The Django OAuth2 Consumer library from Rediker Software is another package that provides OAuth 2.0 support for REST framework. The package includes token scoping permissions on tokens, which allows finer-grained access to your API.
JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. Blimp maintains the djangorestframework-jwt package which provides a JWT Authentication class as well as a mechanism for clients to obtain a JWT given the username and password.
+HTTP Signature (currently a IETF draft) provides a way to achieve origin authentication and message integrity for HTTP messages. Similar to Amazon's HTTP Signature scheme, used by many of its services, it permits stateless, per-request authentication. Elvio Toccalino maintains the djangorestframework-httpsignature package which provides an easy to use HTTP Signature Authentication mechanism.
PermissionDenied exception.In each case, REST framework will return a response with an appropriate status code and content-type. The body of the response will include any additional details regarding the nature of the error.
-By default all error responses will include a key details in the body of the response, but other keys may also be included.
By default all error responses will include a key detail in the body of the response, but other keys may also be included.
For example, the following request:
DELETE http://api.example.com/foo/bar HTTP/1.1
Accept: application/json
@@ -259,13 +259,13 @@ def custom_exception_handler(exc):
APIException
Signature: APIException()
The base class for all exceptions raised inside REST framework.
-To provide a custom exception, subclass APIException and set the .status_code and .detail properties on the class.
+To provide a custom exception, subclass APIException and set the .status_code and .default_detail properties on the class.
For example, if your API relies on a third party service that may sometimes be unreachable, you might want to implement an exception for the "503 Service Unavailable" HTTP response code. You could do this like so:
from rest_framework.exceptions import APIException
class ServiceUnavailable(APIException):
status_code = 503
- detail = 'Service temporarily unavailable, try again later.'
+ default_detail = 'Service temporarily unavailable, try again later.'
ParseError
Signature: ParseError(detail=None)
diff --git a/api-guide/fields.html b/api-guide/fields.html
index 2a8dd3cbc..2a0ac6ef4 100644
--- a/api-guide/fields.html
+++ b/api-guide/fields.html
@@ -270,6 +270,7 @@ class AccountSerializer(serializers.HyperlinkedModelSerializer):
expired = serializers.Field(source='has_expired')
class Meta:
+ model = Account
fields = ('url', 'owner', 'name', 'expired')
Would produce output similar to:
@@ -285,7 +286,7 @@ class AccountSerializer(serializers.HyperlinkedModelSerializer):A field that supports both read and write operations. By itself WritableField does not perform any translation of input values into a given type. You won't typically use this field directly, but you may want to override it and implement the .to_native(self, value) and .from_native(self, value) methods.
A generic field that can be tied to any arbitrary model field. The ModelField class delegates the task of serialization/deserialization to it's associated model field. This field can be used to create serializer fields for custom model fields, without having to create a new custom serializer field.
A generic field that can be tied to any arbitrary model field. The ModelField class delegates the task of serialization/deserialization to its associated model field. This field can be used to create serializer fields for custom model fields, without having to create a new custom serializer field.
The ModelField class is generally intended for internal use, but can be used by your API if needed. In order to properly instantiate a ModelField, it must be passed a field that is attached to an instantiated model. For example: ModelField(model_field=MyModel()._meta.get_field('custom_field'))
Signature: ModelField(model_field=<Django ModelField instance>)
If you want to create a custom field, you'll probably want to override either one or both of the .to_native() and .from_native() methods. These two methods are used to convert between the initial datatype, and a primitive, serializable datatype. Primitive datatypes may be any of a number, string, date/time/datetime or None. They may also be any list or dictionary like object that only contains other primitive objects.
The .to_native() method is called to convert the initial datatype into a primitive, serializable datatype. The from_native() method is called to restore a primitive datatype into it's initial representation.
The .to_native() method is called to convert the initial datatype into a primitive, serializable datatype. The from_native() method is called to restore a primitive datatype into its initial representation.
Let's look at an example of serializing a class that represents an RGB color value:
class Color(object):
diff --git a/api-guide/generic-views.html b/api-guide/generic-views.html
index 284ecf4e1..0e349ca38 100644
--- a/api-guide/generic-views.html
+++ b/api-guide/generic-views.html
@@ -299,7 +299,7 @@ class UserList(generics.ListCreateAPIView):
self.check_object_permissions(self.request, obj)
return obj
Note that if your API doesn't include any object level permissions, you may optionally exclude the `self.check_object_permissions, and simply return the object from theget_object_or_404` lookup.
Note that if your API doesn't include any object level permissions, you may optionally exclude the self.check_object_permissions, and simply return the object from the get_object_or_404 lookup.
get_filter_backends(self)Returns the classes that should be used to filter the queryset. Defaults to returning the filter_backends attribute.
May be override to provide more complex behavior with filters, as using different (or even exlusive) lists of filter_backends depending on different criteria.
diff --git a/api-guide/pagination.html b/api-guide/pagination.html index e85ecf44a..d8c67612a 100644 --- a/api-guide/pagination.html +++ b/api-guide/pagination.html @@ -6,7 +6,7 @@ - + @@ -175,6 +175,8 @@The following third party packages are also available.
+The DRF-extensions package includes a PaginateByMaxMixin mixin class that allows your API clients to specify ?page_size=max to obtain the maximum allowed page size.
ModelSerializer class lets you automatically create a Serialize
fields = ('email', 'username', 'password')
write_only_fields = ('password',) # Note: Password field is write-only
-def restore_object(self, attrs, instance=None):
- """
- Instantiate a new User instance.
- """
- assert instance is None, 'Cannot update users with CreateUserSerializer'
- user = User(email=attrs['email'], username=attrs['username'])
- user.set_password(attrs['password'])
- return user
+ def restore_object(self, attrs, instance=None):
+ """
+ Instantiate a new User instance.
+ """
+ assert instance is None, 'Cannot update users with CreateUserSerializer'
+ user = User(email=attrs['email'], username=attrs['username'])
+ user.set_password(attrs['password'])
+ return user
You can add extra fields to a ModelSerializer or override the default fields by declaring fields on the class, just as you would for a Serializer class.
When checking the validity of test responses it's often more convenient to inspect the data that the response was created with, rather than inspecting the fully rendered response.
-For example, it's easier to inspect request.data:
For example, it's easier to inspect response.data:
response = self.client.get('/users/4/')
self.assertEqual(response.data, {'id': 4, 'username': 'lauren'})
Instead of inspecting the result of parsing request.content:
Instead of inspecting the result of parsing response.content:
response = self.client.get('/users/4/')
self.assertEqual(json.loads(response.content), {'id': 4, 'username': 'lauren'})
...and the following settings.
REST_FRAMEWORK = {
'DEFAULT_THROTTLE_CLASSES': (
- 'rest_framework.throttling.ScopedRateThrottle'
+ 'rest_framework.throttling.ScopedRateThrottle',
),
'DEFAULT_THROTTLE_RATES': {
'contacts': '1000/day',
diff --git a/api-guide/viewsets.html b/api-guide/viewsets.html
index cf46842e0..f1d16ba64 100644
--- a/api-guide/viewsets.html
+++ b/api-guide/viewsets.html
@@ -372,7 +372,7 @@ class UserViewSet(viewsets.ModelViewSet):
mixins.RetrieveModelMixin,
viewsets.GenericViewSet):
"""
- A viewset that provides `retrieve`, `update`, and `list` actions.
+ A viewset that provides `retrieve`, `create`, and `list` actions.
To use it, override the class and set the `.queryset` and
`.serializer_class` attributes.
diff --git a/topics/contributing.html b/topics/contributing.html
index cc1e8a3c1..c9b1956ce 100644
--- a/topics/contributing.html
+++ b/topics/contributing.html
@@ -239,7 +239,7 @@
To run the tests, clone the repository, and then:
# Setup the virtual environment
virtualenv env
-env/bin/activate
+source env/bin/activate
pip install -r requirements.txt
pip install -r optionals.txt
diff --git a/topics/credits.html b/topics/credits.html
index ebe1fc98b..a3c851c05 100644
--- a/topics/credits.html
+++ b/topics/credits.html
@@ -366,6 +366,7 @@
Ian Foote - ian-foote
Chuck Harmston - chuckharmston
Philip Forget - philipforget
+Artem Mezhenin - amezhenin
Many thanks to everyone who's contributed to the project.
Additional thanks