please sign up for a [professional or premium sponsorship plan](https://fund.django-rest-framework.org/topics/funding/). - ## Security **Please report security issues by emailing security@encode.io**. @@ -246,7 +218,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [serializer-section]: api-guide/serializers#serializers [modelserializer-section]: api-guide/serializers#modelserializer [functionview-section]: api-guide/views#function-based-views -[sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors [quickstart]: tutorial/quickstart.md @@ -257,10 +228,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [authentication]: api-guide/authentication.md [contributing]: community/contributing.md -[funding]: community/funding.md [group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework [stack-overflow]: https://stackoverflow.com/ [django-rest-framework-tag]: https://stackoverflow.com/questions/tagged/django-rest-framework [security-mail]: mailto:rest-framework-security@googlegroups.com -[twitter]: https://twitter.com/_tomchristie diff --git a/docs/topics/browsable-api.md b/docs/topics/browsable-api.md index 8cf530b7a..dd2da6877 100644 --- a/docs/topics/browsable-api.md +++ b/docs/topics/browsable-api.md @@ -181,7 +181,7 @@ The context that's available to the template: * `FORMAT_PARAM` : The view can accept a format override * `METHOD_PARAM` : The view can accept a method override -You can override the `BrowsableAPIRenderer.get_context()` method to customise the context that gets passed to the template. +You can override the `BrowsableAPIRenderer.get_context()` method to customize the context that gets passed to the template. #### Not using base.html diff --git a/docs/topics/internationalization.md b/docs/topics/internationalization.md index 2f8f2abf0..5f4b719b5 100644 --- a/docs/topics/internationalization.md +++ b/docs/topics/internationalization.md @@ -60,11 +60,12 @@ If you only wish to support a subset of the available languages, use Django's st ## Adding new translations -REST framework translations are managed online using [Transifex][transifex-project]. You can use the Transifex service to add new translation languages. The maintenance team will then ensure that these translation strings are included in the REST framework package. +REST framework translations are managed on GitHub. You can contribute new translation languages or update existing ones +by following the guidelines in the [Contributing to REST Framework] section and submitting a pull request. Sometimes you may need to add translation strings to your project locally. You may need to do this if: -* You want to use REST Framework in a language which has not been translated yet on Transifex. +* You want to use REST Framework in a language which is not supported by the project. * Your project includes custom error messages, which are not part of REST framework's default translation strings. #### Translating a new language locally @@ -103,10 +104,10 @@ You can find more information on how the language preference is determined in th For API clients the most appropriate of these will typically be to use the `Accept-Language` header; Sessions and cookies will not be available unless using session authentication, and generally better practice to prefer an `Accept-Language` header for API clients rather than using language URL prefixes. [cite]: https://youtu.be/Wa0VfS2q94Y +[Contributing to REST Framework]: ../community/contributing.md#development [django-translation]: https://docs.djangoproject.com/en/stable/topics/i18n/translation [custom-exception-handler]: ../api-guide/exceptions.md#custom-exception-handling -[transifex-project]: https://explore.transifex.com/django-rest-framework-1/django-rest-framework/ -[django-po-source]: https://raw.githubusercontent.com/encode/django-rest-framework/master/rest_framework/locale/en_US/LC_MESSAGES/django.po +[django-po-source]: https://raw.githubusercontent.com/encode/django-rest-framework/main/rest_framework/locale/en_US/LC_MESSAGES/django.po [django-language-preference]: https://docs.djangoproject.com/en/stable/topics/i18n/translation/#how-django-discovers-language-preference [django-locale-paths]: https://docs.djangoproject.com/en/stable/ref/settings/#std:setting-LOCALE_PATHS [django-locale-name]: https://docs.djangoproject.com/en/stable/topics/i18n/#term-locale-name diff --git a/docs/topics/rest-hypermedia-hateoas.md b/docs/topics/rest-hypermedia-hateoas.md index 3498bddd1..c0822b027 100644 --- a/docs/topics/rest-hypermedia-hateoas.md +++ b/docs/topics/rest-hypermedia-hateoas.md @@ -32,7 +32,7 @@ REST framework also includes [serialization] and [parser]/[renderer] components ## What REST framework doesn't provide. -What REST framework doesn't do is give you machine readable hypermedia formats such as [HAL][hal], [Collection+JSON][collection], [JSON API][json-api] or HTML [microformats] by default, or the ability to auto-magically create fully HATEOAS style APIs that include hypermedia-based form descriptions and semantically labelled hyperlinks. Doing so would involve making opinionated choices about API design that should really remain outside of the framework's scope. +What REST framework doesn't do is give you machine readable hypermedia formats such as [HAL][hal], [Collection+JSON][collection], [JSON API][json-api] or HTML [microformats] by default, or the ability to auto-magically create fully HATEOAS style APIs that include hypermedia-based form descriptions and semantically labeled hyperlinks. Doing so would involve making opinionated choices about API design that should really remain outside of the framework's scope. [cite]: https://vimeo.com/channels/restfest/49503453 [dissertation]: https://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm diff --git a/docs/tutorial/1-serialization.md b/docs/tutorial/1-serialization.md index b9bf67acb..99393bbaa 100644 --- a/docs/tutorial/1-serialization.md +++ b/docs/tutorial/1-serialization.md @@ -16,14 +16,18 @@ The tutorial is fairly in-depth, so you should probably get a cookie and a cup o Before we do anything else we'll create a new virtual environment, using [venv]. This will make sure our package configuration is kept nicely isolated from any other projects we're working on. - python3 -m venv env - source env/bin/activate +```bash +python3 -m venv env +source env/bin/activate +``` Now that we're inside a virtual environment, we can install our package requirements. - pip install django - pip install djangorestframework - pip install pygments # We'll be using this for the code highlighting +```bash +pip install django +pip install djangorestframework +pip install pygments # We'll be using this for the code highlighting +``` **Note:** To exit the virtual environment at any time, just type `deactivate`. For more information see the [venv documentation][venv]. @@ -32,21 +36,27 @@ Now that we're inside a virtual environment, we can install our package requirem Okay, we're ready to get coding. To get started, let's create a new project to work with. - cd ~ - django-admin startproject tutorial - cd tutorial +```bash +cd ~ +django-admin startproject tutorial +cd tutorial +``` Once that's done we can create an app that we'll use to create a simple Web API. - python manage.py startapp snippets +```bash +python manage.py startapp snippets +``` We'll need to add our new `snippets` app and the `rest_framework` app to `INSTALLED_APPS`. Let's edit the `tutorial/settings.py` file: - INSTALLED_APPS = [ - ... - 'rest_framework', - 'snippets', - ] +```text +INSTALLED_APPS = [ + ... + 'rest_framework', + 'snippets', +] +``` Okay, we're ready to roll. @@ -54,64 +64,72 @@ Okay, we're ready to roll. For the purposes of this tutorial we're going to start by creating a simple `Snippet` model that is used to store code snippets. Go ahead and edit the `snippets/models.py` file. Note: Good programming practices include comments. Although you will find them in our repository version of this tutorial code, we have omitted them here to focus on the code itself. - from django.db import models - from pygments.lexers import get_all_lexers - from pygments.styles import get_all_styles +```python +from django.db import models +from pygments.lexers import get_all_lexers +from pygments.styles import get_all_styles - LEXERS = [item for item in get_all_lexers() if item[1]] - LANGUAGE_CHOICES = sorted([(item[1][0], item[0]) for item in LEXERS]) - STYLE_CHOICES = sorted([(item, item) for item in get_all_styles()]) +LEXERS = [item for item in get_all_lexers() if item[1]] +LANGUAGE_CHOICES = sorted([(item[1][0], item[0]) for item in LEXERS]) +STYLE_CHOICES = sorted([(item, item) for item in get_all_styles()]) - class Snippet(models.Model): - created = models.DateTimeField(auto_now_add=True) - title = models.CharField(max_length=100, blank=True, default='') - code = models.TextField() - linenos = models.BooleanField(default=False) - language = models.CharField(choices=LANGUAGE_CHOICES, default='python', max_length=100) - style = models.CharField(choices=STYLE_CHOICES, default='friendly', max_length=100) +class Snippet(models.Model): + created = models.DateTimeField(auto_now_add=True) + title = models.CharField(max_length=100, blank=True, default="") + code = models.TextField() + linenos = models.BooleanField(default=False) + language = models.CharField( + choices=LANGUAGE_CHOICES, default="python", max_length=100 + ) + style = models.CharField(choices=STYLE_CHOICES, default="friendly", max_length=100) - class Meta: - ordering = ['created'] + class Meta: + ordering = ["created"] +``` We'll also need to create an initial migration for our snippet model, and sync the database for the first time. - python manage.py makemigrations snippets - python manage.py migrate snippets +```bash +python manage.py makemigrations snippets +python manage.py migrate snippets +``` ## Creating a Serializer class The first thing we need to get started on our Web API is to provide a way of serializing and deserializing the snippet instances into representations such as `json`. We can do this by declaring serializers that work very similar to Django's forms. Create a file in the `snippets` directory named `serializers.py` and add the following. - from rest_framework import serializers - from snippets.models import Snippet, LANGUAGE_CHOICES, STYLE_CHOICES +```python +from rest_framework import serializers +from snippets.models import Snippet, LANGUAGE_CHOICES, STYLE_CHOICES - class SnippetSerializer(serializers.Serializer): - id = serializers.IntegerField(read_only=True) - title = serializers.CharField(required=False, allow_blank=True, max_length=100) - code = serializers.CharField(style={'base_template': 'textarea.html'}) - linenos = serializers.BooleanField(required=False) - language = serializers.ChoiceField(choices=LANGUAGE_CHOICES, default='python') - style = serializers.ChoiceField(choices=STYLE_CHOICES, default='friendly') +class SnippetSerializer(serializers.Serializer): + id = serializers.IntegerField(read_only=True) + title = serializers.CharField(required=False, allow_blank=True, max_length=100) + code = serializers.CharField(style={"base_template": "textarea.html"}) + linenos = serializers.BooleanField(required=False) + language = serializers.ChoiceField(choices=LANGUAGE_CHOICES, default="python") + style = serializers.ChoiceField(choices=STYLE_CHOICES, default="friendly") - def create(self, validated_data): - """ - Create and return a new `Snippet` instance, given the validated data. - """ - return Snippet.objects.create(**validated_data) + def create(self, validated_data): + """ + Create and return a new `Snippet` instance, given the validated data. + """ + return Snippet.objects.create(**validated_data) - def update(self, instance, validated_data): - """ - Update and return an existing `Snippet` instance, given the validated data. - """ - instance.title = validated_data.get('title', instance.title) - instance.code = validated_data.get('code', instance.code) - instance.linenos = validated_data.get('linenos', instance.linenos) - instance.language = validated_data.get('language', instance.language) - instance.style = validated_data.get('style', instance.style) - instance.save() - return instance + def update(self, instance, validated_data): + """ + Update and return an existing `Snippet` instance, given the validated data. + """ + instance.title = validated_data.get("title", instance.title) + instance.code = validated_data.get("code", instance.code) + instance.linenos = validated_data.get("linenos", instance.linenos) + instance.language = validated_data.get("language", instance.language) + instance.style = validated_data.get("style", instance.style) + instance.save() + return instance +``` The first part of the serializer class defines the fields that get serialized/deserialized. The `create()` and `update()` methods define how fully fledged instances are created or modified when calling `serializer.save()` @@ -125,57 +143,71 @@ We can actually also save ourselves some time by using the `ModelSerializer` cla Before we go any further we'll familiarize ourselves with using our new Serializer class. Let's drop into the Django shell. - python manage.py shell +```bash +python manage.py shell +``` Okay, once we've got a few imports out of the way, let's create a couple of code snippets to work with. - from snippets.models import Snippet - from snippets.serializers import SnippetSerializer - from rest_framework.renderers import JSONRenderer - from rest_framework.parsers import JSONParser +```pycon +>>> from snippets.models import Snippet +>>> from snippets.serializers import SnippetSerializer +>>> from rest_framework.renderers import JSONRenderer +>>> from rest_framework.parsers import JSONParser - snippet = Snippet(code='foo = "bar"\n') - snippet.save() +>>> snippet = Snippet(code='foo = "bar"\n') +>>> snippet.save() - snippet = Snippet(code='print("hello, world")\n') - snippet.save() +>>> snippet = Snippet(code='print("hello, world")\n') +>>> snippet.save() +``` We've now got a few snippet instances to play with. Let's take a look at serializing one of those instances. - serializer = SnippetSerializer(snippet) - serializer.data - # {'id': 2, 'title': '', 'code': 'print("hello, world")\n', 'linenos': False, 'language': 'python', 'style': 'friendly'} +```pycon +>>> serializer = SnippetSerializer(snippet) +>>> serializer.data +{'id': 2, 'title': '', 'code': 'print("hello, world")\n', 'linenos': False, 'language': 'python', 'style': 'friendly'} +``` At this point we've translated the model instance into Python native datatypes. To finalize the serialization process we render the data into `json`. - content = JSONRenderer().render(serializer.data) - content - # b'{"id":2,"title":"","code":"print(\\"hello, world\\")\\n","linenos":false,"language":"python","style":"friendly"}' +```pycon +>>> content = JSONRenderer().render(serializer.data) +>>> content +b'{"id":2,"title":"","code":"print(\\"hello, world\\")\\n","linenos":false,"language":"python","style":"friendly"}' +``` Deserialization is similar. First we parse a stream into Python native datatypes... - import io +```pycon +>>> import io - stream = io.BytesIO(content) - data = JSONParser().parse(stream) +>>> stream = io.BytesIO(content) +>>> data = JSONParser().parse(stream) +``` ...then we restore those native datatypes into a fully populated object instance. - serializer = SnippetSerializer(data=data) - serializer.is_valid() - # True - serializer.validated_data - # {'title': '', 'code': 'print("hello, world")', 'linenos': False, 'language': 'python', 'style': 'friendly'} - serializer.save() - # +```pycon +>>> serializer = SnippetSerializer(data=data) +>>> serializer.is_valid() +True +>>> serializer.validated_data +{'title': '', 'code': 'print("hello, world")', 'linenos': False, 'language': 'python', 'style': 'friendly'} +>>> serializer.save() + +``` Notice how similar the API is to working with forms. The similarity should become even more apparent when we start writing views that use our serializer. We can also serialize querysets instead of model instances. To do so we simply add a `many=True` flag to the serializer arguments. - serializer = SnippetSerializer(Snippet.objects.all(), many=True) - serializer.data - # [{'id': 1, 'title': '', 'code': 'foo = "bar"\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}, {'id': 2, 'title': '', 'code': 'print("hello, world")\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}, {'id': 3, 'title': '', 'code': 'print("hello, world")', 'linenos': False, 'language': 'python', 'style': 'friendly'}] +```pycon +>>> serializer = SnippetSerializer(Snippet.objects.all(), many=True) +>>> serializer.data +[{'id': 1, 'title': '', 'code': 'foo = "bar"\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}, {'id': 2, 'title': '', 'code': 'print("hello, world")\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}, {'id': 3, 'title': '', 'code': 'print("hello, world")', 'linenos': False, 'language': 'python', 'style': 'friendly'}] +``` ## Using ModelSerializers @@ -186,23 +218,28 @@ In the same way that Django provides both `Form` classes and `ModelForm` classes Let's look at refactoring our serializer using the `ModelSerializer` class. Open the file `snippets/serializers.py` again, and replace the `SnippetSerializer` class with the following. - class SnippetSerializer(serializers.ModelSerializer): - class Meta: - model = Snippet - fields = ['id', 'title', 'code', 'linenos', 'language', 'style'] +```python +class SnippetSerializer(serializers.ModelSerializer): + class Meta: + model = Snippet + fields = ["id", "title", "code", "linenos", "language", "style"] +``` One nice property that serializers have is that you can inspect all the fields in a serializer instance, by printing its representation. Open the Django shell with `python manage.py shell`, then try the following: - from snippets.serializers import SnippetSerializer - serializer = SnippetSerializer() - print(repr(serializer)) - # SnippetSerializer(): - # id = IntegerField(label='ID', read_only=True) - # title = CharField(allow_blank=True, max_length=100, required=False) - # code = CharField(style={'base_template': 'textarea.html'}) - # linenos = BooleanField(required=False) - # language = ChoiceField(choices=[('Clipper', 'FoxPro'), ('Cucumber', 'Gherkin'), ('RobotFramework', 'RobotFramework'), ('abap', 'ABAP'), ('ada', 'Ada')... - # style = ChoiceField(choices=[('autumn', 'autumn'), ('borland', 'borland'), ('bw', 'bw'), ('colorful', 'colorful')... +```pycon +>>> from snippets.serializers import SnippetSerializer + +>>> serializer = SnippetSerializer() +>>> print(repr(serializer)) +SnippetSerializer(): + id = IntegerField(label='ID', read_only=True) + title = CharField(allow_blank=True, max_length=100, required=False) + code = CharField(style={'base_template': 'textarea.html'}) + linenos = BooleanField(required=False) + language = ChoiceField(choices=[('Clipper', 'FoxPro'), ('Cucumber', 'Gherkin'), ('RobotFramework', 'RobotFramework'), ('abap', 'ABAP'), ('ada', 'Ada')... + style = ChoiceField(choices=[('autumn', 'autumn'), ('borland', 'borland'), ('bw', 'bw'), ('colorful', 'colorful')... +``` It's important to remember that `ModelSerializer` classes don't do anything particularly magical, they are simply a shortcut for creating serializer classes: @@ -216,79 +253,89 @@ For the moment we won't use any of REST framework's other features, we'll just w Edit the `snippets/views.py` file, and add the following. - from django.http import HttpResponse, JsonResponse - from django.views.decorators.csrf import csrf_exempt - from rest_framework.parsers import JSONParser - from snippets.models import Snippet - from snippets.serializers import SnippetSerializer +```python +from django.http import HttpResponse, JsonResponse +from django.views.decorators.csrf import csrf_exempt +from rest_framework.parsers import JSONParser +from snippets.models import Snippet +from snippets.serializers import SnippetSerializer +``` The root of our API is going to be a view that supports listing all the existing snippets, or creating a new snippet. - @csrf_exempt - def snippet_list(request): - """ - List all code snippets, or create a new snippet. - """ - if request.method == 'GET': - snippets = Snippet.objects.all() - serializer = SnippetSerializer(snippets, many=True) - return JsonResponse(serializer.data, safe=False) +```python +@csrf_exempt +def snippet_list(request): + """ + List all code snippets, or create a new snippet. + """ + if request.method == "GET": + snippets = Snippet.objects.all() + serializer = SnippetSerializer(snippets, many=True) + return JsonResponse(serializer.data, safe=False) - elif request.method == 'POST': - data = JSONParser().parse(request) - serializer = SnippetSerializer(data=data) - if serializer.is_valid(): - serializer.save() - return JsonResponse(serializer.data, status=201) - return JsonResponse(serializer.errors, status=400) + elif request.method == "POST": + data = JSONParser().parse(request) + serializer = SnippetSerializer(data=data) + if serializer.is_valid(): + serializer.save() + return JsonResponse(serializer.data, status=201) + return JsonResponse(serializer.errors, status=400) +``` Note that because we want to be able to POST to this view from clients that won't have a CSRF token we need to mark the view as `csrf_exempt`. This isn't something that you'd normally want to do, and REST framework views actually use more sensible behavior than this, but it'll do for our purposes right now. We'll also need a view which corresponds to an individual snippet, and can be used to retrieve, update or delete the snippet. - @csrf_exempt - def snippet_detail(request, pk): - """ - Retrieve, update or delete a code snippet. - """ - try: - snippet = Snippet.objects.get(pk=pk) - except Snippet.DoesNotExist: - return HttpResponse(status=404) +```python +@csrf_exempt +def snippet_detail(request, pk): + """ + Retrieve, update or delete a code snippet. + """ + try: + snippet = Snippet.objects.get(pk=pk) + except Snippet.DoesNotExist: + return HttpResponse(status=404) - if request.method == 'GET': - serializer = SnippetSerializer(snippet) + if request.method == "GET": + serializer = SnippetSerializer(snippet) + return JsonResponse(serializer.data) + + elif request.method == "PUT": + data = JSONParser().parse(request) + serializer = SnippetSerializer(snippet, data=data) + if serializer.is_valid(): + serializer.save() return JsonResponse(serializer.data) + return JsonResponse(serializer.errors, status=400) - elif request.method == 'PUT': - data = JSONParser().parse(request) - serializer = SnippetSerializer(snippet, data=data) - if serializer.is_valid(): - serializer.save() - return JsonResponse(serializer.data) - return JsonResponse(serializer.errors, status=400) - - elif request.method == 'DELETE': - snippet.delete() - return HttpResponse(status=204) + elif request.method == "DELETE": + snippet.delete() + return HttpResponse(status=204) +``` Finally we need to wire these views up. Create the `snippets/urls.py` file: - from django.urls import path - from snippets import views +```python +from django.urls import path +from snippets import views - urlpatterns = [ - path('snippets/', views.snippet_list), - path('snippets//', views.snippet_detail), - ] +urlpatterns = [ + path("snippets/", views.snippet_list), + path("snippets//", views.snippet_detail), +] +``` We also need to wire up the root urlconf, in the `tutorial/urls.py` file, to include our snippet app's URLs. - from django.urls import path, include +```python +from django.urls import path, include - urlpatterns = [ - path('', include('snippets.urls')), - ] +urlpatterns = [ + path("", include("snippets.urls")), +] +``` It's worth noting that there are a couple of edge cases we're not dealing with properly at the moment. If we send malformed `json`, or if a request is made with a method that the view doesn't handle, then we'll end up with a 500 "server error" response. Still, this'll do for now. @@ -298,18 +345,22 @@ Now we can start up a sample server that serves our snippets. Quit out of the shell... - quit() +```pycon +>>> quit() +``` ...and start up Django's development server. - python manage.py runserver +```bash +python manage.py runserver - Validating models... +Validating models... - 0 errors found - Django version 5.0, using settings 'tutorial.settings' - Starting Development server at http://127.0.0.1:8000/ - Quit the server with CONTROL-C. +0 errors found +Django version 5.0, using settings 'tutorial.settings' +Starting Development server at http://127.0.0.1:8000/ +Quit the server with CONTROL-C. +``` In another terminal window, we can test the server. @@ -317,47 +368,26 @@ We can test our API using [curl][curl] or [httpie][httpie]. Httpie is a user fri You can install httpie using pip: - pip install httpie +```bash +pip install httpie +``` Finally, we can get a list of all of the snippets: - http GET http://127.0.0.1:8000/snippets/ --unsorted +```bash +http GET http://127.0.0.1:8000/snippets/ --unsorted - HTTP/1.1 200 OK - ... - [ - { - "id": 1, - "title": "", - "code": "foo = \"bar\"\n", - "linenos": false, - "language": "python", - "style": "friendly" - }, - { - "id": 2, - "title": "", - "code": "print(\"hello, world\")\n", - "linenos": false, - "language": "python", - "style": "friendly" - }, - { - "id": 3, - "title": "", - "code": "print(\"hello, world\")", - "linenos": false, - "language": "python", - "style": "friendly" - } - ] - -Or we can get a particular snippet by referencing its id: - - http GET http://127.0.0.1:8000/snippets/2/ --unsorted - - HTTP/1.1 200 OK - ... +HTTP/1.1 200 OK +... +[ + { + "id": 1, + "title": "", + "code": "foo = \"bar\"\n", + "linenos": false, + "language": "python", + "style": "friendly" + }, { "id": 2, "title": "", @@ -365,7 +395,34 @@ Or we can get a particular snippet by referencing its id: "linenos": false, "language": "python", "style": "friendly" + }, + { + "id": 3, + "title": "", + "code": "print(\"hello, world\")", + "linenos": false, + "language": "python", + "style": "friendly" } +] +``` + +Or we can get a particular snippet by referencing its id: + +```bash +http GET http://127.0.0.1:8000/snippets/2/ --unsorted + +HTTP/1.1 200 OK +... +{ + "id": 2, + "title": "", + "code": "print(\"hello, world\")\n", + "linenos": false, + "language": "python", + "style": "friendly" +} +``` Similarly, you can have the same json displayed by visiting these URLs in a web browser. diff --git a/docs/tutorial/2-requests-and-responses.md b/docs/tutorial/2-requests-and-responses.md index 47c7facfc..fceb118bd 100644 --- a/docs/tutorial/2-requests-and-responses.md +++ b/docs/tutorial/2-requests-and-responses.md @@ -7,14 +7,18 @@ Let's introduce a couple of essential building blocks. REST framework introduces a `Request` object that extends the regular `HttpRequest`, and provides more flexible request parsing. The core functionality of the `Request` object is the `request.data` attribute, which is similar to `request.POST`, but more useful for working with Web APIs. - request.POST # Only handles form data. Only works for 'POST' method. - request.data # Handles arbitrary data. Works for 'POST', 'PUT' and 'PATCH' methods. +```python +request.POST # Only handles form data. Only works for 'POST' method. +request.data # Handles arbitrary data. Works for 'POST', 'PUT' and 'PATCH' methods. +``` ## Response objects REST framework also introduces a `Response` object, which is a type of `TemplateResponse` that takes unrendered content and uses content negotiation to determine the correct content type to return to the client. - return Response(data) # Renders to content type as requested by the client. +```python +return Response(data) # Renders to content type as requested by the client. +``` ## Status codes @@ -35,58 +39,62 @@ The wrappers also provide behavior such as returning `405 Method Not Allowed` re Okay, let's go ahead and start using these new components to refactor our views slightly. - from rest_framework import status - from rest_framework.decorators import api_view - from rest_framework.response import Response - from snippets.models import Snippet - from snippets.serializers import SnippetSerializer +```python +from rest_framework import status +from rest_framework.decorators import api_view +from rest_framework.response import Response +from snippets.models import Snippet +from snippets.serializers import SnippetSerializer - @api_view(['GET', 'POST']) - def snippet_list(request): - """ - List all code snippets, or create a new snippet. - """ - if request.method == 'GET': - snippets = Snippet.objects.all() - serializer = SnippetSerializer(snippets, many=True) - return Response(serializer.data) +@api_view(["GET", "POST"]) +def snippet_list(request): + """ + List all code snippets, or create a new snippet. + """ + if request.method == "GET": + snippets = Snippet.objects.all() + serializer = SnippetSerializer(snippets, many=True) + return Response(serializer.data) - elif request.method == 'POST': - serializer = SnippetSerializer(data=request.data) - if serializer.is_valid(): - serializer.save() - return Response(serializer.data, status=status.HTTP_201_CREATED) - return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + elif request.method == "POST": + serializer = SnippetSerializer(data=request.data) + if serializer.is_valid(): + serializer.save() + return Response(serializer.data, status=status.HTTP_201_CREATED) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) +``` Our instance view is an improvement over the previous example. It's a little more concise, and the code now feels very similar to if we were working with the Forms API. We're also using named status codes, which makes the response meanings more obvious. Here is the view for an individual snippet, in the `views.py` module. - @api_view(['GET', 'PUT', 'DELETE']) - def snippet_detail(request, pk): - """ - Retrieve, update or delete a code snippet. - """ - try: - snippet = Snippet.objects.get(pk=pk) - except Snippet.DoesNotExist: - return Response(status=status.HTTP_404_NOT_FOUND) +```python +@api_view(["GET", "PUT", "DELETE"]) +def snippet_detail(request, pk): + """ + Retrieve, update or delete a code snippet. + """ + try: + snippet = Snippet.objects.get(pk=pk) + except Snippet.DoesNotExist: + return Response(status=status.HTTP_404_NOT_FOUND) - if request.method == 'GET': - serializer = SnippetSerializer(snippet) + if request.method == "GET": + serializer = SnippetSerializer(snippet) + return Response(serializer.data) + + elif request.method == "PUT": + serializer = SnippetSerializer(snippet, data=request.data) + if serializer.is_valid(): + serializer.save() return Response(serializer.data) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) - elif request.method == 'PUT': - serializer = SnippetSerializer(snippet, data=request.data) - if serializer.is_valid(): - serializer.save() - return Response(serializer.data) - return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) - - elif request.method == 'DELETE': - snippet.delete() - return Response(status=status.HTTP_204_NO_CONTENT) + elif request.method == "DELETE": + snippet.delete() + return Response(status=status.HTTP_204_NO_CONTENT) +``` This should all feel very familiar - it is not a lot different from working with regular Django views. @@ -94,28 +102,27 @@ Notice that we're no longer explicitly tying our requests or responses to a give ## Adding optional format suffixes to our URLs -To take advantage of the fact that our responses are no longer hardwired to a single content type let's add support for format suffixes to our API endpoints. Using format suffixes gives us URLs that explicitly refer to a given format, and means our API will be able to handle URLs such as [http://example.com/api/items/4.json][json-url]. +To take advantage of the fact that our responses are no longer hardwired to a single content type let's add support for format suffixes to our API endpoints. Using format suffixes gives us URLs that explicitly refer to a given format, and means our API will be able to handle URLs such as [][json-url]. Start by adding a `format` keyword argument to both of the views, like so. - - def snippet_list(request, format=None): - +`def snippet_list(request, format=None):` and - - def snippet_detail(request, pk, format=None): +`def snippet_detail(request, pk, format=None):` Now update the `snippets/urls.py` file slightly, to append a set of `format_suffix_patterns` in addition to the existing URLs. - from django.urls import path - from rest_framework.urlpatterns import format_suffix_patterns - from snippets import views +```python +from django.urls import path +from rest_framework.urlpatterns import format_suffix_patterns +from snippets import views - urlpatterns = [ - path('snippets/', views.snippet_list), - path('snippets//', views.snippet_detail), - ] +urlpatterns = [ + path("snippets/", views.snippet_list), + path("snippets//", views.snippet_detail), +] - urlpatterns = format_suffix_patterns(urlpatterns) +urlpatterns = format_suffix_patterns(urlpatterns) +``` We don't necessarily need to add these extra url patterns in, but it gives us a simple, clean way of referring to a specific format. @@ -125,68 +132,76 @@ Go ahead and test the API from the command line, as we did in [tutorial part 1][ We can get a list of all of the snippets, as before. - http http://127.0.0.1:8000/snippets/ +```bash +http http://127.0.0.1:8000/snippets/ - HTTP/1.1 200 OK - ... - [ - { - "id": 1, - "title": "", - "code": "foo = \"bar\"\n", - "linenos": false, - "language": "python", - "style": "friendly" - }, - { - "id": 2, - "title": "", - "code": "print(\"hello, world\")\n", - "linenos": false, - "language": "python", - "style": "friendly" - } - ] +HTTP/1.1 200 OK +... +[ + { + "id": 1, + "title": "", + "code": "foo = \"bar\"\n", + "linenos": false, + "language": "python", + "style": "friendly" + }, + { + "id": 2, + "title": "", + "code": "print(\"hello, world\")\n", + "linenos": false, + "language": "python", + "style": "friendly" + } +] +``` We can control the format of the response that we get back, either by using the `Accept` header: - http http://127.0.0.1:8000/snippets/ Accept:application/json # Request JSON - http http://127.0.0.1:8000/snippets/ Accept:text/html # Request HTML +```bash +http http://127.0.0.1:8000/snippets/ Accept:application/json # Request JSON +http http://127.0.0.1:8000/snippets/ Accept:text/html # Request HTML +``` Or by appending a format suffix: - http http://127.0.0.1:8000/snippets.json # JSON suffix - http http://127.0.0.1:8000/snippets.api # Browsable API suffix +```bash +http http://127.0.0.1:8000/snippets.json # JSON suffix +http http://127.0.0.1:8000/snippets.api # Browsable API suffix +``` Similarly, we can control the format of the request that we send, using the `Content-Type` header. - # POST using form data - http --form POST http://127.0.0.1:8000/snippets/ code="print(123)" +```bash +# POST using form data +http --form POST http://127.0.0.1:8000/snippets/ code="print(123)" - { - "id": 3, - "title": "", - "code": "print(123)", - "linenos": false, - "language": "python", - "style": "friendly" - } +{ + "id": 3, + "title": "", + "code": "print(123)", + "linenos": false, + "language": "python", + "style": "friendly" +} - # POST using JSON - http --json POST http://127.0.0.1:8000/snippets/ code="print(456)" +# POST using JSON +http --json POST http://127.0.0.1:8000/snippets/ code="print(456)" - { - "id": 4, - "title": "", - "code": "print(456)", - "linenos": false, - "language": "python", - "style": "friendly" - } +{ + "id": 4, + "title": "", + "code": "print(456)", + "linenos": false, + "language": "python", + "style": "friendly" +} +``` If you add a `--debug` switch to the `http` requests above, you will be able to see the request type in request headers. -Now go and open the API in a web browser, by visiting [http://127.0.0.1:8000/snippets/][devserver]. +Now go and open the API in a web browser, by visiting [][devserver]. ### Browsability diff --git a/docs/tutorial/3-class-based-views.md b/docs/tutorial/3-class-based-views.md index ccfcd095d..59aee8813 100644 --- a/docs/tutorial/3-class-based-views.md +++ b/docs/tutorial/3-class-based-views.md @@ -6,74 +6,82 @@ We can also write our API views using class-based views, rather than function ba We'll start by rewriting the root view as a class-based view. All this involves is a little bit of refactoring of `views.py`. - from snippets.models import Snippet - from snippets.serializers import SnippetSerializer - from django.http import Http404 - from rest_framework.views import APIView - from rest_framework.response import Response - from rest_framework import status +```python +from snippets.models import Snippet +from snippets.serializers import SnippetSerializer +from django.http import Http404 +from rest_framework.views import APIView +from rest_framework.response import Response +from rest_framework import status - class SnippetList(APIView): - """ - List all snippets, or create a new snippet. - """ - def get(self, request, format=None): - snippets = Snippet.objects.all() - serializer = SnippetSerializer(snippets, many=True) - return Response(serializer.data) +class SnippetList(APIView): + """ + List all snippets, or create a new snippet. + """ - def post(self, request, format=None): - serializer = SnippetSerializer(data=request.data) - if serializer.is_valid(): - serializer.save() - return Response(serializer.data, status=status.HTTP_201_CREATED) - return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) + def get(self, request, format=None): + snippets = Snippet.objects.all() + serializer = SnippetSerializer(snippets, many=True) + return Response(serializer.data) + + def post(self, request, format=None): + serializer = SnippetSerializer(data=request.data) + if serializer.is_valid(): + serializer.save() + return Response(serializer.data, status=status.HTTP_201_CREATED) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) +``` So far, so good. It looks pretty similar to the previous case, but we've got better separation between the different HTTP methods. We'll also need to update the instance view in `views.py`. - class SnippetDetail(APIView): - """ - Retrieve, update or delete a snippet instance. - """ - def get_object(self, pk): - try: - return Snippet.objects.get(pk=pk) - except Snippet.DoesNotExist: - raise Http404 +```python +class SnippetDetail(APIView): + """ + Retrieve, update or delete a snippet instance. + """ - def get(self, request, pk, format=None): - snippet = self.get_object(pk) - serializer = SnippetSerializer(snippet) + def get_object(self, pk): + try: + return Snippet.objects.get(pk=pk) + except Snippet.DoesNotExist: + raise Http404 + + def get(self, request, pk, format=None): + snippet = self.get_object(pk) + serializer = SnippetSerializer(snippet) + return Response(serializer.data) + + def put(self, request, pk, format=None): + snippet = self.get_object(pk) + serializer = SnippetSerializer(snippet, data=request.data) + if serializer.is_valid(): + serializer.save() return Response(serializer.data) + return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) - def put(self, request, pk, format=None): - snippet = self.get_object(pk) - serializer = SnippetSerializer(snippet, data=request.data) - if serializer.is_valid(): - serializer.save() - return Response(serializer.data) - return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) - - def delete(self, request, pk, format=None): - snippet = self.get_object(pk) - snippet.delete() - return Response(status=status.HTTP_204_NO_CONTENT) + def delete(self, request, pk, format=None): + snippet = self.get_object(pk) + snippet.delete() + return Response(status=status.HTTP_204_NO_CONTENT) +``` That's looking good. Again, it's still pretty similar to the function based view right now. We'll also need to refactor our `snippets/urls.py` slightly now that we're using class-based views. - from django.urls import path - from rest_framework.urlpatterns import format_suffix_patterns - from snippets import views +```python +from django.urls import path +from rest_framework.urlpatterns import format_suffix_patterns +from snippets import views - urlpatterns = [ - path('snippets/', views.SnippetList.as_view()), - path('snippets//', views.SnippetDetail.as_view()), - ] +urlpatterns = [ + path("snippets/", views.SnippetList.as_view()), + path("snippets//", views.SnippetDetail.as_view()), +] - urlpatterns = format_suffix_patterns(urlpatterns) +urlpatterns = format_suffix_patterns(urlpatterns) +``` Okay, we're done. If you run the development server everything should be working just as before. @@ -85,42 +93,49 @@ The create/retrieve/update/delete operations that we've been using so far are go Let's take a look at how we can compose the views by using the mixin classes. Here's our `views.py` module again. - from snippets.models import Snippet - from snippets.serializers import SnippetSerializer - from rest_framework import mixins - from rest_framework import generics +```python +from snippets.models import Snippet +from snippets.serializers import SnippetSerializer +from rest_framework import mixins +from rest_framework import generics - class SnippetList(mixins.ListModelMixin, - mixins.CreateModelMixin, - generics.GenericAPIView): - queryset = Snippet.objects.all() - serializer_class = SnippetSerializer - def get(self, request, *args, **kwargs): - return self.list(request, *args, **kwargs) +class SnippetList( + mixins.ListModelMixin, mixins.CreateModelMixin, generics.GenericAPIView +): + queryset = Snippet.objects.all() + serializer_class = SnippetSerializer - def post(self, request, *args, **kwargs): - return self.create(request, *args, **kwargs) + def get(self, request, *args, **kwargs): + return self.list(request, *args, **kwargs) + + def post(self, request, *args, **kwargs): + return self.create(request, *args, **kwargs) +``` We'll take a moment to examine exactly what's happening here. We're building our view using `GenericAPIView`, and adding in `ListModelMixin` and `CreateModelMixin`. The base class provides the core functionality, and the mixin classes provide the `.list()` and `.create()` actions. We're then explicitly binding the `get` and `post` methods to the appropriate actions. Simple enough stuff so far. - class SnippetDetail(mixins.RetrieveModelMixin, - mixins.UpdateModelMixin, - mixins.DestroyModelMixin, - generics.GenericAPIView): - queryset = Snippet.objects.all() - serializer_class = SnippetSerializer +```python +class SnippetDetail( + mixins.RetrieveModelMixin, + mixins.UpdateModelMixin, + mixins.DestroyModelMixin, + generics.GenericAPIView, +): + queryset = Snippet.objects.all() + serializer_class = SnippetSerializer - def get(self, request, *args, **kwargs): - return self.retrieve(request, *args, **kwargs) + def get(self, request, *args, **kwargs): + return self.retrieve(request, *args, **kwargs) - def put(self, request, *args, **kwargs): - return self.update(request, *args, **kwargs) + def put(self, request, *args, **kwargs): + return self.update(request, *args, **kwargs) - def delete(self, request, *args, **kwargs): - return self.destroy(request, *args, **kwargs) + def delete(self, request, *args, **kwargs): + return self.destroy(request, *args, **kwargs) +``` Pretty similar. Again we're using the `GenericAPIView` class to provide the core functionality, and adding in mixins to provide the `.retrieve()`, `.update()` and `.destroy()` actions. @@ -128,19 +143,21 @@ Pretty similar. Again we're using the `GenericAPIView` class to provide the cor Using the mixin classes we've rewritten the views to use slightly less code than before, but we can go one step further. REST framework provides a set of already mixed-in generic views that we can use to trim down our `views.py` module even more. - from snippets.models import Snippet - from snippets.serializers import SnippetSerializer - from rest_framework import generics +```python +from snippets.models import Snippet +from snippets.serializers import SnippetSerializer +from rest_framework import generics - class SnippetList(generics.ListCreateAPIView): - queryset = Snippet.objects.all() - serializer_class = SnippetSerializer +class SnippetList(generics.ListCreateAPIView): + queryset = Snippet.objects.all() + serializer_class = SnippetSerializer - class SnippetDetail(generics.RetrieveUpdateDestroyAPIView): - queryset = Snippet.objects.all() - serializer_class = SnippetSerializer +class SnippetDetail(generics.RetrieveUpdateDestroyAPIView): + queryset = Snippet.objects.all() + serializer_class = SnippetSerializer +``` Wow, that's pretty concise. We've gotten a huge amount for free, and our code looks like good, clean, idiomatic Django. diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md index cb0321ea2..cb5eef469 100644 --- a/docs/tutorial/4-authentication-and-permissions.md +++ b/docs/tutorial/4-authentication-and-permissions.md @@ -14,81 +14,103 @@ First, let's add a couple of fields. One of those fields will be used to repres Add the following two fields to the `Snippet` model in `models.py`. - owner = models.ForeignKey('auth.User', related_name='snippets', on_delete=models.CASCADE) - highlighted = models.TextField() +```python +owner = models.ForeignKey( + "auth.User", related_name="snippets", on_delete=models.CASCADE +) +highlighted = models.TextField() +``` We'd also need to make sure that when the model is saved, that we populate the highlighted field, using the `pygments` code highlighting library. We'll need some extra imports: - from pygments.lexers import get_lexer_by_name - from pygments.formatters.html import HtmlFormatter - from pygments import highlight +```python +from pygments.lexers import get_lexer_by_name +from pygments.formatters.html import HtmlFormatter +from pygments import highlight +``` And now we can add a `.save()` method to our model class: - def save(self, *args, **kwargs): - """ - Use the `pygments` library to create a highlighted HTML - representation of the code snippet. - """ - lexer = get_lexer_by_name(self.language) - linenos = 'table' if self.linenos else False - options = {'title': self.title} if self.title else {} - formatter = HtmlFormatter(style=self.style, linenos=linenos, - full=True, **options) - self.highlighted = highlight(self.code, lexer, formatter) - super().save(*args, **kwargs) +```python +def save(self, *args, **kwargs): + """ + Use the `pygments` library to create a highlighted HTML + representation of the code snippet. + """ + lexer = get_lexer_by_name(self.language) + linenos = "table" if self.linenos else False + options = {"title": self.title} if self.title else {} + formatter = HtmlFormatter(style=self.style, linenos=linenos, full=True, **options) + self.highlighted = highlight(self.code, lexer, formatter) + super().save(*args, **kwargs) +``` When that's all done we'll need to update our database tables. Normally we'd create a database migration in order to do that, but for the purposes of this tutorial, let's just delete the database and start again. - rm -f db.sqlite3 - rm -r snippets/migrations - python manage.py makemigrations snippets - python manage.py migrate +```bash +rm -f db.sqlite3 +rm -r snippets/migrations +python manage.py makemigrations snippets +python manage.py migrate +``` You might also want to create a few different users, to use for testing the API. The quickest way to do this will be with the `createsuperuser` command. - python manage.py createsuperuser +```bash +python manage.py createsuperuser +``` ## Adding endpoints for our User models Now that we've got some users to work with, we'd better add representations of those users to our API. Creating a new serializer is easy. In `serializers.py` add: - from django.contrib.auth.models import User +```python +from django.contrib.auth.models import User - class UserSerializer(serializers.ModelSerializer): - snippets = serializers.PrimaryKeyRelatedField(many=True, queryset=Snippet.objects.all()) - class Meta: - model = User - fields = ['id', 'username', 'snippets'] +class UserSerializer(serializers.ModelSerializer): + snippets = serializers.PrimaryKeyRelatedField( + many=True, queryset=Snippet.objects.all() + ) + + class Meta: + model = User + fields = ["id", "username", "snippets"] +``` Because `'snippets'` is a *reverse* relationship on the User model, it will not be included by default when using the `ModelSerializer` class, so we needed to add an explicit field for it. We'll also add a couple of views to `views.py`. We'd like to just use read-only views for the user representations, so we'll use the `ListAPIView` and `RetrieveAPIView` generic class-based views. - from django.contrib.auth.models import User +```python +from django.contrib.auth.models import User - class UserList(generics.ListAPIView): - queryset = User.objects.all() - serializer_class = UserSerializer +class UserList(generics.ListAPIView): + queryset = User.objects.all() + serializer_class = UserSerializer - class UserDetail(generics.RetrieveAPIView): - queryset = User.objects.all() - serializer_class = UserSerializer +class UserDetail(generics.RetrieveAPIView): + queryset = User.objects.all() + serializer_class = UserSerializer +``` Make sure to also import the `UserSerializer` class - from snippets.serializers import UserSerializer +```python +from snippets.serializers import UserSerializer +``` Finally we need to add those views into the API, by referencing them from the URL conf. Add the following to the patterns in `snippets/urls.py`. - path('users/', views.UserList.as_view()), - path('users//', views.UserDetail.as_view()), +```python +path("users/", views.UserList.as_view()), +path("users//", views.UserDetail.as_view()), +``` ## Associating Snippets with Users @@ -98,8 +120,10 @@ The way we deal with that is by overriding a `.perform_create()` method on our s On the `SnippetList` view class, add the following method: - def perform_create(self, serializer): - serializer.save(owner=self.request.user) +```python +def perform_create(self, serializer): + serializer.save(owner=self.request.user) +``` The `create()` method of our serializer will now be passed an additional `'owner'` field, along with the validated data from the request. @@ -107,7 +131,9 @@ The `create()` method of our serializer will now be passed an additional `'owner Now that snippets are associated with the user that created them, let's update our `SnippetSerializer` to reflect that. Add the following field to the serializer definition in `serializers.py`: - owner = serializers.ReadOnlyField(source='owner.username') +```python +owner = serializers.ReadOnlyField(source="owner.username") +``` **Note**: Make sure you also add `'owner',` to the list of fields in the inner `Meta` class. @@ -123,11 +149,15 @@ REST framework includes a number of permission classes that we can use to restri First add the following import in the views module - from rest_framework import permissions +```python +from rest_framework import permissions +``` Then, add the following property to **both** the `SnippetList` and `SnippetDetail` view classes. - permission_classes = [permissions.IsAuthenticatedOrReadOnly] +```python +permission_classes = [permissions.IsAuthenticatedOrReadOnly] +``` ## Adding login to the Browsable API @@ -137,13 +167,17 @@ We can add a login view for use with the browsable API, by editing the URLconf i Add the following import at the top of the file: - from django.urls import path, include +```python +from django.urls import path, include +``` And, at the end of the file, add a pattern to include the login and logout views for the browsable API. - urlpatterns += [ - path('api-auth/', include('rest_framework.urls')), - ] +```python +urlpatterns += [ + path("api-auth/", include("rest_framework.urls")), +] +``` The `'api-auth/'` part of pattern can actually be whatever URL you want to use. @@ -159,31 +193,36 @@ To do that we're going to need to create a custom permission. In the snippets app, create a new file, `permissions.py` - from rest_framework import permissions +```python +from rest_framework import permissions - class IsOwnerOrReadOnly(permissions.BasePermission): - """ - Custom permission to only allow owners of an object to edit it. - """ +class IsOwnerOrReadOnly(permissions.BasePermission): + """ + Custom permission to only allow owners of an object to edit it. + """ - def has_object_permission(self, request, view, obj): - # Read permissions are allowed to any request, - # so we'll always allow GET, HEAD or OPTIONS requests. - if request.method in permissions.SAFE_METHODS: - return True + def has_object_permission(self, request, view, obj): + # Read permissions are allowed to any request, + # so we'll always allow GET, HEAD or OPTIONS requests. + if request.method in permissions.SAFE_METHODS: + return True - # Write permissions are only allowed to the owner of the snippet. - return obj.owner == request.user + # Write permissions are only allowed to the owner of the snippet. + return obj.owner == request.user +``` Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` view class: - permission_classes = [permissions.IsAuthenticatedOrReadOnly, - IsOwnerOrReadOnly] +```python +permission_classes = [permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly] +``` Make sure to also import the `IsOwnerOrReadOnly` class. - from snippets.permissions import IsOwnerOrReadOnly +```python +from snippets.permissions import IsOwnerOrReadOnly +``` Now, if you open a browser again, you find that the 'DELETE' and 'PUT' actions only appear on a snippet instance endpoint if you're logged in as the same user that created the code snippet. @@ -197,25 +236,29 @@ If we're interacting with the API programmatically we need to explicitly provide If we try to create a snippet without authenticating, we'll get an error: - http POST http://127.0.0.1:8000/snippets/ code="print(123)" +```bash +http POST http://127.0.0.1:8000/snippets/ code="print(123)" - { - "detail": "Authentication credentials were not provided." - } +{ + "detail": "Authentication credentials were not provided." +} +``` We can make a successful request by including the username and password of one of the users we created earlier. - http -a admin:password123 POST http://127.0.0.1:8000/snippets/ code="print(789)" +```bash +http -a admin:password123 POST http://127.0.0.1:8000/snippets/ code="print(789)" - { - "id": 1, - "owner": "admin", - "title": "foo", - "code": "print(789)", - "linenos": false, - "language": "python", - "style": "friendly" - } +{ + "id": 1, + "owner": "admin", + "title": "foo", + "code": "print(789)", + "linenos": false, + "language": "python", + "style": "friendly" +} +``` ## Summary diff --git a/docs/tutorial/5-relationships-and-hyperlinked-apis.md b/docs/tutorial/5-relationships-and-hyperlinked-apis.md index f999fdf50..3800c168b 100644 --- a/docs/tutorial/5-relationships-and-hyperlinked-apis.md +++ b/docs/tutorial/5-relationships-and-hyperlinked-apis.md @@ -6,17 +6,21 @@ At the moment relationships within our API are represented by using primary keys Right now we have endpoints for 'snippets' and 'users', but we don't have a single entry point to our API. To create one, we'll use a regular function-based view and the `@api_view` decorator we introduced earlier. In your `snippets/views.py` add: - from rest_framework.decorators import api_view - from rest_framework.response import Response - from rest_framework.reverse import reverse +```python +from rest_framework.decorators import api_view +from rest_framework.response import Response +from rest_framework.reverse import reverse - @api_view(['GET']) - def api_root(request, format=None): - return Response({ - 'users': reverse('user-list', request=request, format=format), - 'snippets': reverse('snippet-list', request=request, format=format) - }) +@api_view(["GET"]) +def api_root(request, format=None): + return Response( + { + "users": reverse("user-list", request=request, format=format), + "snippets": reverse("snippet-list", request=request, format=format), + } + ) +``` Two things should be noticed here. First, we're using REST framework's `reverse` function in order to return fully-qualified URLs; second, URL patterns are identified by convenience names that we will declare later on in our `snippets/urls.py`. @@ -30,24 +34,31 @@ The other thing we need to consider when creating the code highlight view is tha Instead of using a concrete generic view, we'll use the base class for representing instances, and create our own `.get()` method. In your `snippets/views.py` add: - from rest_framework import renderers +```python +from rest_framework import renderers - class SnippetHighlight(generics.GenericAPIView): - queryset = Snippet.objects.all() - renderer_classes = [renderers.StaticHTMLRenderer] - def get(self, request, *args, **kwargs): - snippet = self.get_object() - return Response(snippet.highlighted) +class SnippetHighlight(generics.GenericAPIView): + queryset = Snippet.objects.all() + renderer_classes = [renderers.StaticHTMLRenderer] + + def get(self, request, *args, **kwargs): + snippet = self.get_object() + return Response(snippet.highlighted) +``` As usual we need to add the new views that we've created in to our URLconf. We'll add a url pattern for our new API root in `snippets/urls.py`: - path('', views.api_root), +```python +path("", views.api_root), +``` And then add a url pattern for the snippet highlights: - path('snippets//highlight/', views.SnippetHighlight.as_view()), +```python +path("snippets//highlight/", views.SnippetHighlight.as_view()), +``` ## Hyperlinking our API @@ -73,27 +84,62 @@ The `HyperlinkedModelSerializer` has the following differences from `ModelSerial We can easily re-write our existing serializers to use hyperlinking. In your `snippets/serializers.py` add: - class SnippetSerializer(serializers.HyperlinkedModelSerializer): - owner = serializers.ReadOnlyField(source='owner.username') - highlight = serializers.HyperlinkedIdentityField(view_name='snippet-highlight', format='html') +```python +class SnippetSerializer(serializers.HyperlinkedModelSerializer): + owner = serializers.ReadOnlyField(source="owner.username") + highlight = serializers.HyperlinkedIdentityField( + view_name="snippet-highlight", format="html" + ) - class Meta: - model = Snippet - fields = ['url', 'id', 'highlight', 'owner', - 'title', 'code', 'linenos', 'language', 'style'] + class Meta: + model = Snippet + fields = [ + "url", + "id", + "highlight", + "owner", + "title", + "code", + "linenos", + "language", + "style", + ] - class UserSerializer(serializers.HyperlinkedModelSerializer): - snippets = serializers.HyperlinkedRelatedField(many=True, view_name='snippet-detail', read_only=True) +class UserSerializer(serializers.HyperlinkedModelSerializer): + snippets = serializers.HyperlinkedRelatedField( + many=True, view_name="snippet-detail", read_only=True + ) - class Meta: - model = User - fields = ['url', 'id', 'username', 'snippets'] + class Meta: + model = User + fields = ["url", "id", "username", "snippets"] +``` Notice that we've also added a new `'highlight'` field. This field is of the same type as the `url` field, except that it points to the `'snippet-highlight'` url pattern, instead of the `'snippet-detail'` url pattern. Because we've included format suffixed URLs such as `'.json'`, we also need to indicate on the `highlight` field that any format suffixed hyperlinks it returns should use the `'.html'` suffix. +--- + +**Note:** + +When you are manually instantiating these serializers inside your views (e.g., in `SnippetDetail` or `SnippetList`), you **must** pass `context={'request': request}` so the serializer knows how to build absolute URLs. For example, instead of: + +```python +serializer = SnippetSerializer(snippet) +``` + +You must write: + +```python +serializer = SnippetSerializer(snippet, context={"request": request}) +``` + +If your view is a subclass of `GenericAPIView`, you may use the `get_serializer_context()` as a convenience method. + +--- + ## Making sure our URL patterns are named If we're going to have a hyperlinked API, we need to make sure we name our URL patterns. Let's take a look at which URL patterns we need to name. @@ -105,29 +151,29 @@ If we're going to have a hyperlinked API, we need to make sure we name our URL p After adding all those names into our URLconf, our final `snippets/urls.py` file should look like this: - from django.urls import path - from rest_framework.urlpatterns import format_suffix_patterns - from snippets import views +```python +from django.urls import path +from rest_framework.urlpatterns import format_suffix_patterns +from snippets import views - # API endpoints - urlpatterns = format_suffix_patterns([ - path('', views.api_root), - path('snippets/', - views.SnippetList.as_view(), - name='snippet-list'), - path('snippets//', - views.SnippetDetail.as_view(), - name='snippet-detail'), - path('snippets//highlight/', +# API endpoints +urlpatterns = format_suffix_patterns( + [ + path("", views.api_root), + path("snippets/", views.SnippetList.as_view(), name="snippet-list"), + path( + "snippets//", views.SnippetDetail.as_view(), name="snippet-detail" + ), + path( + "snippets//highlight/", views.SnippetHighlight.as_view(), - name='snippet-highlight'), - path('users/', - views.UserList.as_view(), - name='user-list'), - path('users//', - views.UserDetail.as_view(), - name='user-detail') - ]) + name="snippet-highlight", + ), + path("users/", views.UserList.as_view(), name="user-list"), + path("users//", views.UserDetail.as_view(), name="user-detail"), + ] +) +``` ## Adding pagination @@ -135,10 +181,12 @@ The list views for users and code snippets could end up returning quite a lot of We can change the default list style to use pagination, by modifying our `tutorial/settings.py` file slightly. Add the following setting: - REST_FRAMEWORK = { - 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', - 'PAGE_SIZE': 10 - } +```python +REST_FRAMEWORK = { + "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination", + "PAGE_SIZE": 10, +} +``` Note that settings in REST framework are all namespaced into a single dictionary setting, named `REST_FRAMEWORK`, which helps keep them well separated from your other project settings. diff --git a/docs/tutorial/6-viewsets-and-routers.md b/docs/tutorial/6-viewsets-and-routers.md index 6fa2111e7..2c6760a54 100644 --- a/docs/tutorial/6-viewsets-and-routers.md +++ b/docs/tutorial/6-viewsets-and-routers.md @@ -12,45 +12,50 @@ Let's take our current set of views, and refactor them into view sets. First of all let's refactor our `UserList` and `UserDetail` classes into a single `UserViewSet` class. In the `snippets/views.py` file, we can remove the two view classes and replace them with a single ViewSet class: - from rest_framework import viewsets +```python +from rest_framework import viewsets - class UserViewSet(viewsets.ReadOnlyModelViewSet): - """ - This viewset automatically provides `list` and `retrieve` actions. - """ - queryset = User.objects.all() - serializer_class = UserSerializer +class UserViewSet(viewsets.ReadOnlyModelViewSet): + """ + This viewset automatically provides `list` and `retrieve` actions. + """ + + queryset = User.objects.all() + serializer_class = UserSerializer +``` Here we've used the `ReadOnlyModelViewSet` class to automatically provide the default 'read-only' operations. We're still setting the `queryset` and `serializer_class` attributes exactly as we did when we were using regular views, but we no longer need to provide the same information to two separate classes. Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighlight` view classes. We can remove the three views, and again replace them with a single class. - from rest_framework import permissions - from rest_framework import renderers - from rest_framework.decorators import action - from rest_framework.response import Response +```python +from rest_framework import permissions +from rest_framework import renderers +from rest_framework.decorators import action +from rest_framework.response import Response - class SnippetViewSet(viewsets.ModelViewSet): - """ - This ViewSet automatically provides `list`, `create`, `retrieve`, - `update` and `destroy` actions. +class SnippetViewSet(viewsets.ModelViewSet): + """ + This ViewSet automatically provides `list`, `create`, `retrieve`, + `update` and `destroy` actions. - Additionally we also provide an extra `highlight` action. - """ - queryset = Snippet.objects.all() - serializer_class = SnippetSerializer - permission_classes = [permissions.IsAuthenticatedOrReadOnly, - IsOwnerOrReadOnly] + Additionally we also provide an extra `highlight` action. + """ - @action(detail=True, renderer_classes=[renderers.StaticHTMLRenderer]) - def highlight(self, request, *args, **kwargs): - snippet = self.get_object() - return Response(snippet.highlighted) + queryset = Snippet.objects.all() + serializer_class = SnippetSerializer + permission_classes = [permissions.IsAuthenticatedOrReadOnly, IsOwnerOrReadOnly] - def perform_create(self, serializer): - serializer.save(owner=self.request.user) + @action(detail=True, renderer_classes=[renderers.StaticHTMLRenderer]) + def highlight(self, request, *args, **kwargs): + snippet = self.get_object() + return Response(snippet.highlighted) + + def perform_create(self, serializer): + serializer.save(owner=self.request.user) +``` This time we've used the `ModelViewSet` class in order to get the complete set of default read and write operations. @@ -67,42 +72,40 @@ To see what's going on under the hood let's first explicitly create a set of vie In the `snippets/urls.py` file we bind our `ViewSet` classes into a set of concrete views. - from rest_framework import renderers +```python +from rest_framework import renderers - from snippets.views import api_root, SnippetViewSet, UserViewSet +from snippets.views import api_root, SnippetViewSet, UserViewSet - snippet_list = SnippetViewSet.as_view({ - 'get': 'list', - 'post': 'create' - }) - snippet_detail = SnippetViewSet.as_view({ - 'get': 'retrieve', - 'put': 'update', - 'patch': 'partial_update', - 'delete': 'destroy' - }) - snippet_highlight = SnippetViewSet.as_view({ - 'get': 'highlight' - }, renderer_classes=[renderers.StaticHTMLRenderer]) - user_list = UserViewSet.as_view({ - 'get': 'list' - }) - user_detail = UserViewSet.as_view({ - 'get': 'retrieve' - }) +snippet_list = SnippetViewSet.as_view({"get": "list", "post": "create"}) +snippet_detail = SnippetViewSet.as_view( + {"get": "retrieve", "put": "update", "patch": "partial_update", "delete": "destroy"} +) +snippet_highlight = SnippetViewSet.as_view( + {"get": "highlight"}, renderer_classes=[renderers.StaticHTMLRenderer] +) +user_list = UserViewSet.as_view({"get": "list"}) +user_detail = UserViewSet.as_view({"get": "retrieve"}) +``` Notice how we're creating multiple views from each `ViewSet` class, by binding the HTTP methods to the required action for each view. Now that we've bound our resources into concrete views, we can register the views with the URL conf as usual. - urlpatterns = format_suffix_patterns([ - path('', api_root), - path('snippets/', snippet_list, name='snippet-list'), - path('snippets//', snippet_detail, name='snippet-detail'), - path('snippets//highlight/', snippet_highlight, name='snippet-highlight'), - path('users/', user_list, name='user-list'), - path('users//', user_detail, name='user-detail') - ]) +```python +urlpatterns = format_suffix_patterns( + [ + path("", api_root), + path("snippets/", snippet_list, name="snippet-list"), + path("snippets//", snippet_detail, name="snippet-detail"), + path( + "snippets//highlight/", snippet_highlight, name="snippet-highlight" + ), + path("users/", user_list, name="user-list"), + path("users//", user_detail, name="user-detail"), + ] +) +``` ## Using Routers @@ -110,20 +113,22 @@ Because we're using `ViewSet` classes rather than `View` classes, we actually do Here's our re-wired `snippets/urls.py` file. - from django.urls import path, include - from rest_framework.routers import DefaultRouter +```python +from django.urls import path, include +from rest_framework.routers import DefaultRouter - from snippets import views +from snippets import views - # Create a router and register our ViewSets with it. - router = DefaultRouter() - router.register(r'snippets', views.SnippetViewSet, basename='snippet') - router.register(r'users', views.UserViewSet, basename='user') +# Create a router and register our ViewSets with it. +router = DefaultRouter() +router.register(r"snippets", views.SnippetViewSet, basename="snippet") +router.register(r"users", views.UserViewSet, basename="user") - # The API URLs are now determined automatically by the router. - urlpatterns = [ - path('', include(router.urls)), - ] +# The API URLs are now determined automatically by the router. +urlpatterns = [ + path("", include(router.urls)), +] +``` Registering the ViewSets with the router is similar to providing a urlpattern. We include two arguments - the URL prefix for the views, and the view set itself. diff --git a/docs/tutorial/quickstart.md b/docs/tutorial/quickstart.md index a140dbce0..f0f6e6c4b 100644 --- a/docs/tutorial/quickstart.md +++ b/docs/tutorial/quickstart.md @@ -6,57 +6,65 @@ We're going to create a simple API to allow admin users to view and edit the use Create a new Django project named `tutorial`, then start a new app called `quickstart`. - # Create the project directory - mkdir tutorial - cd tutorial +```bash +# Create the project directory +mkdir tutorial +cd tutorial - # Create a virtual environment to isolate our package dependencies locally - python3 -m venv env - source env/bin/activate # On Windows use `env\Scripts\activate` +# Create a virtual environment to isolate our package dependencies locally +python3 -m venv env +source env/bin/activate # On Windows use `env\Scripts\activate` - # Install Django and Django REST framework into the virtual environment - pip install djangorestframework +# Install Django and Django REST framework into the virtual environment +pip install djangorestframework - # Set up a new project with a single application - django-admin startproject tutorial . # Note the trailing '.' character - cd tutorial - django-admin startapp quickstart - cd .. +# Set up a new project with a single application +django-admin startproject tutorial . # Note the trailing '.' character +cd tutorial +django-admin startapp quickstart +cd .. +``` The project layout should look like: - $ pwd - /tutorial - $ find . - . - ./tutorial - ./tutorial/asgi.py - ./tutorial/__init__.py - ./tutorial/quickstart - ./tutorial/quickstart/migrations - ./tutorial/quickstart/migrations/__init__.py - ./tutorial/quickstart/models.py - ./tutorial/quickstart/__init__.py - ./tutorial/quickstart/apps.py - ./tutorial/quickstart/admin.py - ./tutorial/quickstart/tests.py - ./tutorial/quickstart/views.py - ./tutorial/settings.py - ./tutorial/urls.py - ./tutorial/wsgi.py - ./env - ./env/... - ./manage.py +```bash +$ pwd +/tutorial +$ find . +. +./tutorial +./tutorial/asgi.py +./tutorial/__init__.py +./tutorial/quickstart +./tutorial/quickstart/migrations +./tutorial/quickstart/migrations/__init__.py +./tutorial/quickstart/models.py +./tutorial/quickstart/__init__.py +./tutorial/quickstart/apps.py +./tutorial/quickstart/admin.py +./tutorial/quickstart/tests.py +./tutorial/quickstart/views.py +./tutorial/settings.py +./tutorial/urls.py +./tutorial/wsgi.py +./env +./env/... +./manage.py +``` It may look unusual that the application has been created within the project directory. Using the project's namespace avoids name clashes with external modules (a topic that goes outside the scope of the quickstart). Now sync your database for the first time: - python manage.py migrate +```bash +python manage.py migrate +``` We'll also create an initial user named `admin` with a password. We'll authenticate as that user later in our example. - python manage.py createsuperuser --username admin --email admin@example.com +```bash +python manage.py createsuperuser --username admin --email admin@example.com +``` Once you've set up a database and the initial user is created and ready to go, open up the app's directory and we'll get coding... @@ -64,20 +72,22 @@ Once you've set up a database and the initial user is created and ready to go, o First up we're going to define some serializers. Let's create a new module named `tutorial/quickstart/serializers.py` that we'll use for our data representations. - from django.contrib.auth.models import Group, User - from rest_framework import serializers +```python +from django.contrib.auth.models import Group, User +from rest_framework import serializers - class UserSerializer(serializers.HyperlinkedModelSerializer): - class Meta: - model = User - fields = ['url', 'username', 'email', 'groups'] +class UserSerializer(serializers.HyperlinkedModelSerializer): + class Meta: + model = User + fields = ["url", "username", "email", "groups"] - class GroupSerializer(serializers.HyperlinkedModelSerializer): - class Meta: - model = Group - fields = ['url', 'name'] +class GroupSerializer(serializers.HyperlinkedModelSerializer): + class Meta: + model = Group + fields = ["url", "name"] +``` Notice that we're using hyperlinked relations in this case with `HyperlinkedModelSerializer`. You can also use primary key and various other relationships, but hyperlinking is good RESTful design. @@ -85,28 +95,32 @@ Notice that we're using hyperlinked relations in this case with `HyperlinkedMode Right, we'd better write some views then. Open `tutorial/quickstart/views.py` and get typing. - from django.contrib.auth.models import Group, User - from rest_framework import permissions, viewsets +```python +from django.contrib.auth.models import Group, User +from rest_framework import permissions, viewsets - from tutorial.quickstart.serializers import GroupSerializer, UserSerializer +from tutorial.quickstart.serializers import GroupSerializer, UserSerializer - class UserViewSet(viewsets.ModelViewSet): - """ - API endpoint that allows users to be viewed or edited. - """ - queryset = User.objects.all().order_by('-date_joined') - serializer_class = UserSerializer - permission_classes = [permissions.IsAuthenticated] +class UserViewSet(viewsets.ModelViewSet): + """ + API endpoint that allows users to be viewed or edited. + """ + + queryset = User.objects.all().order_by("-date_joined") + serializer_class = UserSerializer + permission_classes = [permissions.IsAuthenticated] - class GroupViewSet(viewsets.ModelViewSet): - """ - API endpoint that allows groups to be viewed or edited. - """ - queryset = Group.objects.all().order_by('name') - serializer_class = GroupSerializer - permission_classes = [permissions.IsAuthenticated] +class GroupViewSet(viewsets.ModelViewSet): + """ + API endpoint that allows groups to be viewed or edited. + """ + + queryset = Group.objects.all().order_by("name") + serializer_class = GroupSerializer + permission_classes = [permissions.IsAuthenticated] +``` Rather than write multiple views we're grouping together all the common behavior into classes called `ViewSets`. @@ -116,21 +130,23 @@ We can easily break these down into individual views if we need to, but using vi Okay, now let's wire up the API URLs. On to `tutorial/urls.py`... - from django.urls import include, path - from rest_framework import routers +```python +from django.urls import include, path +from rest_framework import routers - from tutorial.quickstart import views +from tutorial.quickstart import views - router = routers.DefaultRouter() - router.register(r'users', views.UserViewSet) - router.register(r'groups', views.GroupViewSet) +router = routers.DefaultRouter() +router.register(r"users", views.UserViewSet) +router.register(r"groups", views.GroupViewSet) - # Wire up our API using automatic URL routing. - # Additionally, we include login URLs for the browsable API. - urlpatterns = [ - path('', include(router.urls)), - path('api-auth/', include('rest_framework.urls', namespace='rest_framework')) - ] +# Wire up our API using automatic URL routing. +# Additionally, we include login URLs for the browsable API. +urlpatterns = [ + path("", include(router.urls)), + path("api-auth/", include("rest_framework.urls", namespace="rest_framework")), +] +``` Because we're using viewsets instead of views, we can automatically generate the URL conf for our API, by simply registering the viewsets with a router class. @@ -139,21 +155,26 @@ Again, if we need more control over the API URLs we can simply drop down to usin Finally, we're including default login and logout views for use with the browsable API. That's optional, but useful if your API requires authentication and you want to use the browsable API. ## Pagination + Pagination allows you to control how many objects per page are returned. To enable it add the following lines to `tutorial/settings.py` - REST_FRAMEWORK = { - 'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination', - 'PAGE_SIZE': 10 - } +```python +REST_FRAMEWORK = { + "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.PageNumberPagination", + "PAGE_SIZE": 10, +} +``` ## Settings Add `'rest_framework'` to `INSTALLED_APPS`. The settings module will be in `tutorial/settings.py` - INSTALLED_APPS = [ - ... - 'rest_framework', - ] +```text +INSTALLED_APPS = [ + ... + 'rest_framework', +] +``` Okay, we're done. @@ -163,46 +184,51 @@ Okay, we're done. We're now ready to test the API we've built. Let's fire up the server from the command line. - python manage.py runserver +```bash +python manage.py runserver +``` We can now access our API, both from the command-line, using tools like `curl`... - bash: curl -u admin -H 'Accept: application/json; indent=4' http://127.0.0.1:8000/users/ - Enter host password for user 'admin': - { - "count": 1, - "next": null, - "previous": null, - "results": [ - { - "url": "http://127.0.0.1:8000/users/1/", - "username": "admin", - "email": "admin@example.com", - "groups": [] - } - ] - } +```bash +bash: curl -u admin -H 'Accept: application/json; indent=4' http://127.0.0.1:8000/users/ +Enter host password for user 'admin': +{ + "count": 1, + "next": null, + "previous": null, + "results": [ + { + "url": "http://127.0.0.1:8000/users/1/", + "username": "admin", + "email": "admin@example.com", + "groups": [] + } + ] +} +``` Or using the [httpie][httpie], command line tool... - bash: http -a admin http://127.0.0.1:8000/users/ - http: password for admin@127.0.0.1:8000:: - $HTTP/1.1 200 OK - ... - { - "count": 1, - "next": null, - "previous": null, - "results": [ - { - "email": "admin@example.com", - "groups": [], - "url": "http://127.0.0.1:8000/users/1/", - "username": "admin" - } - ] - } - +```bash +bash: http -a admin http://127.0.0.1:8000/users/ +http: password for admin@127.0.0.1:8000:: +$HTTP/1.1 200 OK +... +{ + "count": 1, + "next": null, + "previous": null, + "results": [ + { + "email": "admin@example.com", + "groups": [], + "url": "http://127.0.0.1:8000/users/1/", + "username": "admin" + } + ] +} +``` Or directly through the browser, by going to the URL `http://127.0.0.1:8000/users/`... diff --git a/docs_theme/main.html b/docs_theme/main.html index b4e894781..e37309595 100644 --- a/docs_theme/main.html +++ b/docs_theme/main.html @@ -110,7 +110,7 @@ {% block content %} {% if page.meta.source %} {% for filename in page.meta.source %} - + {{ filename }} {% endfor %} diff --git a/docs_theme/nav.html b/docs_theme/nav.html index d30348756..df2fd97d0 100644 --- a/docs_theme/nav.html +++ b/docs_theme/nav.html @@ -1,7 +1,7 @@
- GitHub + GitHub diff --git a/mkdocs.yml b/mkdocs.yml index 010aaefe2..4608f444c 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -85,5 +85,4 @@ nav: - '3.0 Announcement': 'community/3.0-announcement.md' - 'Kickstarter Announcement': 'community/kickstarter-announcement.md' - 'Mozilla Grant': 'community/mozilla-grant.md' - - 'Funding': 'community/funding.md' - 'Jobs': 'community/jobs.md' diff --git a/pyproject.toml b/pyproject.toml new file mode 100644 index 000000000..37fef3bd2 --- /dev/null +++ b/pyproject.toml @@ -0,0 +1,87 @@ +[build-system] +build-backend = "setuptools.build_meta" +requires = [ "setuptools>=77.0.3" ] + +[project] +name = "djangorestframework" +description = "Web APIs for Django, made easy." +readme = "README.md" +license = "BSD-3-Clause" +license-files = [ "LICENSE.md" ] +authors = [ { name = "Tom Christie", email = "tom@tomchristie.com" } ] +requires-python = ">=3.10" +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Environment :: Web Environment", + "Framework :: Django", + "Framework :: Django :: 4.2", + "Framework :: Django :: 5.0", + "Framework :: Django :: 5.1", + "Framework :: Django :: 5.2", + "Intended Audience :: Developers", + "Operating System :: OS Independent", + "Programming Language :: Python", + "Programming Language :: Python :: 3 :: Only", + "Programming Language :: Python :: 3.10", + "Programming Language :: Python :: 3.11", + "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3.14", + "Topic :: Internet :: WWW/HTTP", +] +dynamic = [ "version" ] + +dependencies = [ "django>=4.2" ] +urls.Changelog = "https://www.django-rest-framework.org/community/release-notes/" +urls.Funding = "https://fund.django-rest-framework.org/topics/funding/" +urls.Homepage = "https://www.django-rest-framework.org" +urls.Source = "https://github.com/encode/django-rest-framework" + +[tool.setuptools] + +[tool.setuptools.dynamic] +version = { attr = "rest_framework.__version__" } + +[tool.setuptools.packages.find] +include = [ "rest_framework*" ] + +[tool.setuptools.package-data] +"rest_framework" = [ + "templates/**/*", + "static/**/*", + "locale/**/*.mo", +] + +[tool.isort] +skip = [ ".tox" ] +atomic = true +multi_line_output = 5 +extra_standard_library = [ "types" ] +known_third_party = [ "pytest", "_pytest", "django", "pytz", "uritemplate" ] +known_first_party = [ "rest_framework", "tests" ] + +[tool.codespell] +# Ref: https://github.com/codespell-project/codespell#using-a-config-file +skip = "*/kickstarter-announcement.md,*.js,*.map,*.po" +ignore-words-list = "fo,malcom,ser" + +[tool.pyproject-fmt] +max_supported_python = "3.14" + +[tool.pytest.ini_options] +addopts = "--tb=short --strict-markers -ra" +testpaths = [ "tests" ] +filterwarnings = [ "ignore:CoreAPI compatibility is deprecated*:rest_framework.RemovedInDRF318Warning" ] + +[tool.coverage.run] +# NOTE: source is ignored with pytest-cov (but uses the same). +source = [ "." ] +include = [ "rest_framework/*", "tests/*" ] +branch = true + +[tool.coverage.report] +include = [ "rest_framework/*", "tests/*" ] +exclude_lines = [ + "pragma: no cover", + "raise NotImplementedError", +] diff --git a/requirements/requirements-optionals.txt b/requirements/requirements-optionals.txt index bac597c95..a19e4d192 100644 --- a/requirements/requirements-optionals.txt +++ b/requirements/requirements-optionals.txt @@ -4,7 +4,8 @@ coreschema==0.0.4 django-filter django-guardian>=2.4.0,<2.5 inflection==0.5.1 +legacy-cgi; python_version>="3.13" markdown>=3.3.7 -psycopg2-binary>=2.9.5,<2.10 +psycopg[binary]>=3.1.8 pygments~=2.17.0 pyyaml>=5.3.1,<5.4 diff --git a/requirements/requirements-testing.txt b/requirements/requirements-testing.txt index 2b39316a0..a3821a508 100644 --- a/requirements/requirements-testing.txt +++ b/requirements/requirements-testing.txt @@ -5,3 +5,5 @@ pytest-django>=4.5.2,<5.0 importlib-metadata<5.0 # temporary pin of attrs attrs==22.1.0 +pytz # Remove when dropping support for Django<5.0 +setuptools>=77.0.3 diff --git a/rest_framework/__init__.py b/rest_framework/__init__.py index 692ce9cb1..d7e4060ff 100644 --- a/rest_framework/__init__.py +++ b/rest_framework/__init__.py @@ -8,9 +8,9 @@ ______ _____ _____ _____ __ """ __title__ = 'Django REST framework' -__version__ = '3.16.0' +__version__ = '3.16.1' __author__ = 'Tom Christie' -__license__ = 'BSD 3-Clause' +__license__ = 'BSD-3-Clause' __copyright__ = 'Copyright 2011-2023 Encode OSS Ltd' # Version synonym @@ -21,7 +21,8 @@ HTTP_HEADER_ENCODING = 'iso-8859-1' # Default datetime input and output formats ISO_8601 = 'iso-8601' +DJANGO_DURATION_FORMAT = 'django' -class RemovedInDRF317Warning(PendingDeprecationWarning): +class RemovedInDRF318Warning(DeprecationWarning): pass diff --git a/rest_framework/authtoken/models.py b/rest_framework/authtoken/models.py index 6a17c2452..b75d1a842 100644 --- a/rest_framework/authtoken/models.py +++ b/rest_framework/authtoken/models.py @@ -1,5 +1,4 @@ -import binascii -import os +import secrets from django.conf import settings from django.db import models @@ -28,13 +27,22 @@ class Token(models.Model): verbose_name_plural = _("Tokens") def save(self, *args, **kwargs): + """ + Save the token instance. + + If no key is provided, generates a cryptographically secure key. + For new tokens, ensures they are inserted as new (not updated). + """ if not self.key: self.key = self.generate_key() + # For new objects, force INSERT to prevent overwriting existing tokens + if self._state.adding: + kwargs['force_insert'] = True return super().save(*args, **kwargs) @classmethod def generate_key(cls): - return binascii.hexlify(os.urandom(20)).decode() + return secrets.token_hex(20) def __str__(self): return self.key diff --git a/rest_framework/compat.py b/rest_framework/compat.py index ff21bacff..6651d80af 100644 --- a/rest_framework/compat.py +++ b/rest_framework/compat.py @@ -16,7 +16,7 @@ def unicode_http_header(value): return value -# django.contrib.postgres requires psycopg2 +# django.contrib.postgres requires psycopg try: from django.contrib.postgres import fields as postgres_fields except ImportError: diff --git a/rest_framework/decorators.py b/rest_framework/decorators.py index 864ff7395..a69a613ba 100644 --- a/rest_framework/decorators.py +++ b/rest_framework/decorators.py @@ -70,6 +70,15 @@ def api_view(http_method_names=None): WrappedAPIView.permission_classes = getattr(func, 'permission_classes', APIView.permission_classes) + WrappedAPIView.content_negotiation_class = getattr(func, 'content_negotiation_class', + APIView.content_negotiation_class) + + WrappedAPIView.metadata_class = getattr(func, 'metadata_class', + APIView.metadata_class) + + WrappedAPIView.versioning_class = getattr(func, "versioning_class", + APIView.versioning_class) + WrappedAPIView.schema = getattr(func, 'schema', APIView.schema) @@ -78,8 +87,26 @@ def api_view(http_method_names=None): return decorator +def _check_decorator_order(func, decorator_name): + """ + Check if an API policy decorator is being applied after @api_view. + """ + # Check if func is actually a view function (result of APIView.as_view()) + if hasattr(func, 'cls') and issubclass(func.cls, APIView): + raise TypeError( + f"@{decorator_name} must come after (below) the @api_view decorator. " + "The correct order is:\n\n" + " @api_view(['GET'])\n" + f" @{decorator_name}(...)\n" + " def my_view(request):\n" + " ...\n\n" + "See https://www.django-rest-framework.org/api-guide/views/#api-policy-decorators" + ) + + def renderer_classes(renderer_classes): def decorator(func): + _check_decorator_order(func, 'renderer_classes') func.renderer_classes = renderer_classes return func return decorator @@ -87,6 +114,7 @@ def renderer_classes(renderer_classes): def parser_classes(parser_classes): def decorator(func): + _check_decorator_order(func, 'parser_classes') func.parser_classes = parser_classes return func return decorator @@ -94,6 +122,7 @@ def parser_classes(parser_classes): def authentication_classes(authentication_classes): def decorator(func): + _check_decorator_order(func, 'authentication_classes') func.authentication_classes = authentication_classes return func return decorator @@ -101,6 +130,7 @@ def authentication_classes(authentication_classes): def throttle_classes(throttle_classes): def decorator(func): + _check_decorator_order(func, 'throttle_classes') func.throttle_classes = throttle_classes return func return decorator @@ -108,13 +138,39 @@ def throttle_classes(throttle_classes): def permission_classes(permission_classes): def decorator(func): + _check_decorator_order(func, 'permission_classes') func.permission_classes = permission_classes return func return decorator +def content_negotiation_class(content_negotiation_class): + def decorator(func): + _check_decorator_order(func, 'content_negotiation_class') + func.content_negotiation_class = content_negotiation_class + return func + return decorator + + +def metadata_class(metadata_class): + def decorator(func): + _check_decorator_order(func, 'metadata_class') + func.metadata_class = metadata_class + return func + return decorator + + +def versioning_class(versioning_class): + def decorator(func): + _check_decorator_order(func, 'versioning_class') + func.versioning_class = versioning_class + return func + return decorator + + def schema(view_inspector): def decorator(func): + _check_decorator_order(func, 'schema') func.schema = view_inspector return func return decorator diff --git a/rest_framework/fields.py b/rest_framework/fields.py index d5d828c39..1c1cddb88 100644 --- a/rest_framework/fields.py +++ b/rest_framework/fields.py @@ -24,7 +24,7 @@ from django.utils import timezone from django.utils.dateparse import ( parse_date, parse_datetime, parse_duration, parse_time ) -from django.utils.duration import duration_string +from django.utils.duration import duration_iso_string, duration_string from django.utils.encoding import is_protected_type, smart_str from django.utils.formats import localize_input, sanitize_separators from django.utils.ipv6 import clean_ipv6_address @@ -35,7 +35,7 @@ try: except ImportError: pytz = None -from rest_framework import ISO_8601 +from rest_framework import DJANGO_DURATION_FORMAT, ISO_8601 from rest_framework.compat import ip_address_validators from rest_framework.exceptions import ErrorDetail, ValidationError from rest_framework.settings import api_settings @@ -921,6 +921,28 @@ class IntegerField(Field): return int(value) +class BigIntegerField(IntegerField): + + default_error_messages = { + 'invalid': _('A valid biginteger is required.'), + 'max_value': _('Ensure this value is less than or equal to {max_value}.'), + 'min_value': _('Ensure this value is greater than or equal to {min_value}.'), + 'max_string_length': _('String value too large.') + } + + def __init__(self, coerce_to_string=None, **kwargs): + super().__init__(**kwargs) + + if coerce_to_string is not None: + self.coerce_to_string = coerce_to_string + + def to_representation(self, value): + if getattr(self, 'coerce_to_string', api_settings.COERCE_BIGINT_TO_STRING): + return '' if value is None else str(value) + + return super().to_representation(value) + + class FloatField(Field): default_error_messages = { 'invalid': _('A valid number is required.'), @@ -1351,9 +1373,22 @@ class DurationField(Field): 'overflow': _('The number of days must be between {min_days} and {max_days}.'), } - def __init__(self, **kwargs): + def __init__(self, *, format=empty, **kwargs): self.max_value = kwargs.pop('max_value', None) self.min_value = kwargs.pop('min_value', None) + if format is not empty: + if format is None or (isinstance(format, str) and format.lower() in (ISO_8601, DJANGO_DURATION_FORMAT)): + self.format = format + elif isinstance(format, str): + raise ValueError( + f"Unknown duration format provided, got '{format}'" + " while expecting 'django', 'iso-8601' or `None`." + ) + else: + raise TypeError( + "duration format must be either str or `None`," + f" not {type(format).__name__}" + ) super().__init__(**kwargs) if self.max_value is not None: message = lazy_format(self.error_messages['max_value'], max_value=self.max_value) @@ -1376,7 +1411,26 @@ class DurationField(Field): self.fail('invalid', format='[DD] [HH:[MM:]]ss[.uuuuuu]') def to_representation(self, value): - return duration_string(value) + output_format = getattr(self, 'format', api_settings.DURATION_FORMAT) + + if output_format is None: + return value + + if isinstance(output_format, str): + if output_format.lower() == ISO_8601: + return duration_iso_string(value) + + if output_format.lower() == DJANGO_DURATION_FORMAT: + return duration_string(value) + + raise ValueError( + f"Unknown duration format provided, got '{output_format}'" + " while expecting 'django', 'iso-8601' or `None`." + ) + raise TypeError( + "duration format must be either str or `None`," + f" not {type(output_format).__name__}" + ) # Choice types... diff --git a/rest_framework/filters.py b/rest_framework/filters.py index 3f4730da8..ea8c5ff19 100644 --- a/rest_framework/filters.py +++ b/rest_framework/filters.py @@ -14,7 +14,7 @@ from django.utils.encoding import force_str from django.utils.text import smart_split, unescape_string_literal from django.utils.translation import gettext_lazy as _ -from rest_framework import RemovedInDRF317Warning +from rest_framework import RemovedInDRF318Warning from rest_framework.compat import coreapi, coreschema from rest_framework.fields import CharField from rest_framework.settings import api_settings @@ -51,7 +51,7 @@ class BaseFilterBackend: def get_schema_fields(self, view): assert coreapi is not None, 'coreapi must be installed to use `get_schema_fields()`' if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) assert coreschema is not None, 'coreschema must be installed to use `get_schema_fields()`' return [] @@ -189,7 +189,7 @@ class SearchFilter(BaseFilterBackend): def get_schema_fields(self, view): assert coreapi is not None, 'coreapi must be installed to use `get_schema_fields()`' if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) assert coreschema is not None, 'coreschema must be installed to use `get_schema_fields()`' return [ coreapi.Field( @@ -249,7 +249,9 @@ class OrderingFilter(BaseFilterBackend): return (ordering,) return ordering - def get_default_valid_fields(self, queryset, view, context={}): + def get_default_valid_fields(self, queryset, view, context=None): + if context is None: + context = {} # If `ordering_fields` is not specified, then we determine a default # based on the serializer class, if one exists on the view. if hasattr(view, 'get_serializer_class'): @@ -286,7 +288,9 @@ class OrderingFilter(BaseFilterBackend): ) ] - def get_valid_fields(self, queryset, view, context={}): + def get_valid_fields(self, queryset, view, context=None): + if context is None: + context = {} valid_fields = getattr(view, 'ordering_fields', self.ordering_fields) if valid_fields is None: @@ -351,7 +355,7 @@ class OrderingFilter(BaseFilterBackend): def get_schema_fields(self, view): assert coreapi is not None, 'coreapi must be installed to use `get_schema_fields()`' if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) assert coreschema is not None, 'coreschema must be installed to use `get_schema_fields()`' return [ coreapi.Field( diff --git a/rest_framework/generics.py b/rest_framework/generics.py index 167303321..ca35dcf15 100644 --- a/rest_framework/generics.py +++ b/rest_framework/generics.py @@ -1,5 +1,5 @@ """ -Generic views that provide commonly needed behaviour. +Generic views that provide commonly needed behavior. """ from django.core.exceptions import ValidationError from django.db.models.query import QuerySet diff --git a/rest_framework/locale/fr/LC_MESSAGES/django.mo b/rest_framework/locale/fr/LC_MESSAGES/django.mo index a1c0b3c2d..e29c704f1 100644 Binary files a/rest_framework/locale/fr/LC_MESSAGES/django.mo and b/rest_framework/locale/fr/LC_MESSAGES/django.mo differ diff --git a/rest_framework/locale/fr/LC_MESSAGES/django.po b/rest_framework/locale/fr/LC_MESSAGES/django.po index c2e08c80b..9410b736f 100644 --- a/rest_framework/locale/fr/LC_MESSAGES/django.po +++ b/rest_framework/locale/fr/LC_MESSAGES/django.po @@ -1,21 +1,21 @@ # SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. -# +# # Translators: # Erwann Mest , 2019 # Etienne Desgagné , 2015 # Martin Maillard , 2015 -# Martin Maillard , 2015 # Stéphane Raimbault , 2019 # Xavier Ordoquy , 2015-2016 +# Sébastien Corbin , 2025 msgid "" msgstr "" "Project-Id-Version: Django REST framework\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2020-10-13 21:45+0200\n" -"PO-Revision-Date: 2020-10-13 19:45+0000\n" -"Last-Translator: Xavier Ordoquy \n" +"PO-Revision-Date: 2025-08-17 20:30+0200\n" +"Last-Translator: Sébastien Corbin \n" "Language-Team: French (http://www.transifex.com/django-rest-framework-1/django-rest-framework/language/fr/)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -52,8 +52,7 @@ msgid "Invalid token header. Token string should not contain spaces." msgstr "En-tête « token » non valide. Un token ne doit pas contenir d'espaces." #: authentication.py:193 -msgid "" -"Invalid token header. Token string should not contain invalid characters." +msgid "Invalid token header. Token string should not contain invalid characters." msgstr "En-tête « token » non valide. Un token ne doit pas contenir de caractères invalides." #: authentication.py:203 @@ -106,11 +105,11 @@ msgstr "Une erreur du serveur est survenue." #: exceptions.py:142 msgid "Invalid input." -msgstr "" +msgstr "Entrée invalide." #: exceptions.py:161 msgid "Malformed request." -msgstr "Requête malformée" +msgstr "Requête malformée." #: exceptions.py:167 msgid "Incorrect authentication credentials." @@ -149,12 +148,12 @@ msgstr "Requête ralentie." #: exceptions.py:224 #, python-brace-format msgid "Expected available in {wait} second." -msgstr "" +msgstr "Disponible à nouveau dans {wait} seconde." #: exceptions.py:225 #, python-brace-format msgid "Expected available in {wait} seconds." -msgstr "" +msgstr "Disponible à nouveau dans {wait} secondes." #: fields.py:316 relations.py:245 relations.py:279 validators.py:90 #: validators.py:183 @@ -167,11 +166,11 @@ msgstr "Ce champ ne peut être nul." #: fields.py:701 msgid "Must be a valid boolean." -msgstr "" +msgstr "Doit être un booléen valide." #: fields.py:766 msgid "Not a valid string." -msgstr "" +msgstr "Chaîne de charactère invalide." #: fields.py:767 msgid "This field may not be blank." @@ -196,16 +195,12 @@ msgid "This value does not match the required pattern." msgstr "Cette valeur ne satisfait pas le motif imposé." #: fields.py:838 -msgid "" -"Enter a valid \"slug\" consisting of letters, numbers, underscores or " -"hyphens." +msgid "Enter a valid \"slug\" consisting of letters, numbers, underscores or hyphens." msgstr "Ce champ ne doit contenir que des lettres, des nombres, des tirets bas _ et des traits d'union." #: fields.py:839 -msgid "" -"Enter a valid \"slug\" consisting of Unicode letters, numbers, underscores, " -"or hyphens." -msgstr "" +msgid "Enter a valid \"slug\" consisting of Unicode letters, numbers, underscores, or hyphens." +msgstr "Ce champ ne doit contenir que des lettres Unicode, des nombres, des tirets bas _ et des traits d'union." #: fields.py:854 msgid "Enter a valid URL." @@ -213,7 +208,7 @@ msgstr "Saisissez une URL valide." #: fields.py:867 msgid "Must be a valid UUID." -msgstr "" +msgstr "Doit être un UUID valide." #: fields.py:903 msgid "Enter a valid IPv4 or IPv6 address." @@ -226,7 +221,7 @@ msgstr "Un nombre entier valide est requis." #: fields.py:932 fields.py:969 fields.py:1005 fields.py:1366 #, python-brace-format msgid "Ensure this value is less than or equal to {max_value}." -msgstr "Assurez-vous que cette valeur est inférieure ou égale à {max_value}." +msgstr "Assurez-vous que cette valeur est inférieure ou égale à {max_value}." #: fields.py:933 fields.py:970 fields.py:1006 fields.py:1367 #, python-brace-format @@ -248,15 +243,12 @@ msgstr "Assurez-vous qu'il n'y a pas plus de {max_digits} chiffres au total." #: fields.py:1008 #, python-brace-format -msgid "" -"Ensure that there are no more than {max_decimal_places} decimal places." +msgid "Ensure that there are no more than {max_decimal_places} decimal places." msgstr "Assurez-vous qu'il n'y a pas plus de {max_decimal_places} chiffres après la virgule." #: fields.py:1009 #, python-brace-format -msgid "" -"Ensure that there are no more than {max_whole_digits} digits before the " -"decimal point." +msgid "Ensure that there are no more than {max_whole_digits} digits before the decimal point." msgstr "Assurez-vous qu'il n'y a pas plus de {max_whole_digits} chiffres avant la virgule." #: fields.py:1148 @@ -271,11 +263,11 @@ msgstr "Attendait une date + heure mais a reçu une date." #: fields.py:1150 #, python-brace-format msgid "Invalid datetime for the timezone \"{timezone}\"." -msgstr "" +msgstr "Date et heure non valides pour le fuseau horaire \"{timezone}\"." #: fields.py:1151 msgid "Datetime value out of range." -msgstr "" +msgstr "Valeur de date et heure hors de l'intervalle." #: fields.py:1236 #, python-brace-format @@ -325,8 +317,7 @@ msgid "No file was submitted." msgstr "Aucun fichier n'a été soumis." #: fields.py:1515 -msgid "" -"The submitted data was not a file. Check the encoding type on the form." +msgid "The submitted data was not a file. Check the encoding type on the form." msgstr "La donnée soumise n'est pas un fichier. Vérifiez le type d'encodage du formulaire." #: fields.py:1516 @@ -339,14 +330,11 @@ msgstr "Le fichier soumis est vide." #: fields.py:1518 #, python-brace-format -msgid "" -"Ensure this filename has at most {max_length} characters (it has {length})." +msgid "Ensure this filename has at most {max_length} characters (it has {length})." msgstr "Assurez-vous que le nom de fichier comporte au plus {max_length} caractères (il en comporte {length})." #: fields.py:1566 -msgid "" -"Upload a valid image. The file you uploaded was either not an image or a " -"corrupted image." +msgid "Upload a valid image. The file you uploaded was either not an image or a corrupted image." msgstr "Transférez une image valide. Le fichier que vous avez transféré n'est pas une image, ou il est corrompu." #: fields.py:1604 relations.py:486 serializers.py:571 @@ -356,12 +344,12 @@ msgstr "Cette liste ne peut pas être vide." #: fields.py:1605 #, python-brace-format msgid "Ensure this field has at least {min_length} elements." -msgstr "" +msgstr "Vérifier que ce champ a au moins {min_length} éléments." #: fields.py:1606 #, python-brace-format msgid "Ensure this field has no more than {max_length} elements." -msgstr "" +msgstr "Vérifier que ce champ n'a pas plus de {max_length} éléments." #: fields.py:1682 #, python-brace-format @@ -370,7 +358,7 @@ msgstr "Attendait un dictionnaire d'éléments mais a reçu « {input_type} » #: fields.py:1683 msgid "This dictionary may not be empty." -msgstr "" +msgstr "Ce dictionnaire ne peut être vide." #: fields.py:1755 msgid "Value must be valid JSON." @@ -382,7 +370,7 @@ msgstr "Recherche" #: filters.py:50 msgid "A search term." -msgstr "" +msgstr "Un terme de recherche." #: filters.py:180 templates/rest_framework/filters/ordering.html:3 msgid "Ordering" @@ -390,7 +378,7 @@ msgstr "Ordre" #: filters.py:181 msgid "Which field to use when ordering the results." -msgstr "" +msgstr "Quel champ utiliser pour classer les résultats." #: filters.py:287 msgid "ascending" @@ -402,11 +390,11 @@ msgstr "décroissant" #: pagination.py:174 msgid "A page number within the paginated result set." -msgstr "" +msgstr "Un numéro de page de l'ensemble des résultats." #: pagination.py:179 pagination.py:372 pagination.py:590 msgid "Number of results to return per page." -msgstr "" +msgstr "Nombre de résultats à retourner par page." #: pagination.py:189 msgid "Invalid page." @@ -414,11 +402,11 @@ msgstr "Page non valide." #: pagination.py:374 msgid "The initial index from which to return the results." -msgstr "" +msgstr "L'index initial depuis lequel retourner les résultats." #: pagination.py:581 msgid "The pagination cursor value." -msgstr "" +msgstr "La valeur du curseur de pagination." #: pagination.py:583 msgid "Invalid cursor" @@ -454,7 +442,7 @@ msgstr "Type incorrect. Attendait une URL, a reçu {data_type}." #: relations.py:448 #, python-brace-format msgid "Object with {slug_name}={value} does not exist." -msgstr "L'object avec {slug_name}={value} n'existe pas." +msgstr "L'objet avec {slug_name}={value} n'existe pas." #: relations.py:449 msgid "Invalid value." @@ -462,20 +450,20 @@ msgstr "Valeur non valide." #: schemas/utils.py:32 msgid "unique integer value" -msgstr "" +msgstr "valeur entière unique" #: schemas/utils.py:34 msgid "UUID string" -msgstr "" +msgstr "Chaîne UUID" #: schemas/utils.py:36 msgid "unique value" -msgstr "" +msgstr "valeur unique" #: schemas/utils.py:38 #, python-brace-format msgid "A {value_type} identifying this {name}." -msgstr "" +msgstr "Un(une) {value_type} identifiant ce(cette) {name}." #: serializers.py:337 #, python-brace-format @@ -485,7 +473,7 @@ msgstr "Donnée non valide. Attendait un dictionnaire, a reçu {datatype}." #: templates/rest_framework/admin.html:116 #: templates/rest_framework/base.html:136 msgid "Extra Actions" -msgstr "" +msgstr "Actions supplémentaires" #: templates/rest_framework/admin.html:130 #: templates/rest_framework/base.html:150 @@ -494,27 +482,27 @@ msgstr "Filtres" #: templates/rest_framework/base.html:37 msgid "navbar" -msgstr "" +msgstr "barre de navigation" #: templates/rest_framework/base.html:75 msgid "content" -msgstr "" +msgstr "contenu" #: templates/rest_framework/base.html:78 msgid "request form" -msgstr "" +msgstr "formulaire de requête" #: templates/rest_framework/base.html:157 msgid "main content" -msgstr "" +msgstr "contenu principal" #: templates/rest_framework/base.html:173 msgid "request info" -msgstr "" +msgstr "information de la requête" #: templates/rest_framework/base.html:177 msgid "response info" -msgstr "" +msgstr "information de la réponse" #: templates/rest_framework/horizontal/radio.html:4 #: templates/rest_framework/inline/radio.html:3 @@ -540,7 +528,7 @@ msgstr "Les champs {field_names} doivent former un ensemble unique." #: validators.py:171 #, python-brace-format msgid "Surrogate characters are not allowed: U+{code_point:X}." -msgstr "" +msgstr "Les caractères de substitution ne sont pas autorisés : U+{code_point:X}." #: validators.py:243 #, python-brace-format diff --git a/rest_framework/locale/tr/LC_MESSAGES/django.mo b/rest_framework/locale/tr/LC_MESSAGES/django.mo index 6386aab52..10233c890 100644 Binary files a/rest_framework/locale/tr/LC_MESSAGES/django.mo and b/rest_framework/locale/tr/LC_MESSAGES/django.mo differ diff --git a/rest_framework/locale/tr/LC_MESSAGES/django.po b/rest_framework/locale/tr/LC_MESSAGES/django.po index 106fe7177..fcb45b5c8 100644 --- a/rest_framework/locale/tr/LC_MESSAGES/django.po +++ b/rest_framework/locale/tr/LC_MESSAGES/django.po @@ -11,6 +11,7 @@ # Murat Çorlu , 2015 # Recep KIRMIZI , 2015 # Ülgen Sarıkavak , 2015 +# Sezer BOZKIR , 2025 msgid "" msgstr "" "Project-Id-Version: Django REST framework\n" @@ -108,7 +109,7 @@ msgstr "Sunucu hatası oluştu." #: exceptions.py:142 msgid "Invalid input." -msgstr "" +msgstr "Geçersiz girdi." #: exceptions.py:161 msgid "Malformed request." @@ -151,12 +152,12 @@ msgstr "Üst üste çok fazla istek yapıldı." #: exceptions.py:224 #, python-brace-format msgid "Expected available in {wait} second." -msgstr "" +msgstr "{wait} saniye içinde erişilebilir olması bekleniyor." #: exceptions.py:225 #, python-brace-format msgid "Expected available in {wait} seconds." -msgstr "" +msgstr "{wait} saniye içinde erişilebilir olması bekleniyor." #: fields.py:316 relations.py:245 relations.py:279 validators.py:90 #: validators.py:183 @@ -169,11 +170,11 @@ msgstr "Bu alan boş bırakılmamalı." #: fields.py:701 msgid "Must be a valid boolean." -msgstr "" +msgstr "Geçerli bir boolean olmalı." #: fields.py:766 msgid "Not a valid string." -msgstr "" +msgstr "Geçerli bir string değil." #: fields.py:767 msgid "This field may not be blank." @@ -215,7 +216,7 @@ msgstr "Geçerli bir URL girin." #: fields.py:867 msgid "Must be a valid UUID." -msgstr "" +msgstr "Geçerli bir UUID olmalı." #: fields.py:903 msgid "Enter a valid IPv4 or IPv6 address." @@ -273,11 +274,11 @@ msgstr "Datetime değeri bekleniyor, ama date değeri geldi." #: fields.py:1150 #, python-brace-format msgid "Invalid datetime for the timezone \"{timezone}\"." -msgstr "" +msgstr "\"{timezone}\" zaman dilimi için geçersiz datetime." #: fields.py:1151 msgid "Datetime value out of range." -msgstr "" +msgstr "Datetime değeri aralığın dışında." #: fields.py:1236 #, python-brace-format @@ -358,12 +359,12 @@ msgstr "Bu liste boş olmamalı." #: fields.py:1605 #, python-brace-format msgid "Ensure this field has at least {min_length} elements." -msgstr "" +msgstr "Bu alanın en az {min_length} eleman içerdiğinden emin olun." #: fields.py:1606 #, python-brace-format msgid "Ensure this field has no more than {max_length} elements." -msgstr "" +msgstr "Bu alanın en fazla {max_length} eleman içerdiğinden emin olun." #: fields.py:1682 #, python-brace-format @@ -372,7 +373,7 @@ msgstr "Sözlük tipi bir değişken beklenirken \"{input_type}\" tipi bir deği #: fields.py:1683 msgid "This dictionary may not be empty." -msgstr "" +msgstr "Bu sözlük boş olmamalı." #: fields.py:1755 msgid "Value must be valid JSON." @@ -384,7 +385,7 @@ msgstr "Arama" #: filters.py:50 msgid "A search term." -msgstr "" +msgstr "Bir arama terimi." #: filters.py:180 templates/rest_framework/filters/ordering.html:3 msgid "Ordering" @@ -392,23 +393,23 @@ msgstr "Sıralama" #: filters.py:181 msgid "Which field to use when ordering the results." -msgstr "" +msgstr "Sonuçların sıralanmasında kullanılacak alan." #: filters.py:287 msgid "ascending" -msgstr "" +msgstr "artan" #: filters.py:288 msgid "descending" -msgstr "" +msgstr "azalan" #: pagination.py:174 msgid "A page number within the paginated result set." -msgstr "" +msgstr "Sayfalanmış sonuç kümesinde bir sayfa numarası." #: pagination.py:179 pagination.py:372 pagination.py:590 msgid "Number of results to return per page." -msgstr "" +msgstr "Her sayfada döndürülecek sonuç sayısı." #: pagination.py:189 msgid "Invalid page." @@ -416,11 +417,11 @@ msgstr "Geçersiz sayfa." #: pagination.py:374 msgid "The initial index from which to return the results." -msgstr "" +msgstr "Döndürülecek sonuçların başlangıç indeksi." #: pagination.py:581 msgid "The pagination cursor value." -msgstr "" +msgstr "Sayfalandırma imleci değeri." #: pagination.py:583 msgid "Invalid cursor" @@ -464,20 +465,20 @@ msgstr "Geçersiz değer." #: schemas/utils.py:32 msgid "unique integer value" -msgstr "" +msgstr "benzersiz tamsayı değeri" #: schemas/utils.py:34 msgid "UUID string" -msgstr "" +msgstr "UUID metni" #: schemas/utils.py:36 msgid "unique value" -msgstr "" +msgstr "benzersiz değer" #: schemas/utils.py:38 #, python-brace-format msgid "A {value_type} identifying this {name}." -msgstr "" +msgstr "Bir {name} öğesini tanımlayan {value_type}." #: serializers.py:337 #, python-brace-format @@ -487,7 +488,7 @@ msgstr "Geçersiz veri. Sözlük bekleniyordu fakat {datatype} geldi. " #: templates/rest_framework/admin.html:116 #: templates/rest_framework/base.html:136 msgid "Extra Actions" -msgstr "" +msgstr "Ekstra Eylemler" #: templates/rest_framework/admin.html:130 #: templates/rest_framework/base.html:150 @@ -496,27 +497,27 @@ msgstr "Filtreler" #: templates/rest_framework/base.html:37 msgid "navbar" -msgstr "" +msgstr "navigasyon çubuğu" #: templates/rest_framework/base.html:75 msgid "content" -msgstr "" +msgstr "içerik" #: templates/rest_framework/base.html:78 msgid "request form" -msgstr "" +msgstr "istek formu" #: templates/rest_framework/base.html:157 msgid "main content" -msgstr "" +msgstr "ana içerik" #: templates/rest_framework/base.html:173 msgid "request info" -msgstr "" +msgstr "istek bilgisi" #: templates/rest_framework/base.html:177 msgid "response info" -msgstr "" +msgstr "cevap bilgisi" #: templates/rest_framework/horizontal/radio.html:4 #: templates/rest_framework/inline/radio.html:3 @@ -542,7 +543,7 @@ msgstr "{field_names} hep birlikte eşsiz bir küme oluşturmalılar." #: validators.py:171 #, python-brace-format msgid "Surrogate characters are not allowed: U+{code_point:X}." -msgstr "" +msgstr "Yerine konulmuş karakterlere izin verilmiyor: U+{code_point:X}." #: validators.py:243 #, python-brace-format @@ -569,7 +570,7 @@ msgstr "URL dizininde geçersiz versiyon." #: versioning.py:116 msgid "Invalid version in URL path. Does not match any version namespace." -msgstr "" +msgstr "Geçersiz versiyon URL dizininde. Hiçbir versiyon ad alanı ile eşleşmiyor." #: versioning.py:148 msgid "Invalid version in hostname." diff --git a/rest_framework/mixins.py b/rest_framework/mixins.py index 7fa8947cb..00487450b 100644 --- a/rest_framework/mixins.py +++ b/rest_framework/mixins.py @@ -1,7 +1,7 @@ """ Basic building blocks for generic class based views. -We don't bind behaviour to http method handlers yet, +We don't bind behavior to http method handlers yet, which allows mixin classes to be composed in interesting ways. """ from rest_framework import status diff --git a/rest_framework/pagination.py b/rest_framework/pagination.py index a543ceeb5..b6329b8c3 100644 --- a/rest_framework/pagination.py +++ b/rest_framework/pagination.py @@ -15,7 +15,7 @@ from django.template import loader from django.utils.encoding import force_str from django.utils.translation import gettext_lazy as _ -from rest_framework import RemovedInDRF317Warning +from rest_framework import RemovedInDRF318Warning from rest_framework.compat import coreapi, coreschema from rest_framework.exceptions import NotFound from rest_framework.response import Response @@ -154,7 +154,7 @@ class BasePagination: def get_schema_fields(self, view): assert coreapi is not None, 'coreapi must be installed to use `get_schema_fields()`' if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) return [] def get_schema_operation_parameters(self, view): @@ -316,7 +316,7 @@ class PageNumberPagination(BasePagination): def get_schema_fields(self, view): assert coreapi is not None, 'coreapi must be installed to use `get_schema_fields()`' if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) assert coreschema is not None, 'coreschema must be installed to use `get_schema_fields()`' fields = [ coreapi.Field( @@ -533,7 +533,7 @@ class LimitOffsetPagination(BasePagination): def get_schema_fields(self, view): assert coreapi is not None, 'coreapi must be installed to use `get_schema_fields()`' if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) assert coreschema is not None, 'coreschema must be installed to use `get_schema_fields()`' return [ coreapi.Field( @@ -936,7 +936,7 @@ class CursorPagination(BasePagination): def get_schema_fields(self, view): assert coreapi is not None, 'coreapi must be installed to use `get_schema_fields()`' if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) assert coreschema is not None, 'coreschema must be installed to use `get_schema_fields()`' fields = [ coreapi.Field( diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py index b81f9ab46..6d7218bbc 100644 --- a/rest_framework/renderers.py +++ b/rest_framework/renderers.py @@ -10,6 +10,7 @@ REST framework also provides an HTML renderer that renders the browsable API. import base64 import contextlib import datetime +import sys from urllib import parse from django import forms @@ -22,7 +23,7 @@ from django.utils.html import mark_safe from django.utils.http import parse_header_parameters from django.utils.safestring import SafeString -from rest_framework import VERSION, exceptions, serializers, status +from rest_framework import ISO_8601, VERSION, exceptions, serializers, status from rest_framework.compat import ( INDENT_SEPARATORS, LONG_SEPARATORS, SHORT_SEPARATORS, coreapi, coreschema, pygments_css, yaml @@ -339,11 +340,32 @@ class HTMLFormRenderer(BaseRenderer): style['template_pack'] = parent_style.get('template_pack', self.template_pack) style['renderer'] = self - # Get a clone of the field with text-only value representation. + # Get a clone of the field with text-only value representation ('' if None or False). field = field.as_form_field() - if style.get('input_type') == 'datetime-local' and isinstance(field.value, str): - field.value = field.value.rstrip('Z') + if style.get('input_type') == 'datetime-local': + try: + format_ = field._field.format + except AttributeError: + format_ = api_settings.DATETIME_FORMAT + + if format_ is not None: + # field.value is expected to be a string + # https://www.django-rest-framework.org/api-guide/fields/#datetimefield + field_value = field.value + if format_ == ISO_8601 and sys.version_info < (3, 11): + # We can drop this branch once we drop support for Python < 3.11 + # https://docs.python.org/3/whatsnew/3.11.html#datetime + field_value = field_value.rstrip('Z') + field.value = ( + datetime.datetime.fromisoformat(field_value) if format_ == ISO_8601 + else datetime.datetime.strptime(field_value, format_) + ) + + # The format of an input type="datetime-local" is "yyyy-MM-ddThh:mm" + # followed by optional ":ss" or ":ss.SSS", so keep only the first three + # digits of milliseconds to avoid browser console error. + field.value = field.value.replace(tzinfo=None).isoformat(timespec="milliseconds") if 'template' in style: template_name = style['template'] diff --git a/rest_framework/schemas/coreapi.py b/rest_framework/schemas/coreapi.py index 657178304..b56c2ecae 100644 --- a/rest_framework/schemas/coreapi.py +++ b/rest_framework/schemas/coreapi.py @@ -5,7 +5,7 @@ from urllib import parse from django.db import models from django.utils.encoding import force_str -from rest_framework import RemovedInDRF317Warning, exceptions, serializers +from rest_framework import RemovedInDRF318Warning, exceptions, serializers from rest_framework.compat import coreapi, coreschema, uritemplate from rest_framework.settings import api_settings @@ -50,7 +50,7 @@ Position conflicts with coreapi.Link for URL path {target_url}. Attempted to insert link with keys: {keys}. Adjust URLs to avoid naming collision or override `SchemaGenerator.get_keys()` -to customise schema structure. +to customize schema structure. """ @@ -119,7 +119,7 @@ class SchemaGenerator(BaseSchemaGenerator): def __init__(self, title=None, url=None, description=None, patterns=None, urlconf=None, version=None): assert coreapi, '`coreapi` must be installed for schema support.' if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) assert coreschema, '`coreschema` must be installed for schema support.' super().__init__(title, url, description, patterns, urlconf) @@ -354,7 +354,7 @@ class AutoSchema(ViewInspector): """ super().__init__() if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) if manual_fields is None: manual_fields = [] @@ -513,7 +513,7 @@ class AutoSchema(ViewInspector): Default implementation looks for ModelViewSet or GenericAPIView actions/methods that cause filtering on the default implementation. - Override to adjust behaviour for your view. + Override to adjust behavior for your view. Note: Introduced in v3.7: Initially "private" (i.e. with leading underscore) to allow changes based on user experience. @@ -598,7 +598,7 @@ class ManualSchema(ViewInspector): """ super().__init__() if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) assert all(isinstance(f, coreapi.Field) for f in fields), "`fields` must be a list of coreapi.Field instances" self._fields = fields @@ -622,5 +622,5 @@ class ManualSchema(ViewInspector): def is_enabled(): """Is CoreAPI Mode enabled?""" if coreapi is not None: - warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.17', RemovedInDRF317Warning) + warnings.warn('CoreAPI compatibility is deprecated and will be removed in DRF 3.18', RemovedInDRF318Warning) return issubclass(api_settings.DEFAULT_SCHEMA_CLASS, AutoSchema) diff --git a/rest_framework/schemas/openapi.py b/rest_framework/schemas/openapi.py index eb7dc909d..a048f9324 100644 --- a/rest_framework/schemas/openapi.py +++ b/rest_framework/schemas/openapi.py @@ -86,7 +86,7 @@ class SchemaGenerator(BaseSchemaGenerator): components_schemas.update(components) - # Normalise path for any provided mount url. + # Normalize path for any provided mount url. if path.startswith('/'): path = path[1:] path = urljoin(self.url or '/', path) @@ -428,7 +428,7 @@ class AutoSchema(ViewInspector): } # "Formats such as "email", "uuid", and so on, MAY be used even though undefined by this specification." - # see: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#data-types + # see: https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#data-types # see also: https://swagger.io/docs/specification/data-models/data-types/#string if isinstance(field, serializers.EmailField): return { @@ -555,7 +555,7 @@ class AutoSchema(ViewInspector): """ for v in field.validators: # "Formats such as "email", "uuid", and so on, MAY be used even though undefined by this specification." - # https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#data-types + # https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.2.md#data-types if isinstance(v, EmailValidator): schema['format'] = 'email' if isinstance(v, URLValidator): diff --git a/rest_framework/serializers.py b/rest_framework/serializers.py index 8fe284bc8..ca60810df 100644 --- a/rest_framework/serializers.py +++ b/rest_framework/serializers.py @@ -7,7 +7,7 @@ Serialization in REST framework is a two-phase process: 1. Serializers marshal between complex types like model instances, and python primitives. -2. The process of marshalling between python primitives and request and +2. The process of marshaling between python primitives and request and response content is handled by parsers and renderers. """ @@ -53,7 +53,7 @@ from rest_framework.validators import ( # This helps keep the separation between model fields, form fields, and # serializer fields more explicit. from rest_framework.fields import ( # NOQA # isort:skip - BooleanField, CharField, ChoiceField, DateField, DateTimeField, DecimalField, + BigIntegerField, BooleanField, CharField, ChoiceField, DateField, DateTimeField, DecimalField, DictField, DurationField, EmailField, Field, FileField, FilePathField, FloatField, HiddenField, HStoreField, IPAddressField, ImageField, IntegerField, JSONField, ListField, ModelField, MultipleChoiceField, ReadOnlyField, @@ -906,7 +906,8 @@ class ModelSerializer(Serializer): """ serializer_field_mapping = { models.AutoField: IntegerField, - models.BigIntegerField: IntegerField, + models.BigAutoField: BigIntegerField, + models.BigIntegerField: BigIntegerField, models.BooleanField: BooleanField, models.CharField: CharField, models.CommaSeparatedIntegerField: CharField, @@ -1090,6 +1091,13 @@ class ModelSerializer(Serializer): # Determine the fields that should be included on the serializer. fields = {} + # If it's a ManyToMany field, and the default is None, then raises an exception to prevent exceptions on .set() + for field_name in declared_fields.keys(): + if field_name in info.relations and info.relations[field_name].to_many and declared_fields[field_name].default is None: + raise ValueError( + f"The field '{field_name}' on serializer '{self.__class__.__name__}' is a ManyToMany field and cannot have a default value of None." + ) + for field_name in field_names: # If the field is explicitly declared on the class then use that. if field_name in declared_fields: @@ -1569,6 +1577,17 @@ class ModelSerializer(Serializer): self.get_unique_for_date_validators() ) + def _get_constraint_violation_error_message(self, constraint): + """ + Returns the violation error message for the UniqueConstraint, + or None if the message is the default. + """ + violation_error_message = constraint.get_violation_error_message() + default_error_message = constraint.default_violation_error_message % {"name": constraint.name} + if violation_error_message == default_error_message: + return None + return violation_error_message + def get_unique_together_validators(self): """ Determine a default set of validators for any unique_together constraints. @@ -1595,6 +1614,13 @@ class ModelSerializer(Serializer): for name, source in field_sources.items(): source_map[source].append(name) + unique_constraint_by_fields = { + constraint.fields: constraint + for model_cls in (*self.Meta.model._meta.parents, self.Meta.model) + for constraint in model_cls._meta.constraints + if isinstance(constraint, models.UniqueConstraint) + } + # Note that we make sure to check `unique_together` both on the # base model class, but also on any parent classes. validators = [] @@ -1621,11 +1647,17 @@ class ModelSerializer(Serializer): ) field_names = tuple(source_map[f][0] for f in unique_together) + + constraint = unique_constraint_by_fields.get(tuple(unique_together)) + violation_error_message = self._get_constraint_violation_error_message(constraint) if constraint else None + validator = UniqueTogetherValidator( queryset=queryset, fields=field_names, condition_fields=tuple(source_map[f][0] for f in condition_fields), condition=condition, + message=violation_error_message, + code=getattr(constraint, 'violation_error_code', None), ) validators.append(validator) return validators diff --git a/rest_framework/settings.py b/rest_framework/settings.py index b0d7bacec..c6cc97c53 100644 --- a/rest_framework/settings.py +++ b/rest_framework/settings.py @@ -24,7 +24,7 @@ from django.conf import settings from django.core.signals import setting_changed from django.utils.module_loading import import_string -from rest_framework import ISO_8601 +from rest_framework import DJANGO_DURATION_FORMAT, ISO_8601 DEFAULTS = { # Base API policies @@ -109,11 +109,14 @@ DEFAULTS = { 'TIME_FORMAT': ISO_8601, 'TIME_INPUT_FORMATS': [ISO_8601], + 'DURATION_FORMAT': DJANGO_DURATION_FORMAT, + # Encoding 'UNICODE_JSON': True, 'COMPACT_JSON': True, 'STRICT_JSON': True, 'COERCE_DECIMAL_TO_STRING': True, + 'COERCE_BIGINT_TO_STRING': False, 'UPLOADED_FILES_USE_URL': True, # Browsable API diff --git a/rest_framework/utils/encoders.py b/rest_framework/utils/encoders.py index aa4542286..63811b839 100644 --- a/rest_framework/utils/encoders.py +++ b/rest_framework/utils/encoders.py @@ -5,6 +5,7 @@ Helper classes for parsers. import contextlib import datetime import decimal +import ipaddress import json # noqa import uuid @@ -45,6 +46,15 @@ class JSONEncoder(json.JSONEncoder): return float(obj) elif isinstance(obj, uuid.UUID): return str(obj) + elif isinstance(obj, ( + ipaddress.IPv4Address, + ipaddress.IPv6Address, + ipaddress.IPv4Network, + ipaddress.IPv6Network, + ipaddress.IPv4Interface, + ipaddress.IPv6Interface) + ): + return str(obj) elif isinstance(obj, QuerySet): return tuple(obj) elif isinstance(obj, bytes): diff --git a/rest_framework/validators.py b/rest_framework/validators.py index 4c444cf01..cc759b39c 100644 --- a/rest_framework/validators.py +++ b/rest_framework/validators.py @@ -111,13 +111,15 @@ class UniqueTogetherValidator: message = _('The fields {field_names} must make a unique set.') missing_message = _('This field is required.') requires_context = True + code = 'unique' - def __init__(self, queryset, fields, message=None, condition_fields=None, condition=None): + def __init__(self, queryset, fields, message=None, condition_fields=None, condition=None, code=None): self.queryset = queryset self.fields = fields self.message = message or self.message self.condition_fields = [] if condition_fields is None else condition_fields self.condition = condition + self.code = code or self.code def enforce_required_fields(self, attrs, serializer): """ @@ -189,11 +191,16 @@ class UniqueTogetherValidator: ] condition_sources = (serializer.fields[field_name].source for field_name in self.condition_fields) - condition_kwargs = {source: attrs[source] for source in condition_sources} + condition_kwargs = { + source: attrs[source] + if source in attrs + else getattr(serializer.instance, source) + for source in condition_sources + } if checked_values and None not in checked_values and qs_exists_with_condition(queryset, self.condition, condition_kwargs): field_names = ', '.join(self.fields) message = self.message.format(field_names=field_names) - raise ValidationError(message, code='unique') + raise ValidationError(message, code=self.code) def __repr__(self): return '<{}({})>'.format( @@ -212,6 +219,7 @@ class UniqueTogetherValidator: and self.missing_message == other.missing_message and self.queryset == other.queryset and self.fields == other.fields + and self.code == other.code ) diff --git a/setup.cfg b/setup.cfg index 459238836..6553bfcd5 100644 --- a/setup.cfg +++ b/setup.cfg @@ -1,36 +1,4 @@ -[metadata] -license_files = LICENSE.md - -[tool:pytest] -addopts=--tb=short --strict-markers -ra -testpaths = tests -filterwarnings = ignore:CoreAPI compatibility is deprecated*:rest_framework.RemovedInDRF317Warning - [flake8] -ignore = E501,W503,W504 +extend-ignore = E501,W503,W504,B +extend-select = B006 banned-modules = json = use from rest_framework.utils import json! - -[isort] -skip=.tox -atomic=true -multi_line_output=5 -extra_standard_library=types -known_third_party=pytest,_pytest,django,pytz,uritemplate -known_first_party=rest_framework,tests - -[coverage:run] -# NOTE: source is ignored with pytest-cov (but uses the same). -source = . -include = rest_framework/*,tests/* -branch = 1 - -[coverage:report] -include = rest_framework/*,tests/* -exclude_lines = - pragma: no cover - raise NotImplementedError - -[codespell] -# Ref: https://github.com/codespell-project/codespell#using-a-config-file -skip = */kickstarter-announcement.md,*.js,*.map,*.po -ignore-words-list = fo,malcom,ser diff --git a/setup.py b/setup.py deleted file mode 100755 index e5e78c2c7..000000000 --- a/setup.py +++ /dev/null @@ -1,119 +0,0 @@ -import os -import re -import shutil -import sys - -from setuptools import find_packages, setup - -CURRENT_PYTHON = sys.version_info[:2] -REQUIRED_PYTHON = (3, 9) - -# This check and everything above must remain compatible with Python 2.7. -if CURRENT_PYTHON < REQUIRED_PYTHON: - sys.stderr.write(""" -========================== -Unsupported Python version -========================== - -This version of Django REST Framework requires Python {}.{}, but you're trying -to install it on Python {}.{}. - -This may be because you are using a version of pip that doesn't -understand the python_requires classifier. Make sure you -have pip >= 9.0 and setuptools >= 24.2, then try again: - - $ python -m pip install --upgrade pip setuptools - $ python -m pip install djangorestframework - -This will install the latest version of Django REST Framework which works on -your version of Python. If you can't upgrade your pip (or Python), request -an older version of Django REST Framework: - - $ python -m pip install "djangorestframework<3.10" -""".format(*(REQUIRED_PYTHON + CURRENT_PYTHON))) - sys.exit(1) - - -def read(f): - with open(f, encoding='utf-8') as file: - return file.read() - - -def get_version(package): - """ - Return package version as listed in `__version__` in `init.py`. - """ - init_py = open(os.path.join(package, '__init__.py')).read() - return re.search("__version__ = ['\"]([^'\"]+)['\"]", init_py).group(1) - - -version = get_version('rest_framework') - - -if sys.argv[-1] == 'publish': - if os.system("pip freeze | grep twine"): - print("twine not installed.\nUse `pip install twine`.\nExiting.") - sys.exit() - os.system("python setup.py sdist bdist_wheel") - if os.system("twine check dist/*"): - print("twine check failed. Packages might be outdated.") - print("Try using `pip install -U twine wheel`.\nExiting.") - sys.exit() - os.system("twine upload dist/*") - print("You probably want to also tag the version now:") - print(" git tag -a %s -m 'version %s'" % (version, version)) - print(" git push --tags") - shutil.rmtree('dist') - shutil.rmtree('build') - shutil.rmtree('djangorestframework.egg-info') - sys.exit() - - -setup( - name='djangorestframework', - version=version, - url='https://www.django-rest-framework.org/', - license='BSD', - description='Web APIs for Django, made easy.', - long_description=read('README.md'), - long_description_content_type='text/markdown', - author='Tom Christie', - author_email='tom@tomchristie.com', # SEE NOTE BELOW (*) - packages=find_packages(exclude=['tests*']), - include_package_data=True, - install_requires=["django>=4.2"], - python_requires=">=3.9", - zip_safe=False, - classifiers=[ - 'Development Status :: 5 - Production/Stable', - 'Environment :: Web Environment', - 'Framework :: Django', - 'Framework :: Django :: 4.2', - 'Framework :: Django :: 5.0', - 'Framework :: Django :: 5.1', - 'Framework :: Django :: 5.2', - 'Intended Audience :: Developers', - 'License :: OSI Approved :: BSD License', - 'Operating System :: OS Independent', - 'Programming Language :: Python', - 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.9', - 'Programming Language :: Python :: 3.10', - 'Programming Language :: Python :: 3.11', - 'Programming Language :: Python :: 3.12', - 'Programming Language :: Python :: 3.13', - 'Programming Language :: Python :: 3 :: Only', - 'Topic :: Internet :: WWW/HTTP', - ], - project_urls={ - 'Funding': 'https://fund.django-rest-framework.org/topics/funding/', - 'Source': 'https://github.com/encode/django-rest-framework', - 'Changelog': 'https://www.django-rest-framework.org/community/release-notes/', - }, -) - -# (*) Please direct queries to the discussion group, rather than to me directly -# Doing so helps ensure your question is helpful to other users. -# Queries directly to my email are likely to receive a canned response. -# -# Many thanks for your understanding. diff --git a/tests/authentication/test_authentication.py b/tests/authentication/test_authentication.py index 2f05ce7d1..3b6c633ee 100644 --- a/tests/authentication/test_authentication.py +++ b/tests/authentication/test_authentication.py @@ -81,6 +81,7 @@ urlpatterns = [ @override_settings(ROOT_URLCONF=__name__) class BasicAuthTests(TestCase): """Basic authentication""" + def setUp(self): self.csrf_client = APIClient(enforce_csrf_checks=True) self.username = 'john' @@ -198,6 +199,7 @@ class BasicAuthTests(TestCase): @override_settings(ROOT_URLCONF=__name__) class SessionAuthTests(TestCase): """User session authentication""" + def setUp(self): self.csrf_client = APIClient(enforce_csrf_checks=True) self.non_csrf_client = APIClient(enforce_csrf_checks=False) @@ -418,6 +420,41 @@ class TokenAuthTests(BaseTokenAuthTests, TestCase): key = self.model.generate_key() assert isinstance(key, str) + def test_generate_key_returns_valid_format(self): + """Ensure generate_key returns a valid token format""" + key = self.model.generate_key() + assert len(key) == 40 + # Should contain only valid hexadecimal characters + assert all(c in '0123456789abcdef' for c in key) + + def test_generate_key_produces_unique_values(self): + """Ensure generate_key produces unique values across multiple calls""" + keys = set() + for _ in range(100): + key = self.model.generate_key() + assert key not in keys, f"Duplicate key generated: {key}" + keys.add(key) + + def test_generate_key_collision_resistance(self): + """Test collision resistance with reasonable sample size""" + keys = set() + for _ in range(500): + key = self.model.generate_key() + assert key not in keys, f"Collision found: {key}" + keys.add(key) + assert len(keys) == 500, f"Expected 500 unique keys, got {len(keys)}" + + def test_generate_key_randomness_quality(self): + """Test basic randomness properties of generated keys""" + keys = [self.model.generate_key() for _ in range(10)] + # Consecutive keys should be different + for i in range(len(keys) - 1): + assert keys[i] != keys[i + 1], "Consecutive keys should be different" + # Keys should not follow obvious patterns + for key in keys: + # Should not be all same character + assert not all(c == key[0] for c in key), f"Key has all same characters: {key}" + def test_token_login_json(self): """Ensure token login view using JSON POST works.""" client = APIClient(enforce_csrf_checks=True) @@ -480,6 +517,7 @@ class IncorrectCredentialsTests(TestCase): authentication should run and error, even if no permissions are set on the view. """ + class IncorrectCredentialsAuth(BaseAuthentication): def authenticate(self, request): raise exceptions.AuthenticationFailed('Bad credentials') @@ -571,6 +609,7 @@ class BasicAuthenticationUnitTests(TestCase): class MockUser: is_active = False + old_authenticate = authentication.authenticate authentication.authenticate = lambda **kwargs: MockUser() try: diff --git a/tests/browsable_api/test_browsable_api.py b/tests/browsable_api/test_browsable_api.py index 758e3d1a4..9df4b2f5f 100644 --- a/tests/browsable_api/test_browsable_api.py +++ b/tests/browsable_api/test_browsable_api.py @@ -33,7 +33,7 @@ class AnonymousUserTests(TestCase): @override_settings(ROOT_URLCONF='tests.browsable_api.auth_urls') class DropdownWithAuthTests(TestCase): - """Tests correct dropdown behaviour with Auth views enabled.""" + """Tests correct dropdown behavior with Auth views enabled.""" def setUp(self): self.client = APIClient(enforce_csrf_checks=True) self.username = 'john' @@ -74,7 +74,7 @@ class DropdownWithAuthTests(TestCase): @override_settings(ROOT_URLCONF='tests.browsable_api.no_auth_urls') class NoDropdownWithoutAuthTests(TestCase): - """Tests correct dropdown behaviour with Auth views NOT enabled.""" + """Tests correct dropdown behavior with Auth views NOT enabled.""" def setUp(self): self.client = APIClient(enforce_csrf_checks=True) self.username = 'john' diff --git a/tests/browsable_api/test_browsable_nested_api.py b/tests/browsable_api/test_browsable_nested_api.py index a6c2ee6bd..9ef7605d6 100644 --- a/tests/browsable_api/test_browsable_nested_api.py +++ b/tests/browsable_api/test_browsable_nested_api.py @@ -28,7 +28,7 @@ urlpatterns = [ class DropdownWithAuthTests(TestCase): - """Tests correct dropdown behaviour with Auth views enabled.""" + """Tests correct dropdown behavior with Auth views enabled.""" @override_settings(ROOT_URLCONF='tests.browsable_api.test_browsable_nested_api') def test_login(self): diff --git a/tests/schemas/test_coreapi.py b/tests/schemas/test_coreapi.py index a97b02fe1..6e76447c6 100644 --- a/tests/schemas/test_coreapi.py +++ b/tests/schemas/test_coreapi.py @@ -7,7 +7,7 @@ from django.test import TestCase, override_settings from django.urls import include, path from rest_framework import ( - RemovedInDRF317Warning, filters, generics, pagination, permissions, + RemovedInDRF318Warning, filters, generics, pagination, permissions, serializers ) from rest_framework.compat import coreapi, coreschema @@ -1445,42 +1445,42 @@ def test_schema_handles_exception(): @pytest.mark.skipif(not coreapi, reason='coreapi is not installed') def test_coreapi_deprecation(): - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): SchemaGenerator() - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): AutoSchema() - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): ManualSchema({}) - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): deprecated_filter = OrderingFilter() deprecated_filter.get_schema_fields({}) - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): deprecated_filter = BaseFilterBackend() deprecated_filter.get_schema_fields({}) - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): deprecated_filter = SearchFilter() deprecated_filter.get_schema_fields({}) - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): paginator = BasePagination() paginator.get_schema_fields({}) - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): paginator = PageNumberPagination() paginator.get_schema_fields({}) - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): paginator = LimitOffsetPagination() paginator.get_schema_fields({}) - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): paginator = CursorPagination() paginator.get_schema_fields({}) - with pytest.warns(RemovedInDRF317Warning): + with pytest.warns(RemovedInDRF318Warning): is_enabled() diff --git a/tests/schemas/test_openapi.py b/tests/schemas/test_openapi.py index a168cb466..13746bb90 100644 --- a/tests/schemas/test_openapi.py +++ b/tests/schemas/test_openapi.py @@ -257,7 +257,6 @@ class TestOperationIntrospection(TestCase): inspector.view = view request_body = inspector.get_request_body(path, method) - print(request_body) assert request_body['content']['application/json']['schema']['$ref'] == '#/components/schemas/Item' components = inspector.get_components(path, method) @@ -928,7 +927,6 @@ class TestOperationIntrospection(TestCase): request = create_request('/') schema = generator.get_schema(request=request) schema_str = str(schema) - print(schema_str) assert schema_str.count("operationId") == 2 assert schema_str.count("newExample") == 1 assert schema_str.count("oldExample") == 1 @@ -948,7 +946,6 @@ class TestOperationIntrospection(TestCase): assert len(w) == 1 assert issubclass(w[-1].category, UserWarning) - print(str(w[-1].message)) assert 'You have a duplicated operationId' in str(w[-1].message) def test_operation_id_viewset(self): @@ -960,7 +957,6 @@ class TestOperationIntrospection(TestCase): request = create_request('/') schema = generator.get_schema(request=request) - print(schema) assert schema['paths']['/account/']['get']['operationId'] == 'listExampleViewSets' assert schema['paths']['/account/']['post']['operationId'] == 'createExampleViewSet' assert schema['paths']['/account/{id}/']['get']['operationId'] == 'retrieveExampleViewSet' @@ -1284,8 +1280,6 @@ class TestGenerator(TestCase): request = create_request('/') schema = generator.get_schema(request=request) - print(schema) - assert 'components' in schema assert 'schemas' in schema['components'] assert 'ExampleModel' in schema['components']['schemas'] @@ -1299,8 +1293,6 @@ class TestGenerator(TestCase): request = create_request('/') schema = generator.get_schema(request=request) - print(schema) - route = schema['paths']['/api-token-auth/']['post'] body_schema = route['requestBody']['content']['application/json']['schema'] @@ -1327,7 +1319,6 @@ class TestGenerator(TestCase): request = create_request('/') schema = generator.get_schema(request=request) - print(schema) assert 'components' in schema assert 'schemas' in schema['components'] assert 'Ulysses' in schema['components']['schemas'] diff --git a/tests/test_authtoken.py b/tests/test_authtoken.py index 30e416d65..3cfcbb394 100644 --- a/tests/test_authtoken.py +++ b/tests/test_authtoken.py @@ -5,6 +5,7 @@ import pytest from django.contrib.admin import site from django.contrib.auth.models import User from django.core.management import CommandError, call_command +from django.db import IntegrityError from django.test import TestCase, modify_settings from rest_framework.authtoken.admin import TokenAdmin @@ -48,6 +49,45 @@ class AuthTokenTests(TestCase): self.user.save() assert AuthTokenSerializer(data=data).is_valid() + def test_token_creation_collision_raises_integrity_error(self): + user2 = User.objects.create_user('user2', 'user2@example.com', 'p') + existing_token = Token.objects.create(user=user2) + + # Try to create another token with the same key + with self.assertRaises(IntegrityError): + Token.objects.create(key=existing_token.key, user=self.user) + + def test_key_generated_on_save_when_cleared(self): + # Create a new user for this test to avoid conflicts with setUp token + user2 = User.objects.create_user('test_user2', 'test2@example.com', 'password') + + # Create a token without a key - it should generate one automatically + token = Token(user=user2) + token.key = "" # Explicitly clear the key + token.save() + + # Verify the key was generated + self.assertEqual(len(token.key), 40) + self.assertEqual(token.user, user2) + + def test_clearing_key_on_existing_token_raises_integrity_error(self): + """Test that clearing the key on an existing token raises IntegrityError.""" + user = User.objects.create_user('test_user3', 'test3@example.com', 'password') + token = Token.objects.create(user=user) + token.key = "" + + # This should raise IntegrityError because: + # 1. We're trying to update a record with an empty primary key + # 2. The OneToOneField constraint would be violated + with self.assertRaises(Exception): # Could be IntegrityError or DatabaseError + token.save() + + def test_saving_existing_token_without_changes_does_not_alter_key(self): + original_key = self.token.key + + self.token.save() + self.assertEqual(self.token.key, original_key) + class AuthTokenCommandTests(TestCase): diff --git a/tests/test_decorators.py b/tests/test_decorators.py index 8d0805cbb..cc7cab4d7 100644 --- a/tests/test_decorators.py +++ b/tests/test_decorators.py @@ -6,9 +6,11 @@ from django.test import TestCase from rest_framework import status from rest_framework.authentication import BasicAuthentication from rest_framework.decorators import ( - action, api_view, authentication_classes, parser_classes, - permission_classes, renderer_classes, schema, throttle_classes + action, api_view, authentication_classes, content_negotiation_class, + metadata_class, parser_classes, permission_classes, renderer_classes, + schema, throttle_classes, versioning_class ) +from rest_framework.negotiation import BaseContentNegotiation from rest_framework.parsers import JSONParser from rest_framework.permissions import IsAuthenticated from rest_framework.renderers import JSONRenderer @@ -16,6 +18,7 @@ from rest_framework.response import Response from rest_framework.schemas import AutoSchema from rest_framework.test import APIRequestFactory from rest_framework.throttling import UserRateThrottle +from rest_framework.versioning import QueryParameterVersioning from rest_framework.views import APIView @@ -150,6 +153,43 @@ class DecoratorTestCase(TestCase): response = view(request) assert response.status_code == status.HTTP_429_TOO_MANY_REQUESTS + def test_versioning_class(self): + @api_view(["GET"]) + @versioning_class(QueryParameterVersioning) + def view(request): + return Response({"version": request.version}) + + request = self.factory.get("/?version=1.2.3") + response = view(request) + assert response.data == {"version": "1.2.3"} + + def test_metadata_class(self): + # From TestMetadata.test_none_metadata() + @api_view() + @metadata_class(None) + def view(request): + return Response({}) + + request = self.factory.options('/') + response = view(request) + assert response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED + assert response.data == {'detail': 'Method "OPTIONS" not allowed.'} + + def test_content_negotiation(self): + class CustomContentNegotiation(BaseContentNegotiation): + def select_renderer(self, request, renderers, format_suffix): + assert request.META['HTTP_ACCEPT'] == 'custom/type' + return (renderers[0], renderers[0].media_type) + + @api_view(["GET"]) + @content_negotiation_class(CustomContentNegotiation) + def view(request): + return Response({}) + + request = self.factory.get('/', HTTP_ACCEPT='custom/type') + response = view(request) + assert response.status_code == status.HTTP_200_OK + def test_schema(self): """ Checks CustomSchema class is set on view @@ -164,6 +204,124 @@ class DecoratorTestCase(TestCase): assert isinstance(view.cls.schema, CustomSchema) + def test_incorrect_decorator_order_permission_classes(self): + """ + If @permission_classes is applied after @api_view, we should raise a TypeError. + """ + with self.assertRaises(TypeError) as cm: + @permission_classes([IsAuthenticated]) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@permission_classes must come after (below) the @api_view decorator' in str(cm.exception) + + def test_incorrect_decorator_order_renderer_classes(self): + """ + If @renderer_classes is applied after @api_view, we should raise a TypeError. + """ + with self.assertRaises(TypeError) as cm: + @renderer_classes([JSONRenderer]) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@renderer_classes must come after (below) the @api_view decorator' in str(cm.exception) + + def test_incorrect_decorator_order_parser_classes(self): + """ + If @parser_classes is applied after @api_view, we should raise a TypeError. + """ + with self.assertRaises(TypeError) as cm: + @parser_classes([JSONParser]) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@parser_classes must come after (below) the @api_view decorator' in str(cm.exception) + + def test_incorrect_decorator_order_authentication_classes(self): + """ + If @authentication_classes is applied after @api_view, we should raise a TypeError. + """ + with self.assertRaises(TypeError) as cm: + @authentication_classes([BasicAuthentication]) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@authentication_classes must come after (below) the @api_view decorator' in str(cm.exception) + + def test_incorrect_decorator_order_throttle_classes(self): + """ + If @throttle_classes is applied after @api_view, we should raise a TypeError. + """ + class OncePerDayUserThrottle(UserRateThrottle): + rate = '1/day' + + with self.assertRaises(TypeError) as cm: + @throttle_classes([OncePerDayUserThrottle]) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@throttle_classes must come after (below) the @api_view decorator' in str(cm.exception) + + def test_incorrect_decorator_order_versioning_class(self): + """ + If @versioning_class is applied after @api_view, we should raise a TypeError. + """ + with self.assertRaises(TypeError) as cm: + @versioning_class(QueryParameterVersioning) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@versioning_class must come after (below) the @api_view decorator' in str(cm.exception) + + def test_incorrect_decorator_order_metadata_class(self): + """ + If @metadata_class is applied after @api_view, we should raise a TypeError. + """ + with self.assertRaises(TypeError) as cm: + @metadata_class(None) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@metadata_class must come after (below) the @api_view decorator' in str(cm.exception) + + def test_incorrect_decorator_order_content_negotiation_class(self): + """ + If @content_negotiation_class is applied after @api_view, we should raise a TypeError. + """ + class CustomContentNegotiation(BaseContentNegotiation): + def select_renderer(self, request, renderers, format_suffix): + return (renderers[0], renderers[0].media_type) + + with self.assertRaises(TypeError) as cm: + @content_negotiation_class(CustomContentNegotiation) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@content_negotiation_class must come after (below) the @api_view decorator' in str(cm.exception) + + def test_incorrect_decorator_order_schema(self): + """ + If @schema is applied after @api_view, we should raise a TypeError. + """ + class CustomSchema(AutoSchema): + pass + + with self.assertRaises(TypeError) as cm: + @schema(CustomSchema()) + @api_view(['GET']) + def view(request): + return Response({}) + + assert '@schema must come after (below) the @api_view decorator' in str(cm.exception) + class ActionDecoratorTestCase(TestCase): diff --git a/tests/test_encoders.py b/tests/test_encoders.py index 953e5564b..4ba653143 100644 --- a/tests/test_encoders.py +++ b/tests/test_encoders.py @@ -1,3 +1,4 @@ +import ipaddress from datetime import date, datetime, timedelta, timezone from decimal import Decimal from uuid import uuid4 @@ -78,6 +79,48 @@ class JSONEncoderTests(TestCase): unique_id = uuid4() assert self.encoder.default(unique_id) == str(unique_id) + def test_encode_ipaddress_ipv4address(self): + """ + Tests encoding ipaddress IPv4Address object + """ + obj = ipaddress.IPv4Address("192.168.1.1") + assert self.encoder.default(obj) == "192.168.1.1" + + def test_encode_ipaddress_ipv6address(self): + """ + Tests encoding ipaddress IPv6Address object + """ + obj = ipaddress.IPv6Address("2001:0db8:85a3:0000:0000:8a2e:0370:7334") + assert self.encoder.default(obj) == "2001:db8:85a3::8a2e:370:7334" + + def test_encode_ipaddress_ipv4network(self): + """ + Tests encoding ipaddress IPv4Network object + """ + obj = ipaddress.IPv4Network("192.0.2.8/29") + assert self.encoder.default(obj) == "192.0.2.8/29" + + def test_encode_ipaddress_ipv6network(self): + """ + Tests encoding ipaddress IPv4Network object + """ + obj = ipaddress.IPv6Network("2001:4860:0000::0000/32") + assert self.encoder.default(obj) == "2001:4860::/32" + + def test_encode_ipaddress_ipv4interface(self): + """ + Tests encoding ipaddress IPv4Interface object + """ + obj = ipaddress.IPv4Interface("192.0.2.8/29") + assert self.encoder.default(obj) == "192.0.2.8/29" + + def test_encode_ipaddress_ipv6interface(self): + """ + Tests encoding ipaddress IPv4Network object + """ + obj = ipaddress.IPv6Interface("2001:4860:4860::8888/32") + assert self.encoder.default(obj) == "2001:4860:4860::8888/32" + @pytest.mark.skipif(not coreapi, reason='coreapi is not installed') def test_encode_coreapi_raises_error(self): """ diff --git a/tests/test_fields.py b/tests/test_fields.py index 6b23e2d4c..b8b1e4caf 100644 --- a/tests/test_fields.py +++ b/tests/test_fields.py @@ -9,15 +9,9 @@ from enum import auto from unittest.mock import patch from zoneinfo import ZoneInfo +import django import pytest - -from rest_framework.utils import json - -try: - import pytz -except ImportError: - pytz = None - +import pytz from django.core.exceptions import ValidationError as DjangoValidationError from django.db.models import IntegerChoices, TextChoices from django.http import QueryDict @@ -30,6 +24,7 @@ from rest_framework.fields import ( BuiltinSignatureError, DjangoImageField, SkipField, empty, is_simple_callable ) +from rest_framework.utils import json from tests.models import UUIDForeignKeyTarget utc = datetime.timezone.utc @@ -338,7 +333,7 @@ class TestInitialWithCallable: def test_initial_should_accept_callable(self): """ - Follows the default ``Field.initial`` behaviour where they accept a + Follows the default ``Field.initial`` behavior where they accept a callable to produce the initial value""" assert self.serializer.data == { 'initial_field': 123, @@ -1105,6 +1100,70 @@ class TestMinMaxIntegerField(FieldValues): field = serializers.IntegerField(min_value=1, max_value=3) +class TestBigIntegerField(FieldValues): + """ + Valid and invalid values for `BigIntegerField`. + """ + valid_inputs = { + '1': 1, + '0': 0, + 1: 1, + 0: 0, + 123: 123, + -123: -123, + '999999999999999999999999999': 999999999999999999999999999, + -999999999999999999999999999: -999999999999999999999999999, + 1.0: 1, + 0.0: 0, + '1.0': 1 + } + invalid_inputs = { + 0.5: ['A valid biginteger is required.'], + 'abc': ['A valid biginteger is required.'], + '0.5': ['A valid biginteger is required.'] + } + outputs = { + '1': 1, + '0': 0, + 1: 1, + 0: 0, + 1.0: 1, + 0.0: 0, + '999999999999999999999999999': 999999999999999999999999999, + -999999999999999999999999999: -999999999999999999999999999 + } + field = serializers.BigIntegerField() + + +class TestMinMaxBigIntegerField(FieldValues): + """ + Valid and invalid values for `BigIntegerField` with min and max limits. + """ + valid_inputs = { + '1': 1, + '3': 3, + 1: 1, + 3: 3, + } + invalid_inputs = { + 0: ['Ensure this value is greater than or equal to 1.'], + 4: ['Ensure this value is less than or equal to 3.'], + '0': ['Ensure this value is greater than or equal to 1.'], + '4': ['Ensure this value is less than or equal to 3.'], + } + outputs = {} + field = serializers.BigIntegerField(min_value=1, max_value=3) + + +class TestCoercionBigIntegerField(TestCase): + + def test_force_coerce_to_string(self): + field = serializers.BigIntegerField(coerce_to_string=True) + value = field.to_representation(1) + assert isinstance(value, str) + assert value == "1" + + class TestFloatField(FieldValues): """ Valid and invalid values for `FloatField`. @@ -1626,7 +1685,10 @@ class TestCustomTimezoneForDateTimeField(TestCase): assert rendered_date == rendered_date_in_timezone -@pytest.mark.skipif(pytz is None, reason="Django 5.0 has removed pytz; this test should eventually be able to get removed.") +@pytest.mark.skipif( + condition=django.VERSION >= (5,), + reason="Django 5.0 has removed pytz; this test should eventually be able to get removed.", +) class TestPytzNaiveDayLightSavingTimeTimeZoneDateTimeField(FieldValues): """ Invalid values for `DateTimeField` with datetime in DST shift (non-existing or ambiguous) and timezone with DST. @@ -1640,16 +1702,15 @@ class TestPytzNaiveDayLightSavingTimeTimeZoneDateTimeField(FieldValues): } outputs = {} - if pytz: - class MockTimezone(pytz.BaseTzInfo): - @staticmethod - def localize(value, is_dst): - raise pytz.InvalidTimeError() + class MockTimezone(pytz.BaseTzInfo): + @staticmethod + def localize(value, is_dst): + raise pytz.InvalidTimeError() - def __str__(self): - return 'America/New_York' + def __str__(self): + return 'America/New_York' - field = serializers.DateTimeField(default_timezone=MockTimezone()) + field = serializers.DateTimeField(default_timezone=MockTimezone()) @patch('rest_framework.utils.timezone.datetime_ambiguous', return_value=True) @@ -1774,9 +1835,69 @@ class TestDurationField(FieldValues): } field = serializers.DurationField() + def test_invalid_format(self): + with pytest.raises(ValueError) as exc_info: + serializers.DurationField(format='unknown') + assert str(exc_info.value) == ( + "Unknown duration format provided, got 'unknown'" + " while expecting 'django', 'iso-8601' or `None`." + ) + with pytest.raises(TypeError) as exc_info: + serializers.DurationField(format=123) + assert str(exc_info.value) == ( + "duration format must be either str or `None`, not int" + ) + + def test_invalid_format_in_config(self): + field = serializers.DurationField() + + with override_settings(REST_FRAMEWORK={'DURATION_FORMAT': 'unknown'}): + with pytest.raises(ValueError) as exc_info: + field.to_representation(datetime.timedelta(days=1)) + + assert str(exc_info.value) == ( + "Unknown duration format provided, got 'unknown'" + " while expecting 'django', 'iso-8601' or `None`." + ) + with override_settings(REST_FRAMEWORK={'DURATION_FORMAT': 123}): + with pytest.raises(TypeError) as exc_info: + field.to_representation(datetime.timedelta(days=1)) + assert str(exc_info.value) == ( + "duration format must be either str or `None`, not int" + ) + + +class TestNoOutputFormatDurationField(FieldValues): + """ + Values for `DurationField` with a no output format. + """ + valid_inputs = {} + invalid_inputs = {} + outputs = { + datetime.timedelta(1): datetime.timedelta(1) + } + field = serializers.DurationField(format=None) + + +class TestISOOutputFormatDurationField(FieldValues): + """ + Values for `DurationField` with a custom output format. + """ + valid_inputs = { + '13': datetime.timedelta(seconds=13), + 'P3DT08H32M01.000123S': datetime.timedelta(days=3, hours=8, minutes=32, seconds=1, microseconds=123), + 'PT8H1M': datetime.timedelta(hours=8, minutes=1), + '-P999999999D': datetime.timedelta(days=-999999999), + 'P999999999D': datetime.timedelta(days=999999999) + } + invalid_inputs = {} + outputs = { + datetime.timedelta(days=3, hours=8, minutes=32, seconds=1, microseconds=123): 'P3DT08H32M01.000123S' + } + field = serializers.DurationField(format='iso-8601') + # Choice types... - class TestChoiceField(FieldValues): """ Valid and invalid values for `ChoiceField`. diff --git a/tests/test_lazy_hyperlinks.py b/tests/test_lazy_hyperlinks.py index 716d02d2a..db1de3567 100644 --- a/tests/test_lazy_hyperlinks.py +++ b/tests/test_lazy_hyperlinks.py @@ -39,7 +39,7 @@ class TestLazyHyperlinkNames(TestCase): self.example = Example.objects.create(text='foo') def test_lazy_hyperlink_names(self): - global str_called + global str_called # noqa: F824 context = {'request': None} serializer = ExampleSerializer(self.example, context=context) JSONRenderer().render(serializer.data) diff --git a/tests/test_model_serializer.py b/tests/test_model_serializer.py index eac51ae70..60820df4f 100644 --- a/tests/test_model_serializer.py +++ b/tests/test_model_serializer.py @@ -9,6 +9,7 @@ import datetime import decimal import json # noqa import re +import sys import tempfile import pytest @@ -159,6 +160,7 @@ class TestModelSerializer(TestCase): class TestRegularFieldMappings(TestCase): + @pytest.mark.skipif(sys.platform.startswith("win"), reason="Test not supported on Windows") def test_regular_fields(self): """ Model fields should map to their equivalent serializer fields. @@ -171,7 +173,7 @@ class TestRegularFieldMappings(TestCase): expected = dedent(r""" TestSerializer\(\): auto_field = IntegerField\(read_only=True\) - big_integer_field = IntegerField\(.*\) + big_integer_field = BigIntegerField\(.*\) boolean_field = BooleanField\(required=False\) char_field = CharField\(max_length=100\) comma_separated_integer_field = CharField\(max_length=100, validators=\[\]\) diff --git a/tests/test_renderers.py b/tests/test_renderers.py index 1b396575d..e5c33e6b4 100644 --- a/tests/test_renderers.py +++ b/tests/test_renderers.py @@ -1,5 +1,7 @@ import re from collections.abc import MutableMapping +from datetime import datetime +from zoneinfo import ZoneInfo import pytest from django.core.cache import cache @@ -488,6 +490,85 @@ class TestHiddenFieldHTMLFormRenderer(TestCase): assert rendered == '' +class TestDateTimeFieldHTMLFormRender(TestCase): + """ + Default USE_TZ is True. + Default TIME_ZONE is 'America/Chicago'. + """ + + def _assert_datetime_rendering(self, appointment, expected, datetimefield_kwargs=None): + datetimefield_kwargs = datetimefield_kwargs or {} + + class TestSerializer(serializers.Serializer): + appointment = serializers.DateTimeField(**datetimefield_kwargs) + + serializer = TestSerializer(data={"appointment": appointment}) + serializer.is_valid() + renderer = HTMLFormRenderer() + field = serializer['appointment'] + rendered = renderer.render_field(field, {}) + expected_html = ( + '' + ) + + self.assertInHTML(expected_html, rendered) + + def test_datetime_field_rendering_milliseconds(self): + self._assert_datetime_rendering( + datetime(2024, 12, 24, 0, 55, 30, 345678), "2024-12-24T00:55:30.345" + ) + + def test_datetime_field_rendering_no_seconds_and_no_milliseconds(self): + self._assert_datetime_rendering( + datetime(2024, 12, 24, 0, 55, 0, 0), "2024-12-24T00:55:00.000" + ) + + def test_datetime_field_rendering_with_format_as_none(self): + self._assert_datetime_rendering( + datetime(2024, 12, 24, 0, 55, 30, 345678), + "2024-12-24T00:55:30.345", + {"format": None} + ) + + def test_datetime_field_rendering_with_format(self): + self._assert_datetime_rendering( + datetime(2024, 12, 24, 0, 55, 30, 345678), + "2024-12-24T00:55:00.000", + {"format": "%a %d %b %Y, %I:%M%p"} + ) + + # New project templates default to 'UTC'. + @override_settings(TIME_ZONE='UTC') + def test_datetime_field_rendering_utc(self): + self._assert_datetime_rendering( + datetime(2024, 12, 24, 0, 55, 30, 345678), + "2024-12-24T00:55:30.345" + ) + + @override_settings(REST_FRAMEWORK={'DATETIME_FORMAT': '%a %d %b %Y, %I:%M%p'}) + def test_datetime_field_rendering_with_custom_datetime_format(self): + self._assert_datetime_rendering( + datetime(2024, 12, 24, 0, 55, 30, 345678), + "2024-12-24T00:55:00.000" + ) + + @override_settings(REST_FRAMEWORK={'DATETIME_FORMAT': None}) + def test_datetime_field_rendering_datetime_format_is_none(self): + self._assert_datetime_rendering( + datetime(2024, 12, 24, 0, 55, 30, 345678), + "2024-12-24T00:55:30.345" + ) + + # Enforce it in True because in Django versions under 4.2 was False by default. + @override_settings(USE_TZ=True) + def test_datetime_field_rendering_timezone_aware_datetime(self): + self._assert_datetime_rendering( + datetime(2024, 12, 24, 0, 55, 30, 345678, tzinfo=ZoneInfo('Asia/Tokyo')), # +09:00 + "2024-12-23T09:55:30.345" # Rendered in -06:00 + ) + + class TestHTMLFormRenderer(TestCase): def setUp(self): class TestSerializer(serializers.Serializer): diff --git a/tests/test_serializer.py b/tests/test_serializer.py index cefa2ee38..ed8a74911 100644 --- a/tests/test_serializer.py +++ b/tests/test_serializer.py @@ -6,12 +6,14 @@ from collections.abc import Mapping import pytest from django.db import models +from django.test import TestCase from rest_framework import exceptions, fields, relations, serializers from rest_framework.fields import Field from .models import ( - ForeignKeyTarget, NestedForeignKeySource, NullableForeignKeySource + ForeignKeyTarget, ManyToManySource, ManyToManyTarget, + NestedForeignKeySource, NullableForeignKeySource ) from .utils import MockObject @@ -64,6 +66,7 @@ class TestSerializer: class ExampleSerializer(serializers.Serializer): char = serializers.CharField() integer = serializers.IntegerField() + self.Serializer = ExampleSerializer def test_valid_serializer(self): @@ -774,3 +777,35 @@ class TestSetValueMethod: ret = {'a': 1} self.s.set_value(ret, ['x', 'y'], 2) assert ret == {'a': 1, 'x': {'y': 2}} + + +class TestWarningManyToMany(TestCase): + def test_warning_many_to_many(self): + """Tests that using a PrimaryKeyRelatedField for a ManyToMany field breaks with default=None.""" + class ManyToManySourceSerializer(serializers.ModelSerializer): + targets = serializers.PrimaryKeyRelatedField( + many=True, + queryset=ManyToManyTarget.objects.all(), + default=None + ) + + class Meta: + model = ManyToManySource + fields = '__all__' + + # Instantiates serializer without 'value' field to force using the default=None for the ManyToMany relation + serializer = ManyToManySourceSerializer(data={ + "name": "Invalid Example", + }) + + error_msg = "The field 'targets' on serializer 'ManyToManySourceSerializer' is a ManyToMany field and cannot have a default value of None." + + # Calls to get_fields() should raise a ValueError + with pytest.raises(ValueError) as exc_info: + serializer.get_fields() + assert str(exc_info.value) == error_msg + + # Calls to is_valid() should behave the same + with pytest.raises(ValueError) as exc_info: + serializer.is_valid(raise_exception=True) + assert str(exc_info.value) == error_msg diff --git a/tests/test_serializer_lists.py b/tests/test_serializer_lists.py index 42ebf4771..f76451a5a 100644 --- a/tests/test_serializer_lists.py +++ b/tests/test_serializer_lists.py @@ -287,7 +287,7 @@ class TestNestedListSerializer: class TestNestedListSerializerAllowEmpty: - """Tests the behaviour of allow_empty=False when a ListSerializer is used as a field.""" + """Tests the behavior of allow_empty=False when a ListSerializer is used as a field.""" @pytest.mark.parametrize('partial', (False, True)) def test_allow_empty_true(self, partial): @@ -643,7 +643,7 @@ class TestSerializerPartialUsage: class TestEmptyListSerializer: """ - Tests the behaviour of ListSerializers when there is no data passed to it + Tests the behavior of ListSerializers when there is no data passed to it """ def setup_method(self): @@ -672,7 +672,7 @@ class TestEmptyListSerializer: class TestMaxMinLengthListSerializer: """ - Tests the behaviour of ListSerializers when max_length and min_length are used + Tests the behavior of ListSerializers when max_length and min_length are used """ def setup_method(self): diff --git a/tests/test_serializer_nested.py b/tests/test_serializer_nested.py index 4a71dcbcc..4f1492af1 100644 --- a/tests/test_serializer_nested.py +++ b/tests/test_serializer_nested.py @@ -315,7 +315,7 @@ if postgres_fields: required_db_features = {'supports_json_field'} -@pytest.mark.skipif(not postgres_fields, reason='psycopg2 is not installed') +@pytest.mark.skipif(not postgres_fields, reason='psycopg is not installed') class TestNestedNonRelationalFieldWrite: """ Test that raise_errors_on_nested_writes does not raise `AssertionError` when the diff --git a/tests/test_testing.py b/tests/test_testing.py index 26a6e8ffb..fed42342a 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -17,6 +17,7 @@ from rest_framework.response import Response from rest_framework.test import ( APIClient, APIRequestFactory, URLPatternsTestCase, force_authenticate ) +from rest_framework.views import APIView @api_view(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']) @@ -294,6 +295,28 @@ class TestAPIRequestFactory(TestCase): assert response.status_code == 403 assert response.data == expected + def test_transform_factory_django_request_to_drf_request(self): + """ + ref: GH-3608, GH-4440 & GH-6488. + """ + + factory = APIRequestFactory() + + class DummyView(APIView): # Your custom view. + ... + + request = factory.get('/', {'demo': 'test'}) + drf_request = DummyView().initialize_request(request) + assert drf_request.query_params == {'demo': ['test']} + + assert hasattr(drf_request, 'accepted_media_type') is False + DummyView().initial(drf_request) + assert drf_request.accepted_media_type == 'application/json' + + request = factory.post('/', {'example': 'test'}) + drf_request = DummyView().initialize_request(request) + assert drf_request.data.get('example') == 'test' + def test_invalid_format(self): """ Attempting to use a format that is not configured will raise an diff --git a/tests/test_validators.py b/tests/test_validators.py index c594eecbe..79d4c0cf8 100644 --- a/tests/test_validators.py +++ b/tests/test_validators.py @@ -589,6 +589,21 @@ class UniqueConstraintModel(models.Model): ] +class UniqueConstraintReadOnlyFieldModel(models.Model): + state = models.CharField(max_length=100, default="new") + position = models.IntegerField() + something = models.IntegerField() + + class Meta: + constraints = [ + models.UniqueConstraint( + name="unique_constraint_%(class)s", + fields=("position", "something"), + condition=models.Q(state="new"), + ), + ] + + class UniqueConstraintNullableModel(models.Model): title = models.CharField(max_length=100) age = models.IntegerField(null=True) @@ -601,6 +616,26 @@ class UniqueConstraintNullableModel(models.Model): ] +class UniqueConstraintCustomMessageCodeModel(models.Model): + username = models.CharField(max_length=32) + company_id = models.IntegerField() + role = models.CharField(max_length=32) + + class Meta: + constraints = [ + models.UniqueConstraint( + fields=("username", "company_id"), + name="unique_username_company_custom_msg", + violation_error_message="Username must be unique within a company.", + **(dict(violation_error_code="duplicate_username") if django_version[0] >= 5 else {}), + ), + models.UniqueConstraint( + fields=("company_id", "role"), + name="unique_company_role_default_msg", + ), + ] + + class UniqueConstraintSerializer(serializers.ModelSerializer): class Meta: model = UniqueConstraintModel @@ -613,6 +648,12 @@ class UniqueConstraintNullableSerializer(serializers.ModelSerializer): fields = ('title', 'age', 'tag') +class UniqueConstraintCustomMessageCodeSerializer(serializers.ModelSerializer): + class Meta: + model = UniqueConstraintCustomMessageCodeModel + fields = ('username', 'company_id', 'role') + + class TestUniqueConstraintValidation(TestCase): def setUp(self): self.instance = UniqueConstraintModel.objects.create( @@ -738,6 +779,56 @@ class TestUniqueConstraintValidation(TestCase): ) assert serializer.is_valid() + def test_uniq_constraint_condition_read_only_create(self): + class UniqueConstraintReadOnlyFieldModelSerializer(serializers.ModelSerializer): + class Meta: + model = UniqueConstraintReadOnlyFieldModel + read_only_fields = ("state",) + fields = ("position", "something", *read_only_fields) + serializer = UniqueConstraintReadOnlyFieldModelSerializer( + data={"position": 1, "something": 1} + ) + assert serializer.is_valid() + + def test_uniq_constraint_condition_read_only_partial(self): + class UniqueConstraintReadOnlyFieldModelSerializer(serializers.ModelSerializer): + class Meta: + model = UniqueConstraintReadOnlyFieldModel + read_only_fields = ("state",) + fields = ("position", "something", *read_only_fields) + instance = UniqueConstraintReadOnlyFieldModel.objects.create(position=1, something=1) + serializer = UniqueConstraintReadOnlyFieldModelSerializer( + instance=instance, + data={"position": 1, "something": 1}, + partial=True + ) + assert serializer.is_valid() + + def test_unique_constraint_custom_message_code(self): + UniqueConstraintCustomMessageCodeModel.objects.create(username="Alice", company_id=1, role="member") + expected_code = "duplicate_username" if django_version[0] >= 5 else UniqueTogetherValidator.code + + serializer = UniqueConstraintCustomMessageCodeSerializer(data={ + "username": "Alice", + "company_id": 1, + "role": "admin", + }) + assert not serializer.is_valid() + assert serializer.errors == {"non_field_errors": ["Username must be unique within a company."]} + assert serializer.errors["non_field_errors"][0].code == expected_code + + def test_unique_constraint_default_message_code(self): + UniqueConstraintCustomMessageCodeModel.objects.create(username="Alice", company_id=1, role="member") + serializer = UniqueConstraintCustomMessageCodeSerializer(data={ + "username": "John", + "company_id": 1, + "role": "member", + }) + expected_message = UniqueTogetherValidator.message.format(field_names=', '.join(("company_id", "role"))) + assert not serializer.is_valid() + assert serializer.errors == {"non_field_errors": [expected_message]} + assert serializer.errors["non_field_errors"][0].code == UniqueTogetherValidator.code + # Tests for `UniqueForDateValidator` # ---------------------------------- diff --git a/tox.ini b/tox.ini index 0adcee3a4..b27c13d0f 100644 --- a/tox.ini +++ b/tox.ini @@ -1,10 +1,10 @@ [tox] envlist = - {py39}-{django42} - {py310}-{django42,django51,django52,djangomain} - {py311}-{django42,django51,django52,djangomain} + {py310}-{django42,django51,django52} + {py311}-{django42,django51,django52} {py312}-{django42,django51,django52,djangomain} {py313}-{django51,django52,djangomain} + {py314}-{django52,djangomain} base dist docs @@ -23,18 +23,17 @@ deps = djangomain: https://github.com/django/django/archive/main.tar.gz -rrequirements/requirements-testing.txt -rrequirements/requirements-optionals.txt - setuptools [testenv:base] ; Ensure optional dependencies are not required deps = - django + django<6.0 -rrequirements/requirements-testing.txt [testenv:dist] commands = python -W error::DeprecationWarning -W error::PendingDeprecationWarning runtests.py --no-pkgroot --staticfiles {posargs} deps = - django + django<6.0 -rrequirements/requirements-testing.txt -rrequirements/requirements-optionals.txt @@ -45,14 +44,11 @@ deps = -rrequirements/requirements-testing.txt -rrequirements/requirements-documentation.txt -[testenv:py310-djangomain] -ignore_outcome = true - -[testenv:py311-djangomain] -ignore_outcome = true - [testenv:py312-djangomain] ignore_outcome = true [testenv:py313-djangomain] ignore_outcome = true + +[testenv:py314-djangomain] +ignore_outcome = true