18
.gitignore
vendored
|
@ -3,18 +3,14 @@
|
|||
*~
|
||||
.*
|
||||
|
||||
html/
|
||||
htmlcov/
|
||||
coverage/
|
||||
build/
|
||||
dist/
|
||||
*.egg-info/
|
||||
/site/
|
||||
/htmlcov/
|
||||
/coverage/
|
||||
/build/
|
||||
/dist/
|
||||
/*.egg-info/
|
||||
/env/
|
||||
MANIFEST
|
||||
|
||||
bin/
|
||||
include/
|
||||
lib/
|
||||
local/
|
||||
|
||||
!.gitignore
|
||||
!.travis.yml
|
||||
|
|
55
.travis.yml
|
@ -1,38 +1,33 @@
|
|||
language: python
|
||||
|
||||
python:
|
||||
- "2.6"
|
||||
- "2.7"
|
||||
- "3.2"
|
||||
- "3.3"
|
||||
sudo: false
|
||||
|
||||
env:
|
||||
- DJANGO="https://www.djangoproject.com/download/1.6a1/tarball/"
|
||||
- DJANGO="django==1.5.1 --use-mirrors"
|
||||
- DJANGO="django==1.4.5 --use-mirrors"
|
||||
- DJANGO="django==1.3.7 --use-mirrors"
|
||||
- TOX_ENV=py27-flake8
|
||||
- TOX_ENV=py27-docs
|
||||
- TOX_ENV=py34-django17
|
||||
- TOX_ENV=py33-django17
|
||||
- TOX_ENV=py32-django17
|
||||
- TOX_ENV=py27-django17
|
||||
- TOX_ENV=py34-django16
|
||||
- TOX_ENV=py33-django16
|
||||
- TOX_ENV=py32-django16
|
||||
- TOX_ENV=py27-django16
|
||||
- TOX_ENV=py26-django16
|
||||
- TOX_ENV=py34-django15
|
||||
- TOX_ENV=py33-django15
|
||||
- TOX_ENV=py32-django15
|
||||
- TOX_ENV=py27-django15
|
||||
- TOX_ENV=py26-django15
|
||||
- TOX_ENV=py27-django14
|
||||
- TOX_ENV=py26-django14
|
||||
- TOX_ENV=py34-django18beta
|
||||
- TOX_ENV=py33-django18beta
|
||||
- TOX_ENV=py32-django18beta
|
||||
- TOX_ENV=py27-django18beta
|
||||
|
||||
install:
|
||||
- pip install $DJANGO
|
||||
- pip install defusedxml==0.3
|
||||
- "if [[ ${TRAVIS_PYTHON_VERSION::1} != '3' ]]; then pip install oauth2==1.5.211 --use-mirrors; fi"
|
||||
- "if [[ ${TRAVIS_PYTHON_VERSION::1} != '3' ]]; then pip install django-oauth-plus==2.0 --use-mirrors; fi"
|
||||
- "if [[ ${TRAVIS_PYTHON_VERSION::1} != '3' ]]; then pip install django-oauth2-provider==0.2.4 --use-mirrors; fi"
|
||||
- "if [[ ${DJANGO::11} == 'django==1.3' ]]; then pip install django-filter==0.5.4 --use-mirrors; fi"
|
||||
- "if [[ ${DJANGO::11} != 'django==1.3' ]]; then pip install django-filter==0.6 --use-mirrors; fi"
|
||||
- export PYTHONPATH=.
|
||||
- pip install tox
|
||||
|
||||
script:
|
||||
- python rest_framework/runtests/runtests.py
|
||||
|
||||
matrix:
|
||||
exclude:
|
||||
- python: "3.2"
|
||||
env: DJANGO="django==1.4.5 --use-mirrors"
|
||||
- python: "3.2"
|
||||
env: DJANGO="django==1.3.7 --use-mirrors"
|
||||
- python: "3.3"
|
||||
env: DJANGO="django==1.4.5 --use-mirrors"
|
||||
- python: "3.3"
|
||||
env: DJANGO="django==1.3.7 --use-mirrors"
|
||||
|
||||
- tox -e $TOX_ENV
|
||||
|
|
9
.tx/config
Normal file
|
@ -0,0 +1,9 @@
|
|||
[main]
|
||||
host = https://www.transifex.com
|
||||
|
||||
[django-rest-framework.djangopo]
|
||||
file_filter = rest_framework/locale/<lang>/LC_MESSAGES/django.po
|
||||
source_file = rest_framework/locale/en_US/LC_MESSAGES/django.po
|
||||
source_lang = en_US
|
||||
type = PO
|
||||
|
211
CONTRIBUTING.md
Normal file
|
@ -0,0 +1,211 @@
|
|||
# Contributing to REST framework
|
||||
|
||||
> The world can only really be changed one piece at a time. The art is picking that piece.
|
||||
>
|
||||
> — [Tim Berners-Lee][cite]
|
||||
|
||||
There are many ways you can contribute to Django REST framework. We'd like it to be a community-led project, so please get involved and help shape the future of the project.
|
||||
|
||||
## Community
|
||||
|
||||
The most important thing you can do to help push the REST framework project forward is to be actively involved wherever possible. Code contributions are often overvalued as being the primary way to get involved in a project, we don't believe that needs to be the case.
|
||||
|
||||
If you use REST framework, we'd love you to be vocal about your experiences with it - you might consider writing a blog post about using REST framework, or publishing a tutorial about building a project with a particular JavaScript framework. Experiences from beginners can be particularly helpful because you'll be in the best position to assess which bits of REST framework are more difficult to understand and work with.
|
||||
|
||||
Other really great ways you can help move the community forward include helping to answer questions on the [discussion group][google-group], or setting up an [email alert on StackOverflow][so-filter] so that you get notified of any new questions with the `django-rest-framework` tag.
|
||||
|
||||
When answering questions make sure to help future contributors find their way around by hyperlinking wherever possible to related threads and tickets, and include backlinks from those items if relevant.
|
||||
|
||||
## Code of conduct
|
||||
|
||||
Please keep the tone polite & professional. For some users a discussion on the REST framework mailing list or ticket tracker may be their first engagement with the open source community. First impressions count, so let's try to make everyone feel welcome.
|
||||
|
||||
Be mindful in the language you choose. As an example, in an environment that is heavily male-dominated, posts that start 'Hey guys,' can come across as unintentionally exclusive. It's just as easy, and more inclusive to use gender neutral language in those situations.
|
||||
|
||||
The [Django code of conduct][code-of-conduct] gives a fuller set of guidelines for participating in community forums.
|
||||
|
||||
# Issues
|
||||
|
||||
It's really helpful if you can make sure to address issues on the correct channel. Usage questions should be directed to the [discussion group][google-group]. Feature requests, bug reports and other issues should be raised on the GitHub [issue tracker][issues].
|
||||
|
||||
Some tips on good issue reporting:
|
||||
|
||||
* When describing issues try to phrase your ticket in terms of the *behavior* you think needs changing rather than the *code* you think need changing.
|
||||
* Search the issue list first for related items, and make sure you're running the latest version of REST framework before reporting an issue.
|
||||
* If reporting a bug, then try to include a pull request with a failing test case. This will help us quickly identify if there is a valid issue, and make sure that it gets fixed more quickly if there is one.
|
||||
* Feature requests will often be closed with a recommendation that they be implemented outside of the core REST framework library. Keeping new feature requests implemented as third party libraries allows us to keep down the maintenance overhead of REST framework, so that the focus can be on continued stability, bugfixes, and great documentation.
|
||||
* Closing an issue doesn't necessarily mean the end of a discussion. If you believe your issue has been closed incorrectly, explain why and we'll consider if it needs to be reopened.
|
||||
|
||||
## Triaging issues
|
||||
|
||||
Getting involved in triaging incoming issues is a good way to start contributing. Every single ticket that comes into the ticket tracker needs to be reviewed in order to determine what the next steps should be. Anyone can help out with this, you just need to be willing to
|
||||
|
||||
* Read through the ticket - does it make sense, is it missing any context that would help explain it better?
|
||||
* Is the ticket reported in the correct place, would it be better suited as a discussion on the discussion group?
|
||||
* If the ticket is a bug report, can you reproduce it? Are you able to write a failing test case that demonstrates the issue and that can be submitted as a pull request?
|
||||
* If the ticket is a feature request, do you agree with it, and could the feature request instead be implemented as a third party package?
|
||||
* If a ticket hasn't had much activity and it addresses something you need, then comment on the ticket and try to find out what's needed to get it moving again.
|
||||
|
||||
# Development
|
||||
|
||||
To start developing on Django REST framework, clone the repo:
|
||||
|
||||
git clone git@github.com:tomchristie/django-rest-framework.git
|
||||
|
||||
Changes should broadly follow the [PEP 8][pep-8] style conventions, and we recommend you set up your editor to automatically indicate non-conforming styles.
|
||||
|
||||
## Testing
|
||||
|
||||
To run the tests, clone the repository, and then:
|
||||
|
||||
# Setup the virtual environment
|
||||
virtualenv env
|
||||
source env/bin/activate
|
||||
pip install -r requirements.txt
|
||||
|
||||
# Run the tests
|
||||
./runtests.py
|
||||
|
||||
### Test options
|
||||
|
||||
Run using a more concise output style.
|
||||
|
||||
./runtests.py -q
|
||||
|
||||
Run the tests using a more concise output style, no coverage, no flake8.
|
||||
|
||||
./runtests.py --fast
|
||||
|
||||
Don't run the flake8 code linting.
|
||||
|
||||
./runtests.py --nolint
|
||||
|
||||
Only run the flake8 code linting, don't run the tests.
|
||||
|
||||
./runtests.py --lintonly
|
||||
|
||||
Run the tests for a given test case.
|
||||
|
||||
./runtests.py MyTestCase
|
||||
|
||||
Run the tests for a given test method.
|
||||
|
||||
./runtests.py MyTestCase.test_this_method
|
||||
|
||||
Shorter form to run the tests for a given test method.
|
||||
|
||||
./runtests.py test_this_method
|
||||
|
||||
Note: The test case and test method matching is fuzzy and will sometimes run other tests that contain a partial string match to the given command line input.
|
||||
|
||||
### Running against multiple environments
|
||||
|
||||
You can also use the excellent [tox][tox] testing tool to run the tests against all supported versions of Python and Django. Install `tox` globally, and then simply run:
|
||||
|
||||
tox
|
||||
|
||||
## Pull requests
|
||||
|
||||
It's a good idea to make pull requests early on. A pull request represents the start of a discussion, and doesn't necessarily need to be the final, finished submission.
|
||||
|
||||
It's also always best to make a new branch before starting work on a pull request. This means that you'll be able to later switch back to working on another separate issue without interfering with an ongoing pull requests.
|
||||
|
||||
It's also useful to remember that if you have an outstanding pull request then pushing new commits to your GitHub repo will also automatically update the pull requests.
|
||||
|
||||
GitHub's documentation for working on pull requests is [available here][pull-requests].
|
||||
|
||||
Always run the tests before submitting pull requests, and ideally run `tox` in order to check that your modifications are compatible with both Python 2 and Python 3, and that they run properly on all supported versions of Django.
|
||||
|
||||
Once you've made a pull request take a look at the Travis build status in the GitHub interface and make sure the tests are running as you'd expect.
|
||||
|
||||
![Travis status][travis-status]
|
||||
|
||||
*Above: Travis build notifications*
|
||||
|
||||
## Managing compatibility issues
|
||||
|
||||
Sometimes, in order to ensure your code works on various different versions of Django, Python or third party libraries, you'll need to run slightly different code depending on the environment. Any code that branches in this way should be isolated into the `compat.py` module, and should provide a single common interface that the rest of the codebase can use.
|
||||
|
||||
# Documentation
|
||||
|
||||
The documentation for REST framework is built from the [Markdown][markdown] source files in [the docs directory][docs].
|
||||
|
||||
There are many great Markdown editors that make working with the documentation really easy. The [Mou editor for Mac][mou] is one such editor that comes highly recommended.
|
||||
|
||||
## Building the documentation
|
||||
|
||||
To build the documentation, install MkDocs with `pip install mkdocs` and then run the following command.
|
||||
|
||||
mkdocs build
|
||||
|
||||
This will build the documentation into the `site` directory.
|
||||
|
||||
You can build the documentation and open a preview in a browser window by using the `serve` command.
|
||||
|
||||
mkdocs serve
|
||||
|
||||
## Language style
|
||||
|
||||
Documentation should be in American English. The tone of the documentation is very important - try to stick to a simple, plain, objective and well-balanced style where possible.
|
||||
|
||||
Some other tips:
|
||||
|
||||
* Keep paragraphs reasonably short.
|
||||
* Don't use abbreviations such as 'e.g.' but instead use the long form, such as 'For example'.
|
||||
|
||||
## Markdown style
|
||||
|
||||
There are a couple of conventions you should follow when working on the documentation.
|
||||
|
||||
##### 1. Headers
|
||||
|
||||
Headers should use the hash style. For example:
|
||||
|
||||
### Some important topic
|
||||
|
||||
The underline style should not be used. **Don't do this:**
|
||||
|
||||
Some important topic
|
||||
====================
|
||||
|
||||
##### 2. Links
|
||||
|
||||
Links should always use the reference style, with the referenced hyperlinks kept at the end of the document.
|
||||
|
||||
Here is a link to [some other thing][other-thing].
|
||||
|
||||
More text...
|
||||
|
||||
[other-thing]: http://example.com/other/thing
|
||||
|
||||
This style helps keep the documentation source consistent and readable.
|
||||
|
||||
If you are hyperlinking to another REST framework document, you should use a relative link, and link to the `.md` suffix. For example:
|
||||
|
||||
[authentication]: ../api-guide/authentication.md
|
||||
|
||||
Linking in this style means you'll be able to click the hyperlink in your Markdown editor to open the referenced document. When the documentation is built, these links will be converted into regular links to HTML pages.
|
||||
|
||||
##### 3. Notes
|
||||
|
||||
If you want to draw attention to a note or warning, use a pair of enclosing lines, like so:
|
||||
|
||||
---
|
||||
|
||||
**Note:** A useful documentation note.
|
||||
|
||||
---
|
||||
|
||||
|
||||
[cite]: http://www.w3.org/People/Berners-Lee/FAQ.html
|
||||
[code-of-conduct]: https://www.djangoproject.com/conduct/
|
||||
[google-group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework
|
||||
[so-filter]: http://stackexchange.com/filters/66475/rest-framework
|
||||
[issues]: https://github.com/tomchristie/django-rest-framework/issues?state=open
|
||||
[pep-8]: http://www.python.org/dev/peps/pep-0008/
|
||||
[travis-status]: ../img/travis-status.png
|
||||
[pull-requests]: https://help.github.com/articles/using-pull-requests
|
||||
[tox]: http://tox.readthedocs.org/en/latest/
|
||||
[markdown]: http://daringfireball.net/projects/markdown/basics
|
||||
[docs]: https://github.com/tomchristie/django-rest-framework/tree/master/docs
|
||||
[mou]: http://mouapp.com/
|
|
@ -1,2 +1,4 @@
|
|||
recursive-include rest_framework/static *.js *.css *.png
|
||||
recursive-include rest_framework/static *.js *.css *.png *.eot *.svg *.ttf *.woff
|
||||
recursive-include rest_framework/templates *.html
|
||||
recursive-exclude * __pycache__
|
||||
recursive-exclude * *.py[co]
|
||||
|
|
160
README.md
|
@ -1,33 +1,42 @@
|
|||
# Django REST framework
|
||||
|
||||
**Awesome web-browseable Web APIs.**
|
||||
# [Django REST framework][docs]
|
||||
|
||||
[![build-status-image]][travis]
|
||||
[![pypi-version]][pypi]
|
||||
|
||||
**Note**: Full documentation for the project is available at [http://django-rest-framework.org][docs].
|
||||
**Awesome web-browsable Web APIs.**
|
||||
|
||||
Full documentation for the project is available at [http://www.django-rest-framework.org][docs].
|
||||
|
||||
---
|
||||
|
||||
**Note**: We have now released Django REST framework 3.1. For older codebases you may want to refer to the version 2.4.4 [source code](https://github.com/tomchristie/django-rest-framework/tree/version-2.4.x), and [documentation](http://tomchristie.github.io/rest-framework-2-docs/).
|
||||
|
||||
For more details see the [3.1 release notes][3.1-announcement]
|
||||
|
||||
---
|
||||
|
||||
# Overview
|
||||
|
||||
Django REST framework is a powerful and flexible toolkit that makes it easy to build Web APIs.
|
||||
Django REST framework is a powerful and flexible toolkit for building Web APIs.
|
||||
|
||||
Some reasons you might want to use REST framework:
|
||||
|
||||
* The [Web browseable API][sandbox] is a huge useability win for your developers.
|
||||
* [Authentication policies][authentication] including [OAuth1a][oauth1-section] and [OAuth2][oauth2-section] out of the box.
|
||||
* The [Web browsable API][sandbox] is a huge usability win for your developers.
|
||||
* [Authentication policies][authentication] including optional packages for [OAuth1a][oauth1-section] and [OAuth2][oauth2-section].
|
||||
* [Serialization][serializers] that supports both [ORM][modelserializer-section] and [non-ORM][serializer-section] data sources.
|
||||
* Customizable all the way down - just use [regular function-based views][functionview-section] if you don't need the [more][generic-views] [powerful][viewsets] [features][routers].
|
||||
* [Extensive documentation][index], and [great community support][group].
|
||||
* [Extensive documentation][docs], and [great community support][group].
|
||||
|
||||
There is a live example API for testing purposes, [available here][sandbox].
|
||||
|
||||
**Below**: *Screenshot from the browseable API*
|
||||
**Below**: *Screenshot from the browsable API*
|
||||
|
||||
![Screenshot][image]
|
||||
|
||||
# Requirements
|
||||
|
||||
* Python (2.6.5+, 2.7, 3.2, 3.3)
|
||||
* Django (1.3, 1.4, 1.5, 1.6)
|
||||
* Python (2.6.5+, 2.7, 3.2, 3.3, 3.4)
|
||||
* Django (1.4.11+, 1.5.6+, 1.6.3+, 1.7, 1.8-beta)
|
||||
|
||||
# Installation
|
||||
|
||||
|
@ -46,57 +55,96 @@ Add `'rest_framework'` to your `INSTALLED_APPS` setting.
|
|||
|
||||
Let's take a look at a quick example of using REST framework to build a simple model-backed API for accessing users and groups.
|
||||
|
||||
Here's our project's root `urls.py` module:
|
||||
Startup up a new project like so...
|
||||
|
||||
pip install django
|
||||
pip install djangorestframework
|
||||
django-admin.py startproject example .
|
||||
./manage.py syncdb
|
||||
|
||||
Now edit the `example/urls.py` module in your project:
|
||||
|
||||
```python
|
||||
from django.conf.urls import url, include
|
||||
from django.contrib.auth.models import User
|
||||
from rest_framework import serializers, viewsets, routers
|
||||
|
||||
# Serializers define the API representation.
|
||||
class UserSerializer(serializers.HyperlinkedModelSerializer):
|
||||
class Meta:
|
||||
model = User
|
||||
fields = ('url', 'username', 'email', 'is_staff')
|
||||
|
||||
from django.conf.urls.defaults import url, patterns, include
|
||||
from django.contrib.auth.models import User, Group
|
||||
from rest_framework import viewsets, routers
|
||||
|
||||
# ViewSets define the view behavior.
|
||||
class UserViewSet(viewsets.ModelViewSet):
|
||||
model = User
|
||||
|
||||
class GroupViewSet(viewsets.ModelViewSet):
|
||||
model = Group
|
||||
queryset = User.objects.all()
|
||||
serializer_class = UserSerializer
|
||||
|
||||
|
||||
# Routers provide an easy way of automatically determining the URL conf
|
||||
# Routers provide a way of automatically determining the URL conf.
|
||||
router = routers.DefaultRouter()
|
||||
router.register(r'users', UserViewSet)
|
||||
router.register(r'groups', GroupViewSet)
|
||||
|
||||
|
||||
# Wire up our API using automatic URL routing.
|
||||
# Additionally, we include login URLs for the browseable API.
|
||||
urlpatterns = patterns('',
|
||||
# Additionally, we include login URLs for the browsable API.
|
||||
urlpatterns = [
|
||||
url(r'^', include(router.urls)),
|
||||
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework'))
|
||||
)
|
||||
]
|
||||
```
|
||||
|
||||
We'd also like to configure a couple of settings for our API.
|
||||
|
||||
Add the following to your `settings.py` module:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
# Use hyperlinked styles by default.
|
||||
# Only used if the `serializer_class` attribute is not set on a view.
|
||||
'DEFAULT_MODEL_SERIALIZER_CLASS':
|
||||
'rest_framework.serializers.HyperlinkedModelSerializer',
|
||||
```python
|
||||
INSTALLED_APPS = (
|
||||
... # Make sure to include the default installed apps here.
|
||||
'rest_framework',
|
||||
)
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
# Use Django's standard `django.contrib.auth` permissions,
|
||||
# or allow read-only access for unauthenticated users.
|
||||
'DEFAULT_PERMISSION_CLASSES': [
|
||||
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
|
||||
]
|
||||
}
|
||||
|
||||
Don't forget to make sure you've also added `rest_framework` to your `INSTALLED_APPS` setting.
|
||||
```
|
||||
|
||||
That's it, we're done!
|
||||
|
||||
./manage.py runserver
|
||||
|
||||
You can now open the API in your browser at `http://127.0.0.1:8000/`, and view your new 'users' API. If you use the `Login` control in the top right corner you'll also be able to add, create and delete users from the system.
|
||||
|
||||
You can also interact with the API using command line tools such as [`curl`](http://curl.haxx.se/). For example, to list the users endpoint:
|
||||
|
||||
$ curl -H 'Accept: application/json; indent=4' -u admin:password http://127.0.0.1:8000/users/
|
||||
[
|
||||
{
|
||||
"url": "http://127.0.0.1:8000/users/1/",
|
||||
"username": "admin",
|
||||
"email": "admin@example.com",
|
||||
"is_staff": true,
|
||||
}
|
||||
]
|
||||
|
||||
Or to create a new user:
|
||||
|
||||
$ curl -X POST -d username=new -d email=new@example.com -d is_staff=false -H 'Accept: application/json; indent=4' -u admin:password http://127.0.0.1:8000/users/
|
||||
{
|
||||
"url": "http://127.0.0.1:8000/users/2/",
|
||||
"username": "new",
|
||||
"email": "new@example.com",
|
||||
"is_staff": false,
|
||||
}
|
||||
|
||||
# Documentation & Support
|
||||
|
||||
Full documentation for the project is available at [http://django-rest-framework.org][docs].
|
||||
Full documentation for the project is available at [http://www.django-rest-framework.org][docs].
|
||||
|
||||
For questions and support, use the [REST framework discussion group][group], or `#restframework` on freenode IRC.
|
||||
|
||||
|
@ -110,7 +158,7 @@ Send a description of the issue via email to [rest-framework-security@googlegrou
|
|||
|
||||
# License
|
||||
|
||||
Copyright (c) 2011-2013, Tom Christie
|
||||
Copyright (c) 2011-2015, Tom Christie
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
|
@ -133,39 +181,27 @@ CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|||
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
[build-status-image]: https://secure.travis-ci.org/tomchristie/django-rest-framework.png?branch=master
|
||||
|
||||
[build-status-image]: https://secure.travis-ci.org/tomchristie/django-rest-framework.svg?branch=master
|
||||
[travis]: http://travis-ci.org/tomchristie/django-rest-framework?branch=master
|
||||
[pypi-version]: https://pypip.in/version/djangorestframework/badge.svg
|
||||
[pypi]: https://pypi.python.org/pypi/djangorestframework
|
||||
[twitter]: https://twitter.com/_tomchristie
|
||||
[group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework
|
||||
[0.4]: https://github.com/tomchristie/django-rest-framework/tree/0.4.X
|
||||
[sandbox]: http://restframework.herokuapp.com/
|
||||
|
||||
[index]: http://django-rest-framework.org/
|
||||
[oauth1-section]: http://django-rest-framework.org/api-guide/authentication.html#oauthauthentication
|
||||
[oauth2-section]: http://django-rest-framework.org/api-guide/authentication.html#oauth2authentication
|
||||
[serializer-section]: http://django-rest-framework.org/api-guide/serializers.html#serializers
|
||||
[modelserializer-section]: http://django-rest-framework.org/api-guide/serializers.html#modelserializer
|
||||
[functionview-section]: http://django-rest-framework.org/api-guide/views.html#function-based-views
|
||||
[generic-views]: http://django-rest-framework.org/api-guide/generic-views.html
|
||||
[viewsets]: http://django-rest-framework.org/api-guide/viewsets.html
|
||||
[routers]: http://django-rest-framework.org/api-guide/routers.html
|
||||
[serializers]: http://django-rest-framework.org/api-guide/serializers.html
|
||||
[authentication]: http://django-rest-framework.org/api-guide/authentication.html
|
||||
[oauth1-section]: http://www.django-rest-framework.org/api-guide/authentication/#django-rest-framework-oauth
|
||||
[oauth2-section]: http://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit
|
||||
[serializer-section]: http://www.django-rest-framework.org/api-guide/serializers/#serializers
|
||||
[modelserializer-section]: http://www.django-rest-framework.org/api-guide/serializers/#modelserializer
|
||||
[functionview-section]: http://www.django-rest-framework.org/api-guide/views/#function-based-views
|
||||
[generic-views]: http://www.django-rest-framework.org/api-guide/generic-views/
|
||||
[viewsets]: http://www.django-rest-framework.org/api-guide/viewsets/
|
||||
[routers]: http://www.django-rest-framework.org/api-guide/routers/
|
||||
[serializers]: http://www.django-rest-framework.org/api-guide/serializers/
|
||||
[authentication]: http://www.django-rest-framework.org/api-guide/authentication/
|
||||
[image]: http://www.django-rest-framework.org/img/quickstart.png
|
||||
|
||||
[rest-framework-2-announcement]: http://django-rest-framework.org/topics/rest-framework-2-announcement.html
|
||||
[2.1.0-notes]: https://groups.google.com/d/topic/django-rest-framework/Vv2M0CMY9bg/discussion
|
||||
[image]: http://django-rest-framework.org/img/quickstart.png
|
||||
|
||||
[tox]: http://testrun.org/tox/latest/
|
||||
|
||||
[tehjones]: https://twitter.com/tehjones/status/294986071979196416
|
||||
[wlonk]: https://twitter.com/wlonk/status/261689665952833536
|
||||
[laserllama]: https://twitter.com/laserllama/status/328688333750407168
|
||||
|
||||
[docs]: http://django-rest-framework.org/
|
||||
[urlobject]: https://github.com/zacharyvoase/urlobject
|
||||
[markdown]: http://pypi.python.org/pypi/Markdown/
|
||||
[pyyaml]: http://pypi.python.org/pypi/PyYAML
|
||||
[defusedxml]: https://pypi.python.org/pypi/defusedxml
|
||||
[django-filter]: http://pypi.python.org/pypi/django-filter
|
||||
[docs]: http://www.django-rest-framework.org/
|
||||
[security-mail]: mailto:rest-framework-security@googlegroups.com
|
||||
[3.1-announcement]: http://www.django-rest-framework.org/topics/3.1-announcement/
|
||||
|
|
1
docs/CNAME
Normal file
|
@ -0,0 +1 @@
|
|||
www.django-rest-framework.org
|
228
docs/api-guide/authentication.md
Executable file → Normal file
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="authentication.py"></a>
|
||||
source: authentication.py
|
||||
|
||||
# Authentication
|
||||
|
||||
|
@ -34,7 +34,7 @@ The value of `request.user` and `request.auth` for unauthenticated requests can
|
|||
|
||||
## Setting the authentication scheme
|
||||
|
||||
The default authentication schemes may be set globally, using the `DEFAULT_AUTHENTICATION` setting. For example.
|
||||
The default authentication schemes may be set globally, using the `DEFAULT_AUTHENTICATION_CLASSES` setting. For example.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_AUTHENTICATION_CLASSES': (
|
||||
|
@ -46,6 +46,11 @@ The default authentication schemes may be set globally, using the `DEFAULT_AUTHE
|
|||
You can also set the authentication scheme on a per-view or per-viewset basis,
|
||||
using the `APIView` class based views.
|
||||
|
||||
from rest_framework.authentication import SessionAuthentication, BasicAuthentication
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
|
||||
class ExampleView(APIView):
|
||||
authentication_classes = (SessionAuthentication, BasicAuthentication)
|
||||
permission_classes = (IsAuthenticated,)
|
||||
|
@ -114,14 +119,19 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401
|
|||
|
||||
This authentication scheme uses a simple token-based HTTP Authentication scheme. Token authentication is appropriate for client-server setups, such as native desktop and mobile clients.
|
||||
|
||||
To use the `TokenAuthentication` scheme, include `rest_framework.authtoken` in your `INSTALLED_APPS` setting:
|
||||
To use the `TokenAuthentication` scheme you'll need to [configure the authentication classes](#setting-the-authentication-scheme) to include `TokenAuthentication`, and additionally include `rest_framework.authtoken` in your `INSTALLED_APPS` setting:
|
||||
|
||||
INSTALLED_APPS = (
|
||||
...
|
||||
'rest_framework.authtoken'
|
||||
)
|
||||
|
||||
Make sure to run `manage.py syncdb` after changing your settings.
|
||||
---
|
||||
|
||||
**Note:** Make sure to run `manage.py syncdb` after changing your settings. The `rest_framework.authtoken` app provides both Django (from v1.7) and South database migrations. See [Schema migrations](#schema-migrations) below.
|
||||
|
||||
---
|
||||
|
||||
|
||||
You'll also need to create tokens for your users.
|
||||
|
||||
|
@ -157,11 +167,19 @@ The `curl` command line tool may be useful for testing token authenticated APIs.
|
|||
|
||||
If you want every user to have an automatically generated Token, you can simply catch the User's `post_save` signal.
|
||||
|
||||
@receiver(post_save, sender=User)
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.db.models.signals import post_save
|
||||
from django.dispatch import receiver
|
||||
from rest_framework.authtoken.models import Token
|
||||
|
||||
@receiver(post_save, sender=settings.AUTH_USER_MODEL)
|
||||
def create_auth_token(sender, instance=None, created=False, **kwargs):
|
||||
if created:
|
||||
Token.objects.create(user=instance)
|
||||
|
||||
Note that you'll want to ensure you place this code snippet in an installed `models.py` module, or some other location that will be imported by Django on startup.
|
||||
|
||||
If you've already created some users, you can generate tokens for all existing users like this:
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
|
@ -172,9 +190,10 @@ If you've already created some users, you can generate tokens for all existing u
|
|||
|
||||
When using `TokenAuthentication`, you may want to provide a mechanism for clients to obtain a token given the username and password. REST framework provides a built-in view to provide this behavior. To use it, add the `obtain_auth_token` view to your URLconf:
|
||||
|
||||
urlpatterns += patterns('',
|
||||
url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token')
|
||||
)
|
||||
from rest_framework.authtoken import views
|
||||
urlpatterns += [
|
||||
url(r'^api-token-auth/', views.obtain_auth_token)
|
||||
]
|
||||
|
||||
Note that the URL part of the pattern can be whatever you want to use.
|
||||
|
||||
|
@ -186,7 +205,14 @@ Note that the default `obtain_auth_token` view explicitly uses JSON requests and
|
|||
|
||||
#### Schema migrations
|
||||
|
||||
The `rest_framework.authtoken` app includes a south migration that will create the authtoken table.
|
||||
The `rest_framework.authtoken` app includes both Django native migrations (for Django versions >1.7) and South migrations (for Django versions <1.7) that will create the authtoken table.
|
||||
|
||||
----
|
||||
|
||||
**Note**: From REST Framework v2.4.0 using South with Django <1.7 requires upgrading South v1.0+
|
||||
|
||||
----
|
||||
|
||||
|
||||
If you're using a [custom user model][custom-user-model] you'll need to make sure that any initial migration that creates the user table runs before the authtoken table is created.
|
||||
|
||||
|
@ -203,7 +229,7 @@ You can do so by inserting a `needed_by` attribute in your user migration:
|
|||
|
||||
For more details, see the [south documentation on dependencies][south-dependencies].
|
||||
|
||||
Also not that if you're using a `post_save` signal to create tokens, then the first time you create the database tables, you'll need to ensure any migrations are run prior to creating any superusers. For example:
|
||||
Also note that if you're using a `post_save` signal to create tokens, then the first time you create the database tables, you'll need to ensure any migrations are run prior to creating any superusers. For example:
|
||||
|
||||
python manage.py syncdb --noinput # Won't create a superuser just yet, due to `--noinput`.
|
||||
python manage.py migrate
|
||||
|
@ -222,101 +248,6 @@ Unauthenticated responses that are denied permission will result in an `HTTP 403
|
|||
|
||||
If you're using an AJAX style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as `PUT`, `PATCH`, `POST` or `DELETE` requests. See the [Django CSRF documentation][csrf-ajax] for more details.
|
||||
|
||||
## OAuthAuthentication
|
||||
|
||||
This authentication uses [OAuth 1.0a][oauth-1.0a] authentication scheme. OAuth 1.0a provides signature validation which provides a reasonable level of security over plain non-HTTPS connections. However, it may also be considered more complicated than OAuth2, as it requires clients to sign their requests.
|
||||
|
||||
This authentication class depends on the optional `django-oauth-plus` and `oauth2` packages. In order to make it work you must install these packages and add `oauth_provider` to your `INSTALLED_APPS`:
|
||||
|
||||
INSTALLED_APPS = (
|
||||
...
|
||||
`oauth_provider`,
|
||||
)
|
||||
|
||||
Don't forget to run `syncdb` once you've added the package.
|
||||
|
||||
python manage.py syncdb
|
||||
|
||||
#### Getting started with django-oauth-plus
|
||||
|
||||
The OAuthAuthentication class only provides token verification and signature validation for requests. It doesn't provide authorization flow for your clients. You still need to implement your own views for accessing and authorizing tokens.
|
||||
|
||||
The `django-oauth-plus` package provides simple foundation for classic 'three-legged' oauth flow. Please refer to [the documentation][django-oauth-plus] for more details.
|
||||
|
||||
## OAuth2Authentication
|
||||
|
||||
This authentication uses [OAuth 2.0][rfc6749] authentication scheme. OAuth2 is more simple to work with than OAuth1, and provides much better security than simple token authentication. It is an unauthenticated scheme, and requires you to use an HTTPS connection.
|
||||
|
||||
This authentication class depends on the optional [django-oauth2-provider][django-oauth2-provider] project. In order to make it work you must install this package and add `provider` and `provider.oauth2` to your `INSTALLED_APPS`:
|
||||
|
||||
INSTALLED_APPS = (
|
||||
...
|
||||
'provider',
|
||||
'provider.oauth2',
|
||||
)
|
||||
|
||||
You must also include the following in your root `urls.py` module:
|
||||
|
||||
url(r'^oauth2/', include('provider.oauth2.urls', namespace='oauth2')),
|
||||
|
||||
Note that the `namespace='oauth2'` argument is required.
|
||||
|
||||
Finally, sync your database.
|
||||
|
||||
python manage.py syncdb
|
||||
python manage.py migrate
|
||||
|
||||
---
|
||||
|
||||
**Note:** If you use `OAuth2Authentication` in production you must ensure that your API is only available over `https`.
|
||||
|
||||
---
|
||||
|
||||
#### Getting started with django-oauth2-provider
|
||||
|
||||
The `OAuth2Authentication` class only provides token verification for requests. It doesn't provide authorization flow for your clients.
|
||||
|
||||
The OAuth 2 authorization flow is taken care by the [django-oauth2-provider][django-oauth2-provider] dependency. A walkthrough is given here, but for more details you should refer to [the documentation][django-oauth2-provider-docs].
|
||||
|
||||
To get started:
|
||||
|
||||
##### 1. Create a client
|
||||
|
||||
You can create a client, either through the shell, or by using the Django admin.
|
||||
|
||||
Go to the admin panel and create a new `Provider.Client` entry. It will create the `client_id` and `client_secret` properties for you.
|
||||
|
||||
##### 2. Request an access token
|
||||
|
||||
To request an access token, submit a `POST` request to the url `/oauth2/access_token` with the following fields:
|
||||
|
||||
* `client_id` the client id you've just configured at the previous step.
|
||||
* `client_secret` again configured at the previous step.
|
||||
* `username` the username with which you want to log in.
|
||||
* `password` well, that speaks for itself.
|
||||
|
||||
You can use the command line to test that your local configuration is working:
|
||||
|
||||
curl -X POST -d "client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=password&username=YOUR_USERNAME&password=YOUR_PASSWORD" http://localhost:8000/oauth2/access_token/
|
||||
|
||||
You should get a response that looks something like this:
|
||||
|
||||
{"access_token": "<your-access-token>", "scope": "read", "expires_in": 86399, "refresh_token": "<your-refresh-token>"}
|
||||
|
||||
##### 3. Access the API
|
||||
|
||||
The only thing needed to make the `OAuth2Authentication` class work is to insert the `access_token` you've received in the `Authorization` request header.
|
||||
|
||||
The command line to test the authentication looks like:
|
||||
|
||||
curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/
|
||||
|
||||
### Alternative OAuth 2 implementations
|
||||
|
||||
Note that [Django OAuth Toolkit][django-oauth-toolkit] is an alternative external package that also includes OAuth 2.0 support for REST framework.
|
||||
|
||||
---
|
||||
|
||||
# Custom authentication
|
||||
|
||||
To implement a custom authentication scheme, subclass `BaseAuthentication` and override the `.authenticate(self, request)` method. The method should return a two-tuple of `(user, auth)` if authentication succeeds, or `None` otherwise.
|
||||
|
@ -336,6 +267,10 @@ If the `.authenticate_header()` method is not overridden, the authentication sch
|
|||
|
||||
The following example will authenticate any incoming request as the user given by the username in a custom request header named 'X_USERNAME'.
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from rest_framework import authentication
|
||||
from rest_framework import exceptions
|
||||
|
||||
class ExampleAuthentication(authentication.BaseAuthentication):
|
||||
def authenticate(self, request):
|
||||
username = request.META.get('X_USERNAME')
|
||||
|
@ -355,18 +290,73 @@ The following example will authenticate any incoming request as the user given b
|
|||
|
||||
The following third party packages are also available.
|
||||
|
||||
## Django OAuth Toolkit
|
||||
|
||||
The [Django OAuth Toolkit][django-oauth-toolkit] package provides OAuth 2.0 support, and works with Python 2.7 and Python 3.3+. The package is maintained by [Evonove][evonove] and uses the excellent [OAuthLib][oauthlib]. The package is well documented, and well supported and is currently our **recommended package for OAuth 2.0 support**.
|
||||
|
||||
#### Installation & configuration
|
||||
|
||||
Install using `pip`.
|
||||
|
||||
pip install django-oauth-toolkit
|
||||
|
||||
Add the package to your `INSTALLED_APPS` and modify your REST framework settings.
|
||||
|
||||
INSTALLED_APPS = (
|
||||
...
|
||||
'oauth2_provider',
|
||||
)
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_AUTHENTICATION_CLASSES': (
|
||||
'oauth2_provider.ext.rest_framework.OAuth2Authentication',
|
||||
)
|
||||
}
|
||||
|
||||
For more details see the [Django REST framework - Getting started][django-oauth-toolkit-getting-started] documentation.
|
||||
|
||||
## Django REST framework OAuth
|
||||
|
||||
The [Django REST framework OAuth][django-rest-framework-oauth] package provides both OAuth1 and OAuth2 support for REST framework.
|
||||
|
||||
This package was previously included directly in REST framework but is now supported and maintained as a third party package.
|
||||
|
||||
#### Installation & configuration
|
||||
|
||||
Install the package using `pip`.
|
||||
|
||||
pip install djangorestframework-oauth
|
||||
|
||||
For details on configuration and usage see the Django REST framework OAuth documentation for [authentication][django-rest-framework-oauth-authentication] and [permissions][django-rest-framework-oauth-permissions].
|
||||
|
||||
## Digest Authentication
|
||||
|
||||
HTTP digest authentication is a widely implemented scheme that was intended to replace HTTP basic authentication, and which provides a simple encrypted authentication mechanism. [Juan Riaza][juanriaza] maintains the [djangorestframework-digestauth][djangorestframework-digestauth] package which provides HTTP digest authentication support for REST framework.
|
||||
|
||||
## Django OAuth Toolkit
|
||||
|
||||
The [Django OAuth Toolkit][django-oauth-toolkit] package provides OAuth 2.0 support, and works with Python 2.7 and Python 3.3+. The package is maintained by [Evonove][evonove] and uses the excelllent [OAuthLib][oauthlib]. The package is well documented, and comes as a recommended alternative for OAuth 2.0 support.
|
||||
|
||||
## Django OAuth2 Consumer
|
||||
|
||||
The [Django OAuth2 Consumer][doac] library from [Rediker Software][rediker] is another package that provides [OAuth 2.0 support for REST framework][doac-rest-framework]. The package includes token scoping permissions on tokens, which allows finer-grained access to your API.
|
||||
|
||||
## JSON Web Token Authentication
|
||||
|
||||
JSON Web Token is a fairly new standard which can be used for token-based authentication. Unlike the built-in TokenAuthentication scheme, JWT Authentication doesn't need to use a database to validate a token. [Blimp][blimp] maintains the [djangorestframework-jwt][djangorestframework-jwt] package which provides a JWT Authentication class as well as a mechanism for clients to obtain a JWT given the username and password.
|
||||
|
||||
## Hawk HTTP Authentication
|
||||
|
||||
The [HawkREST][hawkrest] library builds on the [Mohawk][mohawk] library to let you work with [Hawk][hawk] signed requests and responses in your API. [Hawk][hawk] lets two parties securely communicate with each other using messages signed by a shared key. It is based on [HTTP MAC access authentication][mac] (which was based on parts of [OAuth 1.0][oauth-1.0a]).
|
||||
|
||||
## HTTP Signature Authentication
|
||||
|
||||
HTTP Signature (currently a [IETF draft][http-signature-ietf-draft]) provides a way to achieve origin authentication and message integrity for HTTP messages. Similar to [Amazon's HTTP Signature scheme][amazon-http-signature], used by many of its services, it permits stateless, per-request authentication. [Elvio Toccalino][etoccalino] maintains the [djangorestframework-httpsignature][djangorestframework-httpsignature] package which provides an easy to use HTTP Signature Authentication mechanism.
|
||||
|
||||
## Djoser
|
||||
|
||||
[Djoser][djoser] library provides a set of views to handle basic actions such as registration, login, logout, password reset and account activation. The package works with a custom user model and it uses token based authentication. This is a ready to use REST implementation of Django authentication system.
|
||||
|
||||
## django-rest-auth
|
||||
|
||||
[Django-rest-auth][django-rest-auth] library provides a set of REST API endpoints for registration, authentication (including social media authentication), password reset, retrieve and update user details, etc. By having these API endpoints, your client apps such as AngularJS, iOS, Android, and others can communicate to your Django backend site independently via REST APIs for user management.
|
||||
|
||||
[cite]: http://jacobian.org/writing/rest-worst-practices/
|
||||
[http401]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
|
||||
[http403]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4
|
||||
|
@ -374,10 +364,14 @@ The [Django OAuth2 Consumer][doac] library from [Rediker Software][rediker] is a
|
|||
[oauth]: http://oauth.net/2/
|
||||
[permission]: permissions.md
|
||||
[throttling]: throttling.md
|
||||
[csrf-ajax]: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
|
||||
[csrf-ajax]: https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
|
||||
[mod_wsgi_official]: http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization
|
||||
[custom-user-model]: https://docs.djangoproject.com/en/dev/topics/auth/customizing/#specifying-a-custom-user-model
|
||||
[south-dependencies]: http://south.readthedocs.org/en/latest/dependencies.html
|
||||
[django-oauth-toolkit-getting-started]: https://django-oauth-toolkit.readthedocs.org/en/latest/rest-framework/getting_started.html
|
||||
[django-rest-framework-oauth]: http://jpadilla.github.io/django-rest-framework-oauth/
|
||||
[django-rest-framework-oauth-authentication]: http://jpadilla.github.io/django-rest-framework-oauth/authentication/
|
||||
[django-rest-framework-oauth-permissions]: http://jpadilla.github.io/django-rest-framework-oauth/permissions/
|
||||
[juanriaza]: https://github.com/juanriaza
|
||||
[djangorestframework-digestauth]: https://github.com/juanriaza/django-rest-framework-digestauth
|
||||
[oauth-1.0a]: http://oauth.net/core/1.0a
|
||||
|
@ -390,4 +384,16 @@ The [Django OAuth2 Consumer][doac] library from [Rediker Software][rediker] is a
|
|||
[oauthlib]: https://github.com/idan/oauthlib
|
||||
[doac]: https://github.com/Rediker-Software/doac
|
||||
[rediker]: https://github.com/Rediker-Software
|
||||
[doac-rest-framework]: https://github.com/Rediker-Software/doac/blob/master/docs/markdown/integrations.md#
|
||||
[doac-rest-framework]: https://github.com/Rediker-Software/doac/blob/master/docs/integrations.md#
|
||||
[blimp]: https://github.com/GetBlimp
|
||||
[djangorestframework-jwt]: https://github.com/GetBlimp/django-rest-framework-jwt
|
||||
[etoccalino]: https://github.com/etoccalino/
|
||||
[djangorestframework-httpsignature]: https://github.com/etoccalino/django-rest-framework-httpsignature
|
||||
[amazon-http-signature]: http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
|
||||
[http-signature-ietf-draft]: https://datatracker.ietf.org/doc/draft-cavage-http-signatures/
|
||||
[hawkrest]: http://hawkrest.readthedocs.org/en/latest/
|
||||
[hawk]: https://github.com/hueniverse/hawk
|
||||
[mohawk]: http://mohawk.readthedocs.org/en/latest/
|
||||
[mac]: http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token-05
|
||||
[djoser]: https://github.com/sunscrapers/djoser
|
||||
[django-rest-auth]: https://github.com/Tivix/django-rest-auth
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="negotiation.py"></a>
|
||||
source: negotiation.py
|
||||
|
||||
# Content negotiation
|
||||
|
||||
|
@ -54,6 +54,8 @@ The `select_renderer()` method should return a two-tuple of (renderer instance,
|
|||
The following is a custom content negotiation class which ignores the client
|
||||
request when selecting the appropriate parser or renderer.
|
||||
|
||||
from rest_framework.negotiation import BaseContentNegotiation
|
||||
|
||||
class IgnoreClientContentNegotiation(BaseContentNegotiation):
|
||||
def select_parser(self, request, parsers):
|
||||
"""
|
||||
|
@ -77,6 +79,10 @@ The default content negotiation class may be set globally, using the `DEFAULT_CO
|
|||
|
||||
You can also set the content negotiation used for an individual view, or viewset, using the `APIView` class based views.
|
||||
|
||||
from myapp.negotiation import IgnoreClientContentNegotiation
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
|
||||
class NoNegotiationView(APIView):
|
||||
"""
|
||||
An example view that does not perform content negotiation.
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="exceptions.py"></a>
|
||||
source: exceptions.py
|
||||
|
||||
# Exceptions
|
||||
|
||||
|
@ -18,7 +18,7 @@ The handled exceptions are:
|
|||
|
||||
In each case, REST framework will return a response with an appropriate status code and content-type. The body of the response will include any additional details regarding the nature of the error.
|
||||
|
||||
By default all error responses will include a key `details` in the body of the response, but other keys may also be included.
|
||||
Most error responses will include a key `detail` in the body of the response.
|
||||
|
||||
For example, the following request:
|
||||
|
||||
|
@ -28,28 +28,91 @@ For example, the following request:
|
|||
Might receive an error response indicating that the `DELETE` method is not allowed on that resource:
|
||||
|
||||
HTTP/1.1 405 Method Not Allowed
|
||||
Content-Type: application/json; charset=utf-8
|
||||
Content-Type: application/json
|
||||
Content-Length: 42
|
||||
|
||||
{"detail": "Method 'DELETE' not allowed."}
|
||||
|
||||
Validation errors are handled slightly differently, and will include the field names as the keys in the response. If the validation error was not specific to a particular field then it will use the "non_field_errors" key, or whatever string value has been set for the `NON_FIELD_ERRORS_KEY` setting.
|
||||
|
||||
Any example validation error might look like this:
|
||||
|
||||
HTTP/1.1 400 Bad Request
|
||||
Content-Type: application/json
|
||||
Content-Length: 94
|
||||
|
||||
{"amount": ["A valid integer is required."], "description": ["This field may not be blank."]}
|
||||
|
||||
## Custom exception handling
|
||||
|
||||
You can implement custom exception handling by creating a handler function that converts exceptions raised in your API views into response objects. This allows you to control the style of error responses used by your API.
|
||||
|
||||
The function must take a pair of arguments, this first is the exception to be handled, and the second is a dictionary containing any extra context such as the view currently being handled. The exception handler function should either return a `Response` object, or return `None` if the exception cannot be handled. If the handler returns `None` then the exception will be re-raised and Django will return a standard HTTP 500 'server error' response.
|
||||
|
||||
For example, you might want to ensure that all error responses include the HTTP status code in the body of the response, like so:
|
||||
|
||||
HTTP/1.1 405 Method Not Allowed
|
||||
Content-Type: application/json
|
||||
Content-Length: 62
|
||||
|
||||
{"status_code": 405, "detail": "Method 'DELETE' not allowed."}
|
||||
|
||||
In order to alter the style of the response, you could write the following custom exception handler:
|
||||
|
||||
from rest_framework.views import exception_handler
|
||||
|
||||
def custom_exception_handler(exc, context):
|
||||
# Call REST framework's default exception handler first,
|
||||
# to get the standard error response.
|
||||
response = exception_handler(exc, context)
|
||||
|
||||
# Now add the HTTP status code to the response.
|
||||
if response is not None:
|
||||
response.data['status_code'] = response.status_code
|
||||
|
||||
return response
|
||||
|
||||
The context argument is not used by the default handler, but can be useful if the exception handler needs further information such as the view currently being handled, which can be accessed as `context['view']`.
|
||||
|
||||
The exception handler must also be configured in your settings, using the `EXCEPTION_HANDLER` setting key. For example:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'EXCEPTION_HANDLER': 'my_project.my_app.utils.custom_exception_handler'
|
||||
}
|
||||
|
||||
If not specified, the `'EXCEPTION_HANDLER'` setting defaults to the standard exception handler provided by REST framework:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'EXCEPTION_HANDLER': 'rest_framework.views.exception_handler'
|
||||
}
|
||||
|
||||
Note that the exception handler will only be called for responses generated by raised exceptions. It will not be used for any responses returned directly by the view, such as the `HTTP_400_BAD_REQUEST` responses that are returned by the generic views when serializer validation fails.
|
||||
|
||||
---
|
||||
|
||||
# API Reference
|
||||
|
||||
## APIException
|
||||
|
||||
**Signature:** `APIException(detail=None)`
|
||||
**Signature:** `APIException()`
|
||||
|
||||
The **base class** for all exceptions raised inside REST framework.
|
||||
The **base class** for all exceptions raised inside an `APIView` class or `@api_view`.
|
||||
|
||||
To provide a custom exception, subclass `APIException` and set the `.status_code` and `.detail` properties on the class.
|
||||
To provide a custom exception, subclass `APIException` and set the `.status_code` and `.default_detail` properties on the class.
|
||||
|
||||
For example, if your API relies on a third party service that may sometimes be unreachable, you might want to implement an exception for the "503 Service Unavailable" HTTP response code. You could do this like so:
|
||||
|
||||
from rest_framework.exceptions import APIException
|
||||
|
||||
class ServiceUnavailable(APIException):
|
||||
status_code = 503
|
||||
default_detail = 'Service temporarily unavailable, try again later.'
|
||||
|
||||
## ParseError
|
||||
|
||||
**Signature:** `ParseError(detail=None)`
|
||||
|
||||
Raised if the request contains malformed data when accessing `request.DATA` or `request.FILES`.
|
||||
Raised if the request contains malformed data when accessing `request.data`.
|
||||
|
||||
By default this exception results in a response with the HTTP status code "400 Bad Request".
|
||||
|
||||
|
@ -77,6 +140,14 @@ Raised when an authenticated request fails the permission checks.
|
|||
|
||||
By default this exception results in a response with the HTTP status code "403 Forbidden".
|
||||
|
||||
## NotFound
|
||||
|
||||
**Signature:** `NotFound(detail=None)`
|
||||
|
||||
Raised when a resource does not exists at the given URL. This exception is equivalent to the standard `Http404` Django exception.
|
||||
|
||||
By default this exception results in a response with the HTTP status code "404 Not Found".
|
||||
|
||||
## MethodNotAllowed
|
||||
|
||||
**Signature:** `MethodNotAllowed(method, detail=None)`
|
||||
|
@ -85,11 +156,19 @@ Raised when an incoming request occurs that does not map to a handler method on
|
|||
|
||||
By default this exception results in a response with the HTTP status code "405 Method Not Allowed".
|
||||
|
||||
## NotAcceptable
|
||||
|
||||
**Signature:** `NotAcceptable(detail=None)`
|
||||
|
||||
Raised when an incoming request occurs with an `Accept` header that cannot be satisfied by any of the available renderers.
|
||||
|
||||
By default this exception results in a response with the HTTP status code "406 Not Acceptable".
|
||||
|
||||
## UnsupportedMediaType
|
||||
|
||||
**Signature:** `UnsupportedMediaType(media_type, detail=None)`
|
||||
|
||||
Raised if there are no parsers that can handle the content type of the request data when accessing `request.DATA` or `request.FILES`.
|
||||
Raised if there are no parsers that can handle the content type of the request data when accessing `request.data`.
|
||||
|
||||
By default this exception results in a response with the HTTP status code "415 Unsupported Media Type".
|
||||
|
||||
|
@ -101,5 +180,23 @@ Raised when an incoming request fails the throttling checks.
|
|||
|
||||
By default this exception results in a response with the HTTP status code "429 Too Many Requests".
|
||||
|
||||
## ValidationError
|
||||
|
||||
**Signature:** `ValidationError(detail)`
|
||||
|
||||
The `ValidationError` exception is slightly different from the other `APIException` classes:
|
||||
|
||||
* The `detail` argument is mandatory, not optional.
|
||||
* The `detail` argument may be a list or dictionary of error details, and may also be a nested data structure.
|
||||
* By convention you should import the serializers module and use a fully qualified `ValidationError` style, in order to differentiate it from Django's built-in validation error. For example. `raise serializers.ValidationError('This field must be an integer value.')`
|
||||
|
||||
The `ValidationError` class should be used for serializer and field validation, and by validator classes. It is also raised when calling `serializer.is_valid` with the `raise_exception` keyword argument:
|
||||
|
||||
serializer.is_valid(raise_exception=True)
|
||||
|
||||
The generic views use the `raise_exception=True` flag, which means that you can override the style of validation error responses globally in your API. To do so, use a custom exception handler, as described above.
|
||||
|
||||
By default this exception results in a response with the HTTP status code "400 Bad Request".
|
||||
|
||||
[cite]: http://www.doughellmann.com/articles/how-tos/python-exception-handling/index.html
|
||||
[authentication]: authentication.md
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="fields.py"></a>
|
||||
source: fields.py
|
||||
|
||||
# Serializer fields
|
||||
|
||||
|
@ -10,7 +10,7 @@ Serializer fields handle converting between primitive values and internal dataty
|
|||
|
||||
---
|
||||
|
||||
**Note:** The serializer fields are declared in fields.py, but by convention you should import them using `from rest_framework import serializers` and refer to fields as `serializers.<FieldName>`.
|
||||
**Note:** The serializer fields are declared in `fields.py`, but by convention you should import them using `from rest_framework import serializers` and refer to fields as `serializers.<FieldName>`.
|
||||
|
||||
---
|
||||
|
||||
|
@ -18,17 +18,15 @@ Serializer fields handle converting between primitive values and internal dataty
|
|||
|
||||
Each serializer field class constructor takes at least these arguments. Some Field classes take additional, field-specific arguments, but the following should always be accepted:
|
||||
|
||||
### `source`
|
||||
|
||||
The name of the attribute that will be used to populate the field. May be a method that only takes a `self` argument, such as `Field(source='get_absolute_url')`, or may use dotted notation to traverse attributes, such as `Field(source='user.email')`.
|
||||
|
||||
The value `source='*'` has a special meaning, and is used to indicate that the entire object should be passed through to the field. This can be useful for creating nested representations. (See the implementation of the `PaginationSerializer` class for an example.)
|
||||
|
||||
Defaults to the name of the field.
|
||||
|
||||
### `read_only`
|
||||
|
||||
Set this to `True` to ensure that the field is used when serializing a representation, but is not used when updating an instance during deserialization.
|
||||
Set this to `True` to ensure that the field is used when serializing a representation, but is not used when creating or updating an instance during deserialization.
|
||||
|
||||
Defaults to `False`
|
||||
|
||||
### `write_only`
|
||||
|
||||
Set this to `True` to ensure that the field may be used when updating or creating an instance, but is not included when serializing the representation.
|
||||
|
||||
Defaults to `False`
|
||||
|
||||
|
@ -37,27 +35,40 @@ Defaults to `False`
|
|||
Normally an error will be raised if a field is not supplied during deserialization.
|
||||
Set to false if this field is not required to be present during deserialization.
|
||||
|
||||
Setting this to `False` also allows the object attribute or dictionary key to be omitted from output when serializing the instance. If the key is not present it will simply not be included in the output representation.
|
||||
|
||||
Defaults to `True`.
|
||||
|
||||
### `allow_null`
|
||||
|
||||
Normally an error will be raised if `None` is passed to a serializer field. Set this keyword argument to `True` if `None` should be considered a valid value.
|
||||
|
||||
Defaults to `False`
|
||||
|
||||
### `default`
|
||||
|
||||
If set, this gives the default value that will be used for the field if none is supplied. If not set the default behavior is to not populate the attribute at all.
|
||||
If set, this gives the default value that will be used for the field if no input value is supplied. If not set the default behavior is to not populate the attribute at all.
|
||||
|
||||
May be set to a function or other callable, in which case the value will be evaluated each time it is used.
|
||||
|
||||
Note that setting a `default` value implies that the field is not required. Including both the `default` and `required` keyword arguments is invalid and will raise an error.
|
||||
|
||||
### `source`
|
||||
|
||||
The name of the attribute that will be used to populate the field. May be a method that only takes a `self` argument, such as `URLField('get_absolute_url')`, or may use dotted notation to traverse attributes, such as `EmailField(source='user.email')`.
|
||||
|
||||
The value `source='*'` has a special meaning, and is used to indicate that the entire object should be passed through to the field. This can be useful for creating nested representations, or for fields which require access to the complete object in order to determine the output representation.
|
||||
|
||||
Defaults to the name of the field.
|
||||
|
||||
### `validators`
|
||||
|
||||
A list of Django validators that should be used to validate deserialized values.
|
||||
A list of validator functions which should be applied to the incoming field input, and which either raise a validation error or simply return. Validator functions should typically raise `serializers.ValidationError`, but Django's built-in `ValidationError` is also supported for compatibility with validators defined in the Django codebase or third party Django packages.
|
||||
|
||||
### `error_messages`
|
||||
|
||||
A dictionary of error codes to error messages.
|
||||
|
||||
### `widget`
|
||||
|
||||
Used only if rendering the field to HTML.
|
||||
This argument sets the widget that should be used to render the field.
|
||||
|
||||
### `label`
|
||||
|
||||
A short text string that may be used as the name of the field in HTML form fields or other descriptive elements.
|
||||
|
@ -66,115 +77,69 @@ A short text string that may be used as the name of the field in HTML form field
|
|||
|
||||
A text string that may be used as a description of the field in HTML form fields or other descriptive elements.
|
||||
|
||||
---
|
||||
### `initial`
|
||||
|
||||
# Generic Fields
|
||||
A value that should be used for pre-populating the value of HTML form fields.
|
||||
|
||||
These generic fields are used for representing arbitrary model fields or the output of model methods.
|
||||
### `style`
|
||||
|
||||
## Field
|
||||
A dictionary of key-value pairs that can be used to control how renderers should render the field. The API for this should still be considered experimental, and will be formalized with the 3.1 release.
|
||||
|
||||
A generic, **read-only** field. You can use this field for any attribute that does not need to support write operations.
|
||||
Two options are currently used in HTML form generation, `'input_type'` and `'base_template'`.
|
||||
|
||||
For example, using the following model.
|
||||
# Use <input type="password"> for the input.
|
||||
password = serializers.CharField(
|
||||
style={'input_type': 'password'}
|
||||
)
|
||||
|
||||
class Account(models.Model):
|
||||
owner = models.ForeignKey('auth.user')
|
||||
name = models.CharField(max_length=100)
|
||||
created = models.DateTimeField(auto_now_add=True)
|
||||
payment_expiry = models.DateTimeField()
|
||||
|
||||
def has_expired(self):
|
||||
now = datetime.datetime.now()
|
||||
return now > self.payment_expiry
|
||||
|
||||
A serializer definition that looked like this:
|
||||
|
||||
class AccountSerializer(serializers.HyperlinkedModelSerializer):
|
||||
expired = Field(source='has_expired')
|
||||
|
||||
class Meta:
|
||||
fields = ('url', 'owner', 'name', 'expired')
|
||||
|
||||
Would produce output similar to:
|
||||
|
||||
{
|
||||
'url': 'http://example.com/api/accounts/3/',
|
||||
'owner': 'http://example.com/api/users/12/',
|
||||
'name': 'FooCorp business account',
|
||||
'expired': True
|
||||
# Use a radio input instead of a select input.
|
||||
color_channel = serializers.ChoiceField(
|
||||
choices=['red', 'green', 'blue']
|
||||
style = {'base_template': 'radio.html'}
|
||||
}
|
||||
|
||||
By default, the `Field` class will perform a basic translation of the source value into primitive datatypes, falling back to unicode representations of complex datatypes when necessary.
|
||||
|
||||
You can customize this behavior by overriding the `.to_native(self, value)` method.
|
||||
|
||||
## WritableField
|
||||
|
||||
A field that supports both read and write operations. By itself `WritableField` does not perform any translation of input values into a given type. You won't typically use this field directly, but you may want to override it and implement the `.to_native(self, value)` and `.from_native(self, value)` methods.
|
||||
|
||||
## ModelField
|
||||
|
||||
A generic field that can be tied to any arbitrary model field. The `ModelField` class delegates the task of serialization/deserialization to it's associated model field. This field can be used to create serializer fields for custom model fields, without having to create a new custom serializer field.
|
||||
|
||||
The `ModelField` class is generally intended for internal use, but can be used by your API if needed. In order to properly instantiate a `ModelField`, it must be passed a field that is attached to an instantiated model. For example: `ModelField(model_field=MyModel()._meta.get_field('custom_field'))`
|
||||
|
||||
**Signature:** `ModelField(model_field=<Django ModelField instance>)`
|
||||
|
||||
## SerializerMethodField
|
||||
|
||||
This is a read-only field. It gets its value by calling a method on the serializer class it is attached to. It can be used to add any sort of data to the serialized representation of your object. The field's constructor accepts a single argument, which is the name of the method on the serializer to be called. The method should accept a single argument (in addition to `self`), which is the object being serialized. It should return whatever you want to be included in the serialized representation of the object. For example:
|
||||
|
||||
from rest_framework import serializers
|
||||
from django.contrib.auth.models import User
|
||||
from django.utils.timezone import now
|
||||
|
||||
class UserSerializer(serializers.ModelSerializer):
|
||||
|
||||
days_since_joined = serializers.SerializerMethodField('get_days_since_joined')
|
||||
|
||||
class Meta:
|
||||
model = User
|
||||
|
||||
def get_days_since_joined(self, obj):
|
||||
return (now() - obj.date_joined).days
|
||||
**Note**: The `style` argument replaces the old-style version 2.x `widget` keyword argument. Because REST framework 3 now uses templated HTML form generation, the `widget` option that was used to support Django built-in widgets can no longer be supported. Version 3.1 is planned to include public API support for customizing HTML form generation.
|
||||
|
||||
---
|
||||
|
||||
# Typed Fields
|
||||
|
||||
These fields represent basic datatypes, and support both reading and writing values.
|
||||
# Boolean fields
|
||||
|
||||
## BooleanField
|
||||
|
||||
A Boolean representation.
|
||||
A boolean representation.
|
||||
|
||||
When using HTML encoded form input be aware that omitting a value will always be treated as setting a field to `False`, even if it has a `default=True` option specified. This is because HTML checkbox inputs represent the unchecked state by omitting the value, so REST framework treats omission as if it is an empty checkbox input.
|
||||
|
||||
Corresponds to `django.db.models.fields.BooleanField`.
|
||||
|
||||
**Signature:** `BooleanField()`
|
||||
|
||||
## NullBooleanField
|
||||
|
||||
A boolean representation that also accepts `None` as a valid value.
|
||||
|
||||
Corresponds to `django.db.models.fields.NullBooleanField`.
|
||||
|
||||
**Signature:** `NullBooleanField()`
|
||||
|
||||
---
|
||||
|
||||
# String fields
|
||||
|
||||
## CharField
|
||||
|
||||
A text representation, optionally validates the text to be shorter than `max_length` and longer than `min_length`.
|
||||
A text representation. Optionally validates the text to be shorter than `max_length` and longer than `min_length`.
|
||||
|
||||
Corresponds to `django.db.models.fields.CharField`
|
||||
or `django.db.models.fields.TextField`.
|
||||
Corresponds to `django.db.models.fields.CharField` or `django.db.models.fields.TextField`.
|
||||
|
||||
**Signature:** `CharField(max_length=None, min_length=None)`
|
||||
**Signature:** `CharField(max_length=None, min_length=None, allow_blank=False, trim_whitespace=True)`
|
||||
|
||||
## URLField
|
||||
- `max_length` - Validates that the input contains no more than this number of characters.
|
||||
- `min_length` - Validates that the input contains no fewer than this number of characters.
|
||||
- `allow_blank` - If set to `True` then the empty string should be considered a valid value. If set to `False` then the empty string is considered invalid and will raise a validation error. Defaults to `False`.
|
||||
- `trim_whitespace` - If set to `True` then leading and trailing whitespace is trimmed. Defaults to `True`.
|
||||
|
||||
Corresponds to `django.db.models.fields.URLField`. Uses Django's `django.core.validators.URLValidator` for validation.
|
||||
|
||||
**Signature:** `CharField(max_length=200, min_length=None)`
|
||||
|
||||
## SlugField
|
||||
|
||||
Corresponds to `django.db.models.fields.SlugField`.
|
||||
|
||||
**Signature:** `CharField(max_length=50, min_length=None)`
|
||||
|
||||
## ChoiceField
|
||||
|
||||
A field that can accept a value out of a limited set of choices.
|
||||
The `allow_null` option is also available for string fields, although its usage is discouraged in favor of `allow_blank`. It is valid to set both `allow_blank=True` and `allow_null=True`, but doing so means that there will be two differing types of empty value permissible for string representations, which can lead to data inconsistencies and subtle application bugs.
|
||||
|
||||
## EmailField
|
||||
|
||||
|
@ -182,21 +147,120 @@ A text representation, validates the text to be a valid e-mail address.
|
|||
|
||||
Corresponds to `django.db.models.fields.EmailField`
|
||||
|
||||
**Signature:** `EmailField(max_length=None, min_length=None, allow_blank=False)`
|
||||
|
||||
## RegexField
|
||||
|
||||
A text representation, that validates the given value matches against a certain regular expression.
|
||||
|
||||
Corresponds to `django.forms.fields.RegexField`.
|
||||
|
||||
**Signature:** `RegexField(regex, max_length=None, min_length=None, allow_blank=False)`
|
||||
|
||||
The mandatory `regex` argument may either be a string, or a compiled python regular expression object.
|
||||
|
||||
Uses Django's `django.core.validators.RegexValidator` for validation.
|
||||
|
||||
Corresponds to `django.forms.fields.RegexField`
|
||||
## SlugField
|
||||
|
||||
**Signature:** `RegexField(regex, max_length=None, min_length=None)`
|
||||
A `RegexField` that validates the input against the pattern `[a-zA-Z0-9_-]+`.
|
||||
|
||||
Corresponds to `django.db.models.fields.SlugField`.
|
||||
|
||||
**Signature:** `SlugField(max_length=50, min_length=None, allow_blank=False)`
|
||||
|
||||
## URLField
|
||||
|
||||
A `RegexField` that validates the input against a URL matching pattern. Expects fully qualified URLs of the form `http://<host>/<path>`.
|
||||
|
||||
Corresponds to `django.db.models.fields.URLField`. Uses Django's `django.core.validators.URLValidator` for validation.
|
||||
|
||||
**Signature:** `URLField(max_length=200, min_length=None, allow_blank=False)`
|
||||
|
||||
## UUIDField
|
||||
|
||||
A field that ensures the input is a valid UUID string. The `to_internal_value` method will return a `uuid.UUID` instance. On output the field will return a string in the canonical hyphenated format, for example:
|
||||
|
||||
"de305d54-75b4-431b-adb2-eb6b9e546013"
|
||||
|
||||
---
|
||||
|
||||
# Numeric fields
|
||||
|
||||
## IntegerField
|
||||
|
||||
An integer representation.
|
||||
|
||||
Corresponds to `django.db.models.fields.IntegerField`, `django.db.models.fields.SmallIntegerField`, `django.db.models.fields.PositiveIntegerField` and `django.db.models.fields.PositiveSmallIntegerField`.
|
||||
|
||||
**Signature**: `IntegerField(max_value=None, min_value=None)`
|
||||
|
||||
- `max_value` Validate that the number provided is no greater than this value.
|
||||
- `min_value` Validate that the number provided is no less than this value.
|
||||
|
||||
## FloatField
|
||||
|
||||
A floating point representation.
|
||||
|
||||
Corresponds to `django.db.models.fields.FloatField`.
|
||||
|
||||
**Signature**: `FloatField(max_value=None, min_value=None)`
|
||||
|
||||
- `max_value` Validate that the number provided is no greater than this value.
|
||||
- `min_value` Validate that the number provided is no less than this value.
|
||||
|
||||
## DecimalField
|
||||
|
||||
A decimal representation, represented in Python by a `Decimal` instance.
|
||||
|
||||
Corresponds to `django.db.models.fields.DecimalField`.
|
||||
|
||||
**Signature**: `DecimalField(max_digits, decimal_places, coerce_to_string=None, max_value=None, min_value=None)`
|
||||
|
||||
- `max_digits` The maximum number of digits allowed in the number. Note that this number must be greater than or equal to decimal_places.
|
||||
- `decimal_places` The number of decimal places to store with the number.
|
||||
- `coerce_to_string` Set to `True` if string values should be returned for the representation, or `False` if `Decimal` objects should be returned. Defaults to the same value as the `COERCE_DECIMAL_TO_STRING` settings key, which will be `True` unless overridden. If `Decimal` objects are returned by the serializer, then the final output format will be determined by the renderer.
|
||||
- `max_value` Validate that the number provided is no greater than this value.
|
||||
- `min_value` Validate that the number provided is no less than this value.
|
||||
|
||||
#### Example usage
|
||||
|
||||
To validate numbers up to 999 with a resolution of 2 decimal places, you would use:
|
||||
|
||||
serializers.DecimalField(max_digits=5, decimal_places=2)
|
||||
|
||||
And to validate numbers up to anything less than one billion with a resolution of 10 decimal places:
|
||||
|
||||
serializers.DecimalField(max_digits=19, decimal_places=10)
|
||||
|
||||
This field also takes an optional argument, `coerce_to_string`. If set to `True` the representation will be output as a string. If set to `False` the representation will be left as a `Decimal` instance and the final representation will be determined by the renderer.
|
||||
|
||||
If unset, this will default to the same value as the `COERCE_DECIMAL_TO_STRING` setting, which is `True` unless set otherwise.
|
||||
|
||||
---
|
||||
|
||||
# Date and time fields
|
||||
|
||||
## DateTimeField
|
||||
|
||||
A date and time representation.
|
||||
|
||||
Corresponds to `django.db.models.fields.DateTimeField`
|
||||
Corresponds to `django.db.models.fields.DateTimeField`.
|
||||
|
||||
**Signature:** `DateTimeField(format=None, input_formats=None)`
|
||||
|
||||
* `format` - A string representing the output format. If not specified, this defaults to the same value as the `DATETIME_FORMAT` settings key, which will be `'iso-8601'` unless set. Setting to a format string indicates that `to_representation` return values should be coerced to string output. Format strings are described below. Setting this value to `None` indicates that Python `datetime` objects should be returned by `to_representation`. In this case the datetime encoding will be determined by the renderer.
|
||||
* `input_formats` - A list of strings representing the input formats which may be used to parse the date. If not specified, the `DATETIME_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`.
|
||||
|
||||
#### `DateTimeField` format strings.
|
||||
|
||||
Format strings may either be [Python strftime formats][strftime] which explicitly specify the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style datetimes should be used. (eg `'2013-01-29T12:34:56.000000Z'`)
|
||||
|
||||
When a value of `None` is used for the format `datetime` objects will be returned by `to_representation` and the final output representation will determined by the renderer class.
|
||||
|
||||
In the case of JSON this means the default datetime representation uses the [ECMA 262 date time string specification][ecma262]. This is a subset of ISO 8601 which uses millisecond precision, and includes the 'Z' suffix for the UTC timezone, for example: `2013-01-29T12:34:56.123Z`.
|
||||
|
||||
#### `auto_now` and `auto_now_add` model fields.
|
||||
|
||||
When using `ModelSerializer` or `HyperlinkedModelSerializer`, note that any model fields with `auto_now=True` or `auto_now_add=True` will use serializer fields that are `read_only=True` by default.
|
||||
|
||||
|
@ -208,17 +272,6 @@ If you want to override this behavior, you'll need to declare the `DateTimeField
|
|||
class Meta:
|
||||
model = Comment
|
||||
|
||||
Note that by default, datetime representations are determined by the renderer in use, although this can be explicitly overridden as detailed below.
|
||||
|
||||
In the case of JSON this means the default datetime representation uses the [ECMA 262 date time string specification][ecma262]. This is a subset of ISO 8601 which uses millisecond precision, and includes the 'Z' suffix for the UTC timezone, for example: `2013-01-29T12:34:56.123Z`.
|
||||
|
||||
**Signature:** `DateTimeField(format=None, input_formats=None)`
|
||||
|
||||
* `format` - A string representing the output format. If not specified, this defaults to `None`, which indicates that Python `datetime` objects should be returned by `to_native`. In this case the datetime encoding will be determined by the renderer.
|
||||
* `input_formats` - A list of strings representing the input formats which may be used to parse the date. If not specified, the `DATETIME_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`.
|
||||
|
||||
DateTime format strings may either be [Python strftime formats][strftime] which explicitly specify the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style datetimes should be used. (eg `'2013-01-29T12:34:56.000000Z'`)
|
||||
|
||||
## DateField
|
||||
|
||||
A date representation.
|
||||
|
@ -227,43 +280,64 @@ Corresponds to `django.db.models.fields.DateField`
|
|||
|
||||
**Signature:** `DateField(format=None, input_formats=None)`
|
||||
|
||||
* `format` - A string representing the output format. If not specified, this defaults to `None`, which indicates that Python `date` objects should be returned by `to_native`. In this case the date encoding will be determined by the renderer.
|
||||
* `format` - A string representing the output format. If not specified, this defaults to the same value as the `DATE_FORMAT` settings key, which will be `'iso-8601'` unless set. Setting to a format string indicates that `to_representation` return values should be coerced to string output. Format strings are described below. Setting this value to `None` indicates that Python `date` objects should be returned by `to_representation`. In this case the date encoding will be determined by the renderer.
|
||||
* `input_formats` - A list of strings representing the input formats which may be used to parse the date. If not specified, the `DATE_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`.
|
||||
|
||||
Date format strings may either be [Python strftime formats][strftime] which explicitly specify the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style dates should be used. (eg `'2013-01-29'`)
|
||||
#### `DateField` format strings
|
||||
|
||||
Format strings may either be [Python strftime formats][strftime] which explicitly specify the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style dates should be used. (eg `'2013-01-29'`)
|
||||
|
||||
## TimeField
|
||||
|
||||
A time representation.
|
||||
|
||||
Optionally takes `format` as parameter to replace the matching pattern.
|
||||
|
||||
Corresponds to `django.db.models.fields.TimeField`
|
||||
|
||||
**Signature:** `TimeField(format=None, input_formats=None)`
|
||||
|
||||
* `format` - A string representing the output format. If not specified, this defaults to `None`, which indicates that Python `time` objects should be returned by `to_native`. In this case the time encoding will be determined by the renderer.
|
||||
* `format` - A string representing the output format. If not specified, this defaults to the same value as the `TIME_FORMAT` settings key, which will be `'iso-8601'` unless set. Setting to a format string indicates that `to_representation` return values should be coerced to string output. Format strings are described below. Setting this value to `None` indicates that Python `time` objects should be returned by `to_representation`. In this case the time encoding will be determined by the renderer.
|
||||
* `input_formats` - A list of strings representing the input formats which may be used to parse the date. If not specified, the `TIME_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`.
|
||||
|
||||
Time format strings may either be [Python strftime formats][strftime] which explicitly specify the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style times should be used. (eg `'12:34:56.000000'`)
|
||||
#### `TimeField` format strings
|
||||
|
||||
## IntegerField
|
||||
Format strings may either be [Python strftime formats][strftime] which explicitly specify the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style times should be used. (eg `'12:34:56.000000'`)
|
||||
|
||||
An integer representation.
|
||||
---
|
||||
|
||||
Corresponds to `django.db.models.fields.IntegerField`, `django.db.models.fields.SmallIntegerField`, `django.db.models.fields.PositiveIntegerField` and `django.db.models.fields.PositiveSmallIntegerField`
|
||||
# Choice selection fields
|
||||
|
||||
## FloatField
|
||||
## ChoiceField
|
||||
|
||||
A floating point representation.
|
||||
A field that can accept a value out of a limited set of choices.
|
||||
|
||||
Corresponds to `django.db.models.fields.FloatField`.
|
||||
Used by `ModelSerializer` to automatically generate fields if the corresponding model field includes a `choices=…` argument.
|
||||
|
||||
## DecimalField
|
||||
**Signature:** `ChoiceField(choices)`
|
||||
|
||||
A decimal representation.
|
||||
- `choices` - A list of valid values, or a list of `(key, display_name)` tuples.
|
||||
- `allow_blank` - If set to `True` then the empty string should be considered a valid value. If set to `False` then the empty string is considered invalid and will raise a validation error. Defaults to `False`.
|
||||
|
||||
Corresponds to `django.db.models.fields.DecimalField`.
|
||||
Both the `allow_blank` and `allow_null` are valid options on `ChoiceField`, although it is highly recommended that you only use one and not both. `allow_blank` should be preferred for textual choices, and `allow_null` should be preferred for numeric or other non-textual choices.
|
||||
|
||||
## MultipleChoiceField
|
||||
|
||||
A field that can accept a set of zero, one or many values, chosen from a limited set of choices. Takes a single mandatory argument. `to_internal_value` returns a `set` containing the selected values.
|
||||
|
||||
**Signature:** `MultipleChoiceField(choices)`
|
||||
|
||||
- `choices` - A list of valid values, or a list of `(key, display_name)` tuples.
|
||||
- `allow_blank` - If set to `True` then the empty string should be considered a valid value. If set to `False` then the empty string is considered invalid and will raise a validation error. Defaults to `False`.
|
||||
|
||||
As with `ChoiceField`, both the `allow_blank` and `allow_null` options are valid, although it is highly recommended that you only use one and not both. `allow_blank` should be preferred for textual choices, and `allow_null` should be preferred for numeric or other non-textual choices.
|
||||
|
||||
---
|
||||
|
||||
# File upload fields
|
||||
|
||||
#### Parsers and file uploads.
|
||||
|
||||
The `FileField` and `ImageField` classes are only suitable for use with `MultiPartParser` or `FileUploadParser`. Most parsers, such as e.g. JSON don't support file uploads.
|
||||
Django's regular [FILE_UPLOAD_HANDLERS] are used for handling uploaded files.
|
||||
|
||||
## FileField
|
||||
|
||||
|
@ -271,34 +345,145 @@ A file representation. Performs Django's standard FileField validation.
|
|||
|
||||
Corresponds to `django.forms.fields.FileField`.
|
||||
|
||||
**Signature:** `FileField(max_length=None, allow_empty_file=False)`
|
||||
**Signature:** `FileField(max_length=None, allow_empty_file=False, use_url=UPLOADED_FILES_USE_URL)`
|
||||
|
||||
- `max_length` designates the maximum length for the file name.
|
||||
|
||||
- `allow_empty_file` designates if empty files are allowed.
|
||||
- `max_length` - Designates the maximum length for the file name.
|
||||
- `allow_empty_file` - Designates if empty files are allowed.
|
||||
- `use_url` - If set to `True` then URL string values will be used for the output representation. If set to `False` then filename string values will be used for the output representation. Defaults to the value of the `UPLOADED_FILES_USE_URL` settings key, which is `True` unless set otherwise.
|
||||
|
||||
## ImageField
|
||||
|
||||
An image representation.
|
||||
An image representation. Validates the uploaded file content as matching a known image format.
|
||||
|
||||
Corresponds to `django.forms.fields.ImageField`.
|
||||
|
||||
Requires the `PIL` package.
|
||||
**Signature:** `ImageField(max_length=None, allow_empty_file=False, use_url=UPLOADED_FILES_USE_URL)`
|
||||
|
||||
Signature and validation is the same as with `FileField`.
|
||||
- `max_length` - Designates the maximum length for the file name.
|
||||
- `allow_empty_file` - Designates if empty files are allowed.
|
||||
- `use_url` - If set to `True` then URL string values will be used for the output representation. If set to `False` then filename string values will be used for the output representation. Defaults to the value of the `UPLOADED_FILES_USE_URL` settings key, which is `True` unless set otherwise.
|
||||
|
||||
Requires either the `Pillow` package or `PIL` package. The `Pillow` package is recommended, as `PIL` is no longer actively maintained.
|
||||
|
||||
---
|
||||
|
||||
**Note:** `FileFields` and `ImageFields` are only suitable for use with MultiPartParser, since e.g. json doesn't support file uploads.
|
||||
Django's regular [FILE_UPLOAD_HANDLERS] are used for handling uploaded files.
|
||||
# Composite fields
|
||||
|
||||
## ListField
|
||||
|
||||
A field class that validates a list of objects.
|
||||
|
||||
**Signature**: `ListField(child)`
|
||||
|
||||
- `child` - A field instance that should be used for validating the objects in the list. If this argument is not provided then objects in the list will not be validated.
|
||||
|
||||
For example, to validate a list of integers you might use something like the following:
|
||||
|
||||
scores = serializers.ListField(
|
||||
child=serializers.IntegerField(min_value=0, max_value=100)
|
||||
)
|
||||
|
||||
The `ListField` class also supports a declarative style that allows you to write reusable list field classes.
|
||||
|
||||
class StringListField(serializers.ListField):
|
||||
child = serializers.CharField()
|
||||
|
||||
We can now reuse our custom `StringListField` class throughout our application, without having to provide a `child` argument to it.
|
||||
|
||||
## DictField
|
||||
|
||||
A field class that validates a dictionary of objects. The keys in `DictField` are always assumed to be string values.
|
||||
|
||||
**Signature**: `DictField(child)`
|
||||
|
||||
- `child` - A field instance that should be used for validating the values in the dictionary. If this argument is not provided then values in the mapping will not be validated.
|
||||
|
||||
For example, to create a field that validates a mapping of strings to strings, you would write something like this:
|
||||
|
||||
document = DictField(child=CharField())
|
||||
|
||||
You can also use the declarative style, as with `ListField`. For example:
|
||||
|
||||
class DocumentField(DictField):
|
||||
child = CharField()
|
||||
|
||||
---
|
||||
|
||||
# Miscellaneous fields
|
||||
|
||||
## ReadOnlyField
|
||||
|
||||
A field class that simply returns the value of the field without modification.
|
||||
|
||||
This field is used by default with `ModelSerializer` when including field names that relate to an attribute rather than a model field.
|
||||
|
||||
**Signature**: `ReadOnlyField()`
|
||||
|
||||
For example, is `has_expired` was a property on the `Account` model, then the following serializer would automatically generate it as a `ReadOnlyField`:
|
||||
|
||||
class AccountSerializer(serializers.ModelSerializer):
|
||||
class Meta:
|
||||
model = Account
|
||||
fields = ('id', 'account_name', 'has_expired')
|
||||
|
||||
## HiddenField
|
||||
|
||||
A field class that does not take a value based on user input, but instead takes its value from a default value or callable.
|
||||
|
||||
**Signature**: `HiddenField()`
|
||||
|
||||
For example, to include a field that always provides the current time as part of the serializer validated data, you would use the following:
|
||||
|
||||
modified = serializer.HiddenField(default=timezone.now)
|
||||
|
||||
The `HiddenField` class is usually only needed if you have some validation that needs to run based on some pre-provided field values, but you do not want to expose all of those fields to the end user.
|
||||
|
||||
For further examples on `HiddenField` see the [validators](validators.md) documentation.
|
||||
|
||||
## ModelField
|
||||
|
||||
A generic field that can be tied to any arbitrary model field. The `ModelField` class delegates the task of serialization/deserialization to its associated model field. This field can be used to create serializer fields for custom model fields, without having to create a new custom serializer field.
|
||||
|
||||
This field is used by `ModelSerializer` to correspond to custom model field classes.
|
||||
|
||||
**Signature:** `ModelField(model_field=<Django ModelField instance>)`
|
||||
|
||||
The `ModelField` class is generally intended for internal use, but can be used by your API if needed. In order to properly instantiate a `ModelField`, it must be passed a field that is attached to an instantiated model. For example: `ModelField(model_field=MyModel()._meta.get_field('custom_field'))`
|
||||
|
||||
## SerializerMethodField
|
||||
|
||||
This is a read-only field. It gets its value by calling a method on the serializer class it is attached to. It can be used to add any sort of data to the serialized representation of your object.
|
||||
|
||||
**Signature**: `SerializerMethodField(method_name=None)`
|
||||
|
||||
- `method_name` - The name of the method on the serializer to be called. If not included this defaults to `get_<field_name>`.
|
||||
|
||||
The serializer method referred to by the `method_name` argument should accept a single argument (in addition to `self`), which is the object being serialized. It should return whatever you want to be included in the serialized representation of the object. For example:
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from django.utils.timezone import now
|
||||
from rest_framework import serializers
|
||||
|
||||
class UserSerializer(serializers.ModelSerializer):
|
||||
days_since_joined = serializers.SerializerMethodField()
|
||||
|
||||
class Meta:
|
||||
model = User
|
||||
|
||||
def get_days_since_joined(self, obj):
|
||||
return (now() - obj.date_joined).days
|
||||
|
||||
---
|
||||
|
||||
# Custom fields
|
||||
|
||||
If you want to create a custom field, you'll probably want to override either one or both of the `.to_native()` and `.from_native()` methods. These two methods are used to convert between the initial datatype, and a primative, serializable datatype. Primative datatypes may be any of a number, string, date/time/datetime or None. They may also be any list or dictionary like object that only contains other primative objects.
|
||||
If you want to create a custom field, you'll need to subclass `Field` and then override either one or both of the `.to_representation()` and `.to_internal_value()` methods. These two methods are used to convert between the initial datatype, and a primitive, serializable datatype. Primitive datatypes will typically be any of a number, string, boolean, `date`/`time`/`datetime` or `None`. They may also be any list or dictionary like object that only contains other primitive objects. Other types might be supported, depending on the renderer that you are using.
|
||||
|
||||
The `.to_native()` method is called to convert the initial datatype into a primative, serializable datatype. The `from_native()` method is called to restore a primative datatype into it's initial representation.
|
||||
The `.to_representation()` method is called to convert the initial datatype into a primitive, serializable datatype.
|
||||
|
||||
The `to_internal_value()` method is called to restore a primitive datatype into its internal python representation. This method should raise a `serializer.ValidationError` if the data is invalid.
|
||||
|
||||
Note that the `WritableField` class that was present in version 2.x no longer exists. You should subclass `Field` and override `to_internal_value()` if the field supports data input.
|
||||
|
||||
## Examples
|
||||
|
||||
|
@ -313,32 +498,114 @@ Let's look at an example of serializing a class that represents an RGB color val
|
|||
assert(red < 256 and green < 256 and blue < 256)
|
||||
self.red, self.green, self.blue = red, green, blue
|
||||
|
||||
class ColourField(serializers.WritableField):
|
||||
class ColorField(serializers.Field):
|
||||
"""
|
||||
Color objects are serialized into "rgb(#, #, #)" notation.
|
||||
Color objects are serialized into 'rgb(#, #, #)' notation.
|
||||
"""
|
||||
def to_native(self, obj):
|
||||
def to_representation(self, obj):
|
||||
return "rgb(%d, %d, %d)" % (obj.red, obj.green, obj.blue)
|
||||
|
||||
def from_native(self, data):
|
||||
def to_internal_value(self, data):
|
||||
data = data.strip('rgb(').rstrip(')')
|
||||
red, green, blue = [int(col) for col in data.split(',')]
|
||||
return Color(red, green, blue)
|
||||
|
||||
|
||||
By default field values are treated as mapping to an attribute on the object. If you need to customize how the field value is accessed and set you need to override `.field_to_native()` and/or `.field_from_native()`.
|
||||
By default field values are treated as mapping to an attribute on the object. If you need to customize how the field value is accessed and set you need to override `.get_attribute()` and/or `.get_value()`.
|
||||
|
||||
As an example, let's create a field that can be used represent the class name of the object being serialized:
|
||||
|
||||
class ClassNameField(serializers.Field):
|
||||
def field_to_native(self, obj, field_name):
|
||||
def get_attribute(self, obj):
|
||||
# We pass the object instance onto `to_representation`,
|
||||
# not just the field attribute.
|
||||
return obj
|
||||
|
||||
def to_representation(self, obj):
|
||||
"""
|
||||
Serialize the object's class name.
|
||||
"""
|
||||
return obj.__class__
|
||||
return obj.__class__.__name__
|
||||
|
||||
#### Raising validation errors
|
||||
|
||||
Our `ColorField` class above currently does not perform any data validation.
|
||||
To indicate invalid data, we should raise a `serializers.ValidationError`, like so:
|
||||
|
||||
def to_internal_value(self, data):
|
||||
if not isinstance(data, six.text_type):
|
||||
msg = 'Incorrect type. Expected a string, but got %s'
|
||||
raise ValidationError(msg % type(data).__name__)
|
||||
|
||||
if not re.match(r'^rgb\([0-9]+,[0-9]+,[0-9]+\)$', data):
|
||||
raise ValidationError('Incorrect format. Expected `rgb(#,#,#)`.')
|
||||
|
||||
data = data.strip('rgb(').rstrip(')')
|
||||
red, green, blue = [int(col) for col in data.split(',')]
|
||||
|
||||
if any([col > 255 or col < 0 for col in (red, green, blue)]):
|
||||
raise ValidationError('Value out of range. Must be between 0 and 255.')
|
||||
|
||||
return Color(red, green, blue)
|
||||
|
||||
The `.fail()` method is a shortcut for raising `ValidationError` that takes a message string from the `error_messages` dictionary. For example:
|
||||
|
||||
default_error_messages = {
|
||||
'incorrect_type': 'Incorrect type. Expected a string, but got {input_type}',
|
||||
'incorrect_format': 'Incorrect format. Expected `rgb(#,#,#)`.',
|
||||
'out_of_range': 'Value out of range. Must be between 0 and 255.'
|
||||
}
|
||||
|
||||
def to_internal_value(self, data):
|
||||
if not isinstance(data, six.text_type):
|
||||
msg = 'Incorrect type. Expected a string, but got %s'
|
||||
self.fail('incorrect_type', input_type=type(data).__name__)
|
||||
|
||||
if not re.match(r'^rgb\([0-9]+,[0-9]+,[0-9]+\)$', data):
|
||||
self.fail('incorrect_format')
|
||||
|
||||
data = data.strip('rgb(').rstrip(')')
|
||||
red, green, blue = [int(col) for col in data.split(',')]
|
||||
|
||||
if any([col > 255 or col < 0 for col in (red, green, blue)]):
|
||||
self.fail('out_of_range')
|
||||
|
||||
return Color(red, green, blue)
|
||||
|
||||
This style keeps you error messages more cleanly separated from your code, and should be preferred.
|
||||
|
||||
# Third party packages
|
||||
|
||||
The following third party packages are also available.
|
||||
|
||||
## DRF Compound Fields
|
||||
|
||||
The [drf-compound-fields][drf-compound-fields] package provides "compound" serializer fields, such as lists of simple values, which can be described by other fields rather than serializers with the `many=True` option. Also provided are fields for typed dictionaries and values that can be either a specific type or a list of items of that type.
|
||||
|
||||
## DRF Extra Fields
|
||||
|
||||
The [drf-extra-fields][drf-extra-fields] package provides extra serializer fields for REST framework, including `Base64ImageField` and `PointField` classes.
|
||||
|
||||
## djangrestframework-recursive
|
||||
|
||||
the [djangorestframework-recursive][djangorestframework-recursive] package provides a `RecursiveField` for serializing and deserializing recursive structures
|
||||
|
||||
## django-rest-framework-gis
|
||||
|
||||
The [django-rest-framework-gis][django-rest-framework-gis] package provides geographic addons for django rest framework like a `GeometryField` field and a GeoJSON serializer.
|
||||
|
||||
## django-rest-framework-hstore
|
||||
|
||||
The [django-rest-framework-hstore][django-rest-framework-hstore] package provides an `HStoreField` to support [django-hstore][django-hstore] `DictionaryField` model field.
|
||||
|
||||
[cite]: https://docs.djangoproject.com/en/dev/ref/forms/api/#django.forms.Form.cleaned_data
|
||||
[FILE_UPLOAD_HANDLERS]: https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-FILE_UPLOAD_HANDLERS
|
||||
[ecma262]: http://ecma-international.org/ecma-262/5.1/#sec-15.9.1.15
|
||||
[strftime]: http://docs.python.org/2/library/datetime.html#strftime-and-strptime-behavior
|
||||
[django-widgets]: https://docs.djangoproject.com/en/dev/ref/forms/widgets/
|
||||
[iso8601]: http://www.w3.org/TR/NOTE-datetime
|
||||
[drf-compound-fields]: http://drf-compound-fields.readthedocs.org
|
||||
[drf-extra-fields]: https://github.com/Hipo/drf-extra-fields
|
||||
[djangorestframework-recursive]: https://github.com/heywbj/django-rest-framework-recursive
|
||||
[django-rest-framework-gis]: https://github.com/djangonauts/django-rest-framework-gis
|
||||
[django-rest-framework-hstore]: https://github.com/djangonauts/django-rest-framework-hstore
|
||||
[django-hstore]: https://github.com/djangonauts/django-hstore
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="filters.py"></a>
|
||||
source: filters.py
|
||||
|
||||
# Filtering
|
||||
|
||||
|
@ -20,7 +20,11 @@ You can do so by filtering based on the value of `request.user`.
|
|||
|
||||
For example:
|
||||
|
||||
class PurchaseList(generics.ListAPIView)
|
||||
from myapp.models import Purchase
|
||||
from myapp.serializers import PurchaseSerializer
|
||||
from rest_framework import generics
|
||||
|
||||
class PurchaseList(generics.ListAPIView):
|
||||
serializer_class = PurchaseSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
|
@ -42,7 +46,7 @@ For example if your URL config contained an entry like this:
|
|||
|
||||
You could then write a view that returned a purchase queryset filtered by the username portion of the URL:
|
||||
|
||||
class PurchaseList(generics.ListAPIView)
|
||||
class PurchaseList(generics.ListAPIView):
|
||||
serializer_class = PurchaseSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
|
@ -59,7 +63,7 @@ A final example of filtering the initial queryset would be to determine the init
|
|||
|
||||
We can override `.get_queryset()` to deal with URLs such as `http://example.com/api/purchases?username=denvercoder9`, and filter the queryset only if the `username` parameter is included in the URL:
|
||||
|
||||
class PurchaseList(generics.ListAPIView)
|
||||
class PurchaseList(generics.ListAPIView):
|
||||
serializer_class = PurchaseSerializer
|
||||
|
||||
def get_queryset(self):
|
||||
|
@ -90,6 +94,11 @@ The default filter backends may be set globally, using the `DEFAULT_FILTER_BACKE
|
|||
You can also set the filter backends on a per-view, or per-viewset basis,
|
||||
using the `GenericAPIView` class based views.
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from myapp.serializers import UserSerializer
|
||||
from rest_framework import filters
|
||||
from rest_framework import generics
|
||||
|
||||
class UserListView(generics.ListAPIView):
|
||||
queryset = User.objects.all()
|
||||
serializer = UserSerializer
|
||||
|
@ -150,9 +159,14 @@ This will automatically create a `FilterSet` class for the given fields, and wil
|
|||
|
||||
For more advanced filtering requirements you can specify a `FilterSet` class that should be used by the view. For example:
|
||||
|
||||
import django_filters
|
||||
from myapp.models import Product
|
||||
from myapp.serializers import ProductSerializer
|
||||
from rest_framework import generics
|
||||
|
||||
class ProductFilter(django_filters.FilterSet):
|
||||
min_price = django_filters.NumberFilter(lookup_type='gte')
|
||||
max_price = django_filters.NumberFilter(lookup_type='lte')
|
||||
min_price = django_filters.NumberFilter(name="price", lookup_type='gte')
|
||||
max_price = django_filters.NumberFilter(name="price", lookup_type='lte')
|
||||
class Meta:
|
||||
model = Product
|
||||
fields = ['category', 'in_stock', 'min_price', 'max_price']
|
||||
|
@ -162,10 +176,47 @@ For more advanced filtering requirements you can specify a `FilterSet` class tha
|
|||
serializer_class = ProductSerializer
|
||||
filter_class = ProductFilter
|
||||
|
||||
|
||||
Which will allow you to make requests such as:
|
||||
|
||||
http://example.com/api/products?category=clothing&max_price=10.00
|
||||
|
||||
You can also span relationships using `django-filter`, let's assume that each
|
||||
product has foreign key to `Manufacturer` model, so we create filter that
|
||||
filters using `Manufacturer` name. For example:
|
||||
|
||||
import django_filters
|
||||
from myapp.models import Product
|
||||
from myapp.serializers import ProductSerializer
|
||||
from rest_framework import generics
|
||||
|
||||
class ProductFilter(django_filters.FilterSet):
|
||||
class Meta:
|
||||
model = Product
|
||||
fields = ['category', 'in_stock', 'manufacturer__name']
|
||||
|
||||
This enables us to make queries like:
|
||||
|
||||
http://example.com/api/products?manufacturer__name=foo
|
||||
|
||||
This is nice, but it exposes the Django's double underscore convention as part of the API. If you instead want to explicitly name the filter argument you can instead explicitly include it on the `FilterSet` class:
|
||||
|
||||
import django_filters
|
||||
from myapp.models import Product
|
||||
from myapp.serializers import ProductSerializer
|
||||
from rest_framework import generics
|
||||
|
||||
class ProductFilter(django_filters.FilterSet):
|
||||
manufacturer = django_filters.CharFilter(name="manufacturer__name")
|
||||
|
||||
class Meta:
|
||||
model = Product
|
||||
fields = ['category', 'in_stock', 'manufacturer']
|
||||
|
||||
And now you can execute:
|
||||
|
||||
http://example.com/api/products?manufacturer=foo
|
||||
|
||||
For more details on using filter sets see the [django-filter documentation][django-filter-docs].
|
||||
|
||||
---
|
||||
|
@ -181,9 +232,9 @@ For more details on using filter sets see the [django-filter documentation][djan
|
|||
|
||||
## SearchFilter
|
||||
|
||||
The `SearchFilterBackend` class supports simple single query parameter based searching, and is based on the [Django admin's search functionality][search-django-admin].
|
||||
The `SearchFilter` class supports simple single query parameter based searching, and is based on the [Django admin's search functionality][search-django-admin].
|
||||
|
||||
The `SearchFilterBackend` class will only be applied if the view has a `search_fields` attribute set. The `search_fields` attribute should be a list of names of text type fields on the model, such as `CharField` or `TextField`.
|
||||
The `SearchFilter` class will only be applied if the view has a `search_fields` attribute set. The `search_fields` attribute should be a list of names of text type fields on the model, such as `CharField` or `TextField`.
|
||||
|
||||
class UserListView(generics.ListAPIView):
|
||||
queryset = User.objects.all()
|
||||
|
@ -211,13 +262,17 @@ For example:
|
|||
|
||||
search_fields = ('=username', '=email')
|
||||
|
||||
By default, the search parameter is named `'search`', but this may be overridden with the `SEARCH_PARAM` setting.
|
||||
|
||||
For more details, see the [Django documentation][search-django-admin].
|
||||
|
||||
---
|
||||
|
||||
## OrderingFilter
|
||||
|
||||
The `OrderingFilter` class supports simple query parameter controlled ordering of results. To specify the result order, set a query parameter named `'ordering'` to the required field name. For example:
|
||||
The `OrderingFilter` class supports simple query parameter controlled ordering of results. By default, the query parameter is named `'ordering'`, but this may by overridden with the `ORDERING_PARAM` setting.
|
||||
|
||||
For example, to order users by username:
|
||||
|
||||
http://example.com/api/users?ordering=username
|
||||
|
||||
|
@ -229,20 +284,88 @@ Multiple orderings may also be specified:
|
|||
|
||||
http://example.com/api/users?ordering=account,username
|
||||
|
||||
### Specifying which fields may be ordered against
|
||||
|
||||
It's recommended that you explicitly specify which fields the API should allowing in the ordering filter. You can do this by setting an `ordering_fields` attribute on the view, like so:
|
||||
|
||||
class UserListView(generics.ListAPIView):
|
||||
queryset = User.objects.all()
|
||||
serializer_class = UserSerializer
|
||||
filter_backends = (filters.OrderingFilter,)
|
||||
ordering_fields = ('username', 'email')
|
||||
|
||||
This helps prevent unexpected data leakage, such as allowing users to order against a password hash field or other sensitive data.
|
||||
|
||||
If you *don't* specify an `ordering_fields` attribute on the view, the filter class will default to allowing the user to filter on any readable fields on the serializer specified by the `serializer_class` attribute.
|
||||
|
||||
If you are confident that the queryset being used by the view doesn't contain any sensitive data, you can also explicitly specify that a view should allow ordering on *any* model field or queryset aggregate, by using the special value `'__all__'`.
|
||||
|
||||
class BookingsListView(generics.ListAPIView):
|
||||
queryset = Booking.objects.all()
|
||||
serializer_class = BookingSerializer
|
||||
filter_backends = (filters.OrderingFilter,)
|
||||
ordering_fields = '__all__'
|
||||
|
||||
### Specifying a default ordering
|
||||
|
||||
If an `ordering` attribute is set on the view, this will be used as the default ordering.
|
||||
|
||||
Typically you'd instead control this by setting `order_by` on the initial queryset, but using the `ordering` parameter on the view allows you to specify the ordering in a way that it can then be passed automatically as context to a rendered template. This makes it possible to automatically render column headers differently if they are being used to order the results.
|
||||
|
||||
class UserListView(generics.ListAPIView):
|
||||
queryset = User.objects.all()
|
||||
serializer = UserSerializer
|
||||
serializer_class = UserSerializer
|
||||
filter_backends = (filters.OrderingFilter,)
|
||||
ordering_fields = ('username', 'email')
|
||||
ordering = ('username',)
|
||||
|
||||
The `ordering` attribute may be either a string or a list/tuple of strings.
|
||||
|
||||
---
|
||||
|
||||
## DjangoObjectPermissionsFilter
|
||||
|
||||
The `DjangoObjectPermissionsFilter` is intended to be used together with the [`django-guardian`][guardian] package, with custom `'view'` permissions added. The filter will ensure that querysets only returns objects for which the user has the appropriate view permission.
|
||||
|
||||
This filter class must be used with views that provide either a `queryset` or a `model` attribute.
|
||||
|
||||
If you're using `DjangoObjectPermissionsFilter`, you'll probably also want to add an appropriate object permissions class, to ensure that users can only operate on instances if they have the appropriate object permissions. The easiest way to do this is to subclass `DjangoObjectPermissions` and add `'view'` permissions to the `perms_map` attribute.
|
||||
|
||||
A complete example using both `DjangoObjectPermissionsFilter` and `DjangoObjectPermissions` might look something like this.
|
||||
|
||||
**permissions.py**:
|
||||
|
||||
class CustomObjectPermissions(permissions.DjangoObjectPermissions):
|
||||
"""
|
||||
Similar to `DjangoObjectPermissions`, but adding 'view' permissions.
|
||||
"""
|
||||
perms_map = {
|
||||
'GET': ['%(app_label)s.view_%(model_name)s'],
|
||||
'OPTIONS': ['%(app_label)s.view_%(model_name)s'],
|
||||
'HEAD': ['%(app_label)s.view_%(model_name)s'],
|
||||
'POST': ['%(app_label)s.add_%(model_name)s'],
|
||||
'PUT': ['%(app_label)s.change_%(model_name)s'],
|
||||
'PATCH': ['%(app_label)s.change_%(model_name)s'],
|
||||
'DELETE': ['%(app_label)s.delete_%(model_name)s'],
|
||||
}
|
||||
|
||||
**views.py**:
|
||||
|
||||
class EventViewSet(viewsets.ModelViewSet):
|
||||
"""
|
||||
Viewset that only lists events if user has 'view' permissions, and only
|
||||
allows operations on individual events if user has appropriate 'view', 'add',
|
||||
'change' or 'delete' permissions.
|
||||
"""
|
||||
queryset = Event.objects.all()
|
||||
serializer = EventSerializer
|
||||
filter_backends = (filters.DjangoObjectPermissionsFilter,)
|
||||
permission_classes = (myapp.permissions.CustomObjectPermissions,)
|
||||
|
||||
For more information on adding `'view'` permissions for models, see the [relevant section][view-permissions] of the `django-guardian` documentation, and [this blogpost][view-permissions-blogpost].
|
||||
|
||||
---
|
||||
|
||||
# Custom generic filtering
|
||||
|
||||
You can also provide your own generic filtering backend, or write an installable app for other developers to use.
|
||||
|
@ -264,8 +387,20 @@ For example, you might need to restrict users to only being able to see objects
|
|||
|
||||
We could achieve the same behavior by overriding `get_queryset()` on the views, but using a filter backend allows you to more easily add this restriction to multiple views, or to apply it across the entire API.
|
||||
|
||||
# Third party packages
|
||||
|
||||
The following third party packages provide additional filter implementations.
|
||||
|
||||
## Django REST framework filters package
|
||||
|
||||
The [django-rest-framework-filters package][django-rest-framework-filters] works together with the `DjangoFilterBackend` class, and allows you to easily create filters across relationships, or create multiple filter lookup types for a given field.
|
||||
|
||||
[cite]: https://docs.djangoproject.com/en/dev/topics/db/queries/#retrieving-specific-objects-with-filters
|
||||
[django-filter]: https://github.com/alex/django-filter
|
||||
[django-filter-docs]: https://django-filter.readthedocs.org/en/latest/index.html
|
||||
[guardian]: https://django-guardian.readthedocs.org/
|
||||
[view-permissions]: https://django-guardian.readthedocs.org/en/latest/userguide/assign.html
|
||||
[view-permissions-blogpost]: http://blog.nyaruka.com/adding-a-view-permission-to-django-models
|
||||
[nullbooleanselect]: https://github.com/django/django/blob/master/django/forms/widgets.py
|
||||
[search-django-admin]: https://docs.djangoproject.com/en/dev/ref/contrib/admin/#django.contrib.admin.ModelAdmin.search_fields
|
||||
[django-rest-framework-filters]: https://github.com/philipn/django-rest-framework-filters
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="urlpatterns.py"></a>
|
||||
source: urlpatterns.py
|
||||
|
||||
# Format suffixes
|
||||
|
||||
|
@ -26,12 +26,13 @@ Arguments:
|
|||
Example:
|
||||
|
||||
from rest_framework.urlpatterns import format_suffix_patterns
|
||||
from blog import views
|
||||
|
||||
urlpatterns = patterns('blog.views',
|
||||
url(r'^/$', 'api_root'),
|
||||
url(r'^comments/$', 'comment_list'),
|
||||
url(r'^comments/(?P<pk>[0-9]+)/$', 'comment_detail')
|
||||
)
|
||||
urlpatterns = [
|
||||
url(r'^/$', views.apt_root),
|
||||
url(r'^comments/$', views.comment_list),
|
||||
url(r'^comments/(?P<pk>[0-9]+)/$', views.comment_detail)
|
||||
]
|
||||
|
||||
urlpatterns = format_suffix_patterns(urlpatterns, allowed=['json', 'html'])
|
||||
|
||||
|
@ -54,6 +55,18 @@ The name of the kwarg used may be modified by using the `FORMAT_SUFFIX_KWARG` se
|
|||
|
||||
Also note that `format_suffix_patterns` does not support descending into `include` URL patterns.
|
||||
|
||||
### Using with `i18n_patterns`
|
||||
|
||||
If using the `i18n_patterns` function provided by Django, as well as `format_suffix_patterns` you should make sure that the `i18n_patterns` function is applied as the final, or outermost function. For example:
|
||||
|
||||
url patterns = [
|
||||
…
|
||||
]
|
||||
|
||||
urlpatterns = i18n_patterns(
|
||||
format_suffix_patterns(urlpatterns, allowed=['json', 'html'])
|
||||
)
|
||||
|
||||
---
|
||||
|
||||
## Accept headers vs. format suffixes
|
||||
|
|
141
docs/api-guide/generic-views.md
Executable file → Normal file
|
@ -1,5 +1,5 @@
|
|||
<a class="github" href="mixins.py"></a>
|
||||
<a class="github" href="generics.py"></a>
|
||||
source: mixins.py
|
||||
generics.py
|
||||
|
||||
# Generic views
|
||||
|
||||
|
@ -7,7 +7,7 @@
|
|||
>
|
||||
> — [Django Documentation][cite]
|
||||
|
||||
One of the key benefits of class based views is the way they allow you to compose bits of reusable behaviour. REST framework takes advantage of this by providing a number of pre-built views that provide for commonly used patterns.
|
||||
One of the key benefits of class based views is the way they allow you to compose bits of reusable behavior. REST framework takes advantage of this by providing a number of pre-built views that provide for commonly used patterns.
|
||||
|
||||
The generic views provided by REST framework allow you to quickly build API views that map closely to your database models.
|
||||
|
||||
|
@ -17,6 +17,11 @@ If the generic views don't suit the needs of your API, you can drop down to usin
|
|||
|
||||
Typically when using the generic views, you'll override the view, and set several class attributes.
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from myapp.serializers import UserSerializer
|
||||
from rest_framework import generics
|
||||
from rest_framework.permissions import IsAdminUser
|
||||
|
||||
class UserList(generics.ListCreateAPIView):
|
||||
queryset = User.objects.all()
|
||||
serializer_class = UserSerializer
|
||||
|
@ -38,9 +43,15 @@ For more complex cases you might also want to override various methods on the vi
|
|||
return 20
|
||||
return 100
|
||||
|
||||
For very simple cases you might want to pass through any class attributes using the `.as_view()` method. For example, your URLconf might include something the following entry.
|
||||
def list(self, request):
|
||||
# Note the use of `get_queryset()` instead of `self.queryset`
|
||||
queryset = self.get_queryset()
|
||||
serializer = UserSerializer(queryset, many=True)
|
||||
return Response(serializer.data)
|
||||
|
||||
url(r'^/users/', ListCreateAPIView.as_view(model=User) name='user-list')
|
||||
For very simple cases you might want to pass through any class attributes using the `.as_view()` method. For example, your URLconf might include something like the following entry:
|
||||
|
||||
url(r'^/users/', ListCreateAPIView.as_view(model=User), name='user-list')
|
||||
|
||||
---
|
||||
|
||||
|
@ -58,22 +69,18 @@ Each of the concrete generic views provided is built by combining `GenericAPIVie
|
|||
|
||||
The following attributes control the basic view behavior.
|
||||
|
||||
* `queryset` - The queryset that should be used for returning objects from this view. Typically, you must either set this attribute, or override the `get_queryset()` method.
|
||||
* `queryset` - The queryset that should be used for returning objects from this view. Typically, you must either set this attribute, or override the `get_queryset()` method. If you are overriding a view method, it is important that you call `get_queryset()` instead of accessing this property directly, as `queryset` will get evaluated once, and those results will be cached for all subsequent requests.
|
||||
* `serializer_class` - The serializer class that should be used for validating and deserializing input, and for serializing output. Typically, you must either set this attribute, or override the `get_serializer_class()` method.
|
||||
* `lookup_field` - The field that should be used to lookup individual model instances. Defaults to `'pk'`. The URL conf should include a keyword argument corresponding to this value. More complex lookup styles can be supported by overriding the `get_object()` method. Note that when using hyperlinked APIs you'll need to ensure that *both* the API views *and* the serializer classes use lookup fields that correctly correspond with the URL conf.
|
||||
|
||||
**Shortcuts**:
|
||||
|
||||
* `model` - This shortcut may be used instead of setting either (or both) of the `queryset`/`serializer_class` attributes, although using the explicit style is generally preferred. If used instead of `serializer_class`, then then `DEFAULT_MODEL_SERIALIZER_CLASS` setting will determine the base serializer class.
|
||||
* `lookup_field` - The model field that should be used to for performing object lookup of individual model instances. Defaults to `'pk'`. Note that when using hyperlinked APIs you'll need to ensure that *both* the API views *and* the serializer classes set the lookup fields if you need to use a custom value.
|
||||
* `lookup_url_kwarg` - The URL keyword argument that should be used for object lookup. The URL conf should include a keyword argument corresponding to this value. If unset this defaults to using the same value as `lookup_field`.
|
||||
|
||||
**Pagination**:
|
||||
|
||||
The following attibutes are used to control pagination when used with list views.
|
||||
The following attributes are used to control pagination when used with list views.
|
||||
|
||||
* `paginate_by` - The size of pages to use with paginated data. If set to `None` then pagination is turned off. If unset this uses the same value as the `PAGINATE_BY` setting, which defaults to `None`.
|
||||
* `paginate_by_param` - The name of a query parameter, which can be used by the client to override the default page size to use for pagination. If unset this uses the same value as the `PAGINATE_BY_PARAM` setting, which defaults to `None`.
|
||||
* `pagination_serializer_class` - The pagination serializer class to use when determining the style of paginated responses. Defaults to the same value as the `DEFAULT_PAGINATION_SERIALIZER_CLASS` setting.
|
||||
* `page_kwarg` - The name of a URL kwarg or URL query parameter which can be used by the client to control which page is requested. Defaults to `'page'`.
|
||||
* `pagination_class` - The pagination class that should be used when paginating list results. Defaults to the same value as the `DEFAULT_PAGINATION_CLASS` setting, which is `'rest_framework.pagination.PageNumberPagination'`.
|
||||
|
||||
Note that usage of the `paginate_by`, `paginate_by_param` and `page_kwarg` attributes are now pending deprecation. The `pagination_serializer_class` attribute and `DEFAULT_PAGINATION_SERIALIZER_CLASS` setting have been removed completely. Pagination settings should instead be controlled by overriding a pagination class and setting any configuration attributes there. See the pagination documentation for more details.
|
||||
|
||||
**Filtering**:
|
||||
|
||||
|
@ -85,9 +92,11 @@ The following attibutes are used to control pagination when used with list views
|
|||
|
||||
#### `get_queryset(self)`
|
||||
|
||||
Returns the queryset that should be used for list views, and that should be used as the base for lookups in detail views. Defaults to returning the queryset specified by the `queryset` attribute, or the default queryset for the model if the `model` shortcut is being used.
|
||||
Returns the queryset that should be used for list views, and that should be used as the base for lookups in detail views. Defaults to returning the queryset specified by the `queryset` attribute.
|
||||
|
||||
May be overridden to provide dynamic behavior such as returning a queryset that is specific to the user making the request.
|
||||
This method should always be used rather than accessing `self.queryset` directly, as `self.queryset` gets evaluated only once, and those results are cached for all subsequent requests.
|
||||
|
||||
May be overridden to provide dynamic behavior, such as returning a queryset, that is specific to the user making the request.
|
||||
|
||||
For example:
|
||||
|
||||
|
@ -99,7 +108,7 @@ For example:
|
|||
|
||||
Returns an object instance that should be used for detail views. Defaults to using the `lookup_field` parameter to filter the base queryset.
|
||||
|
||||
May be overridden to provide more complex behavior such as object lookups based on more than one URL kwarg.
|
||||
May be overridden to provide more complex behavior, such as object lookups based on more than one URL kwarg.
|
||||
|
||||
For example:
|
||||
|
||||
|
@ -108,13 +117,34 @@ For example:
|
|||
filter = {}
|
||||
for field in self.multiple_lookup_fields:
|
||||
filter[field] = self.kwargs[field]
|
||||
return get_object_or_404(queryset, **filter)
|
||||
|
||||
obj = get_object_or_404(queryset, **filter)
|
||||
self.check_object_permissions(self.request, obj)
|
||||
return obj
|
||||
|
||||
Note that if your API doesn't include any object level permissions, you may optionally exclude the `self.check_object_permissions`, and simply return the object from the `get_object_or_404` lookup.
|
||||
|
||||
#### `get_filter_backends(self)`
|
||||
|
||||
Returns the classes that should be used to filter the queryset. Defaults to returning the `filter_backends` attribute.
|
||||
|
||||
May be overridden to provide more complex behavior with filters, such as using different (or even exlusive) lists of filter_backends depending on different criteria.
|
||||
|
||||
For example:
|
||||
|
||||
def get_filter_backends(self):
|
||||
if "geo_route" in self.request.QUERY_PARAMS:
|
||||
return (GeoRouteFilter, CategoryFilter)
|
||||
elif "geo_point" in self.request.QUERY_PARAMS:
|
||||
return (GeoPointFilter, CategoryFilter)
|
||||
|
||||
return (CategoryFilter,)
|
||||
|
||||
#### `get_serializer_class(self)`
|
||||
|
||||
Returns the class that should be used for the serializer. Defaults to returning the `serializer_class` attribute, or dynamically generating a serializer class if the `model` shortcut is being used.
|
||||
Returns the class that should be used for the serializer. Defaults to returning the `serializer_class` attribute.
|
||||
|
||||
May be override to provide dynamic behavior such as using different serializers for read and write operations, or providing different serializers to different types of uesr.
|
||||
May be overridden to provide dynamic behavior, such as using different serializers for read and write operations, or providing different serializers to different types of users.
|
||||
|
||||
For example:
|
||||
|
||||
|
@ -125,9 +155,9 @@ For example:
|
|||
|
||||
#### `get_paginate_by(self)`
|
||||
|
||||
Returns the page size to use with pagination. By default this uses the `paginate_by` attribute, and may be overridden by the cient if the `paginate_by_param` attribute is set.
|
||||
Returns the page size to use with pagination. By default this uses the `paginate_by` attribute, and may be overridden by the client if the `paginate_by_param` attribute is set.
|
||||
|
||||
You may want to override this method to provide more complex behavior such as modifying page sizes based on the media type of the response.
|
||||
You may want to override this method to provide more complex behavior, such as modifying page sizes based on the media type of the response.
|
||||
|
||||
For example:
|
||||
|
||||
|
@ -136,29 +166,33 @@ For example:
|
|||
return 20
|
||||
return 100
|
||||
|
||||
**Save hooks**:
|
||||
**Save and deletion hooks**:
|
||||
|
||||
The following methods are provided as placeholder interfaces. They contain empty implementations and are not called directly by `GenericAPIView`, but they are overridden and used by some of the mixin classes.
|
||||
The following methods are provided by the mixin classes, and provide easy overriding of the object save or deletion behavior.
|
||||
|
||||
* `pre_save(self, obj)` - A hook that is called before saving an object.
|
||||
* `post_save(self, obj, created=False)` - A hook that is called after saving an object.
|
||||
* `perform_create(self, serializer)` - Called by `CreateModelMixin` when saving a new object instance.
|
||||
* `perform_update(self, serializer)` - Called by `UpdateModelMixin` when saving an existing object instance.
|
||||
* `perform_destroy(self, instance)` - Called by `DestroyModelMixin` when deleting an object instance.
|
||||
|
||||
The `pre_save` method in particular is a useful hook for setting attributes that are implicit in the request, but are not part of the request data. For instance, you might set an attribute on the object based on the request user, or based on a URL keyword argument.
|
||||
These hooks are particularly useful for setting attributes that are implicit in the request, but are not part of the request data. For instance, you might set an attribute on the object based on the request user, or based on a URL keyword argument.
|
||||
|
||||
def pre_save(self, obj):
|
||||
"""
|
||||
Set the object's owner, based on the incoming request.
|
||||
"""
|
||||
obj.owner = self.request.user
|
||||
def perform_create(self, serializer):
|
||||
serializer.save(user=self.request.user)
|
||||
|
||||
Remember that the `pre_save()` method is not called by `GenericAPIView` itself, but it is called by `create()` and `update()` methods on the `CreateModelMixin` and `UpdateModelMixin` classes.
|
||||
These override points are also particularly useful for adding behavior that occurs before or after saving an object, such as emailing a confirmation, or logging the update.
|
||||
|
||||
def perform_update(self, serializer):
|
||||
instance = serializer.save()
|
||||
send_email_confirmation(user=self.request.user, modified=instance)
|
||||
|
||||
**Note**: These methods replace the old-style version 2.x `pre_save`, `post_save`, `pre_delete` and `post_delete` methods, which are no longer available.
|
||||
|
||||
**Other methods**:
|
||||
|
||||
You won't typically need to override the following methods, although you might need to call into them if you're writing custom views using `GenericAPIView`.
|
||||
|
||||
* `get_serializer_context(self)` - Returns a dictionary containing any extra context that should be supplied to the serializer. Defaults to including `'request'`, `'view'` and `'format'` keys.
|
||||
* `get_serializer(self, instance=None, data=None, files=None, many=False, partial=False)` - Returns a serializer instance.
|
||||
* `get_serializer(self, instance=None, data=None, files=None, many=False, partial=False, allow_add_remove=False)` - Returns a serializer instance.
|
||||
* `get_pagination_serializer(self, page)` - Returns a serializer instance to use with paginated data.
|
||||
* `paginate_queryset(self, queryset)` - Paginate a queryset if required, either returning a page object, or `None` if pagination is not configured for this view.
|
||||
* `filter_queryset(self, queryset)` - Given a queryset, filter it with whichever filter backends are in use, returning a new queryset.
|
||||
|
@ -167,7 +201,9 @@ You won't typically need to override the following methods, although you might n
|
|||
|
||||
# Mixins
|
||||
|
||||
The mixin classes provide the actions that are used to provide the basic view behavior. Note that the mixin classes provide action methods rather than defining the handler methods such as `.get()` and `.post()` directly. This allows for more flexible composition of behavior.
|
||||
The mixin classes provide the actions that are used to provide the basic view behavior. Note that the mixin classes provide action methods rather than defining the handler methods, such as `.get()` and `.post()`, directly. This allows for more flexible composition of behavior.
|
||||
|
||||
The mixin classes can be imported from `rest_framework.mixins`.
|
||||
|
||||
## ListModelMixin
|
||||
|
||||
|
@ -175,8 +211,6 @@ Provides a `.list(request, *args, **kwargs)` method, that implements listing a q
|
|||
|
||||
If the queryset is populated, this returns a `200 OK` response, with a serialized representation of the queryset as the body of the response. The response data may optionally be paginated.
|
||||
|
||||
If the queryset is empty this returns a `200 OK` response, unless the `.allow_empty` attribute on the view is set to `False`, in which case it will return a `404 Not Found`.
|
||||
|
||||
## CreateModelMixin
|
||||
|
||||
Provides a `.create(request, *args, **kwargs)` method, that implements creating and saving a new model instance.
|
||||
|
@ -215,6 +249,8 @@ If an object is deleted this returns a `204 No Content` response, otherwise it w
|
|||
|
||||
The following classes are the concrete generic views. If you're using generic views this is normally the level you'll be working at unless you need heavily customized behavior.
|
||||
|
||||
The view classes can be imported from `rest_framework.generics`.
|
||||
|
||||
## CreateAPIView
|
||||
|
||||
Used for **create-only** endpoints.
|
||||
|
@ -317,7 +353,7 @@ You can then simply apply this mixin to a view or viewset anytime you need to ap
|
|||
serializer_class = UserSerializer
|
||||
lookup_fields = ('account', 'username')
|
||||
|
||||
Using custom mixins is a good option if you have custom behavior that needs to be used
|
||||
Using custom mixins is a good option if you have custom behavior that needs to be used.
|
||||
|
||||
## Creating custom base classes
|
||||
|
||||
|
@ -333,11 +369,34 @@ If you are using a mixin across multiple views, you can take this a step further
|
|||
|
||||
Using custom base classes is a good option if you have custom behavior that consistently needs to be repeated across a large number of views throughout your project.
|
||||
|
||||
[cite]: https://docs.djangoproject.com/en/dev/ref/class-based-views/#base-vs-generic-views
|
||||
---
|
||||
|
||||
# PUT as create
|
||||
|
||||
Prior to version 3.0 the REST framework mixins treated `PUT` as either an update or a create operation, depending on if the object already existed or not.
|
||||
|
||||
Allowing `PUT` as create operations is problematic, as it necessarily exposes information about the existence or non-existence of objects. It's also not obvious that transparently allowing re-creating of previously deleted instances is necessarily a better default behavior than simply returning `404` responses.
|
||||
|
||||
Both styles "`PUT` as 404" and "`PUT` as create" can be valid in different circumstances, but from version 3.0 onwards we now use 404 behavior as the default, due to it being simpler and more obvious.
|
||||
|
||||
If you need to generic PUT-as-create behavior you may want to include something like [this `AllowPUTAsCreateMixin` class](https://gist.github.com/tomchristie/a2ace4577eff2c603b1b) as a mixin to your views.
|
||||
|
||||
---
|
||||
|
||||
# Third party packages
|
||||
|
||||
The following third party packages provide additional generic view implementations.
|
||||
|
||||
## Django REST Framework bulk
|
||||
|
||||
The [django-rest-framework-bulk package][django-rest-framework-bulk] implements generic view mixins as well as some common concrete generic views to allow to apply bulk operations via API requests.
|
||||
|
||||
|
||||
[cite]: https://docs.djangoproject.com/en/dev/ref/class-based-views/#base-vs-generic-views
|
||||
[GenericAPIView]: #genericapiview
|
||||
[ListModelMixin]: #listmodelmixin
|
||||
[CreateModelMixin]: #createmodelmixin
|
||||
[RetrieveModelMixin]: #retrievemodelmixin
|
||||
[UpdateModelMixin]: #updatemodelmixin
|
||||
[DestroyModelMixin]: #destroymodelmixin
|
||||
[django-rest-framework-bulk]: https://github.com/miki725/django-rest-framework-bulk
|
||||
|
|
103
docs/api-guide/metadata.md
Normal file
|
@ -0,0 +1,103 @@
|
|||
source: metadata.py
|
||||
|
||||
# Metadata
|
||||
|
||||
> [The `OPTIONS`] method allows a client to determine the options and/or requirements associated with a resource, or the capabilities of a server, without implying a resource action or initiating a resource retrieval.
|
||||
>
|
||||
> — [RFC7231, Section 4.3.7.][cite]
|
||||
|
||||
REST framework includes a configurable mechanism for determining how your API should respond to `OPTIONS` requests. This allows you to return API schema or other resource information.
|
||||
|
||||
There are not currently any widely adopted conventions for exactly what style of response should be returned for HTTP `OPTIONS` requests, so we provide an ad-hoc style that returns some useful information.
|
||||
|
||||
Here's an example response that demonstrates the information that is returned by default.
|
||||
|
||||
HTTP 200 OK
|
||||
Allow: GET, POST, HEAD, OPTIONS
|
||||
Content-Type: application/json
|
||||
|
||||
{
|
||||
"name": "To Do List",
|
||||
"description": "List existing 'To Do' items, or create a new item.",
|
||||
"renders": [
|
||||
"application/json",
|
||||
"text/html"
|
||||
],
|
||||
"parses": [
|
||||
"application/json",
|
||||
"application/x-www-form-urlencoded",
|
||||
"multipart/form-data"
|
||||
],
|
||||
"actions": {
|
||||
"POST": {
|
||||
"note": {
|
||||
"type": "string",
|
||||
"required": false,
|
||||
"read_only": false,
|
||||
"label": "title",
|
||||
"max_length": 100
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
## Setting the metadata scheme
|
||||
|
||||
You can set the metadata class globally using the `'DEFAULT_METADATA_CLASS'` settings key:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_METADATA_CLASS': 'rest_framework.metadata.SimpleMetadata'
|
||||
}
|
||||
|
||||
Or you can set the metadata class individually for a view:
|
||||
|
||||
class APIRoot(APIView):
|
||||
metadata_class = APIRootMetadata
|
||||
|
||||
def get(self, request, format=None):
|
||||
return Response({
|
||||
...
|
||||
})
|
||||
|
||||
The REST framework package only includes a single metadata class implementation, named `SimpleMetadata`. If you want to use an alternative style you'll need to implement a custom metadata class.
|
||||
|
||||
## Creating schema endpoints
|
||||
|
||||
If you have specific requirements for creating schema endpoints that are accessed with regular `GET` requests, you might consider re-using the metadata API for doing so.
|
||||
|
||||
For example, the following additional route could be used on a viewset to provide a linkable schema endpoint.
|
||||
|
||||
@list_route(methods=['GET'])
|
||||
def schema(self, request):
|
||||
meta = self.metadata_class()
|
||||
data = meta.determine_metadata(request, self)
|
||||
return Response(data)
|
||||
|
||||
There are a couple of reasons that you might choose to take this approach, including that `OPTIONS` responses [are not cacheable][no-options].
|
||||
|
||||
---
|
||||
|
||||
# Custom metadata classes
|
||||
|
||||
If you want to provide a custom metadata class you should override `BaseMetadata` and implement the `determine_metadata(self, request, view)` method.
|
||||
|
||||
Useful things that you might want to do could include returning schema information, using a format such as [JSON schema][json-schema], or returning debug information to admin users.
|
||||
|
||||
## Example
|
||||
|
||||
The following class could be used to limit the information that is returned to `OPTIONS` requests.
|
||||
|
||||
class MinimalMetadata(BaseMetadata):
|
||||
"""
|
||||
Don't include field and other information for `OPTIONS` requests.
|
||||
Just return the name and description.
|
||||
"""
|
||||
def determine_metadata(self, request, view):
|
||||
return {
|
||||
'name': view.get_view_name(),
|
||||
'description': view.get_view_description()
|
||||
}
|
||||
|
||||
[cite]: http://tools.ietf.org/html/rfc7231#section-4.3.7
|
||||
[no-options]: https://www.mnot.net/blog/2012/10/29/NO_OPTIONS
|
||||
[json-schema]: http://json-schema.org/
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="pagination.py"></a>
|
||||
source: pagination.py
|
||||
|
||||
# Pagination
|
||||
|
||||
|
@ -6,138 +6,312 @@
|
|||
>
|
||||
> — [Django documentation][cite]
|
||||
|
||||
REST framework includes a `PaginationSerializer` class that makes it easy to return paginated data in a way that can then be rendered to arbitrary media types.
|
||||
REST framework includes support for customizable pagination styles. This allows you to modify how large result sets are split into individual pages of data.
|
||||
|
||||
## Paginating basic data
|
||||
The pagination API can support either:
|
||||
|
||||
Let's start by taking a look at an example from the Django documentation.
|
||||
* Pagination links that are provided as part of the content of the response.
|
||||
* Pagination links that are included in response headers, such as `Content-Range` or `Link`.
|
||||
|
||||
from django.core.paginator import Paginator
|
||||
objects = ['john', 'paul', 'george', 'ringo']
|
||||
paginator = Paginator(objects, 2)
|
||||
page = paginator.page(1)
|
||||
page.object_list
|
||||
# ['john', 'paul']
|
||||
The built-in styles currently all use links included as part of the content of the response. This style is more accessible when using the browsable API.
|
||||
|
||||
At this point we've got a page object. If we wanted to return this page object as a JSON response, we'd need to provide the client with context such as next and previous links, so that it would be able to page through the remaining results.
|
||||
Pagination is only performed automatically if you're using the generic views or viewsets. If you're using a regular `APIView`, you'll need to call into the pagination API yourself to ensure you return a paginated response. See the source code for the `mixins.ListMixin` and `generics.GenericAPIView` classes for an example.
|
||||
|
||||
from rest_framework.pagination import PaginationSerializer
|
||||
serializer = PaginationSerializer(instance=page)
|
||||
serializer.data
|
||||
# {'count': 4, 'next': '?page=2', 'previous': None, 'results': [u'john', u'paul']}
|
||||
## Setting the pagination style
|
||||
|
||||
The `context` argument of the `PaginationSerializer` class may optionally include the request. If the request is included in the context then the next and previous links returned by the serializer will use absolute URLs instead of relative URLs.
|
||||
|
||||
request = RequestFactory().get('/foobar')
|
||||
serializer = PaginationSerializer(instance=page, context={'request': request})
|
||||
serializer.data
|
||||
# {'count': 4, 'next': 'http://testserver/foobar?page=2', 'previous': None, 'results': [u'john', u'paul']}
|
||||
|
||||
We could now return that data in a `Response` object, and it would be rendered into the correct media type.
|
||||
|
||||
## Paginating QuerySets
|
||||
|
||||
Our first example worked because we were using primitive objects. If we wanted to paginate a queryset or other complex data, we'd need to specify a serializer to use to serialize the result set itself.
|
||||
|
||||
We can do this using the `object_serializer_class` attribute on the inner `Meta` class of the pagination serializer. For example.
|
||||
|
||||
class UserSerializer(serializers.ModelSerializer):
|
||||
"""
|
||||
Serializes user querysets.
|
||||
"""
|
||||
class Meta:
|
||||
model = User
|
||||
fields = ('username', 'email')
|
||||
|
||||
class PaginatedUserSerializer(pagination.PaginationSerializer):
|
||||
"""
|
||||
Serializes page objects of user querysets.
|
||||
"""
|
||||
class Meta:
|
||||
object_serializer_class = UserSerializer
|
||||
|
||||
We could now use our pagination serializer in a view like this.
|
||||
|
||||
@api_view('GET')
|
||||
def user_list(request):
|
||||
queryset = User.objects.all()
|
||||
paginator = Paginator(queryset, 20)
|
||||
|
||||
page = request.QUERY_PARAMS.get('page')
|
||||
try:
|
||||
users = paginator.page(page)
|
||||
except PageNotAnInteger:
|
||||
# If page is not an integer, deliver first page.
|
||||
users = paginator.page(1)
|
||||
except EmptyPage:
|
||||
# If page is out of range (e.g. 9999),
|
||||
# deliver last page of results.
|
||||
users = paginator.page(paginator.num_pages)
|
||||
|
||||
serializer_context = {'request': request}
|
||||
serializer = PaginatedUserSerializer(users,
|
||||
context=serializer_context)
|
||||
return Response(serializer.data)
|
||||
|
||||
## Pagination in the generic views
|
||||
|
||||
The generic class based views `ListAPIView` and `ListCreateAPIView` provide pagination of the returned querysets by default. You can customise this behaviour by altering the pagination style, by modifying the default number of results, by allowing clients to override the page size using a query parameter, or by turning pagination off completely.
|
||||
|
||||
The default pagination style may be set globally, using the `DEFAULT_PAGINATION_SERIALIZER_CLASS`, `PAGINATE_BY` and `PAGINATE_BY_PARAM` settings. For example.
|
||||
The default pagination style may be set globally, using the `DEFAULT_PAGINATION_CLASS` settings key. For example, to use the built-in limit/offset pagination, you would do:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'PAGINATE_BY': 10,
|
||||
'PAGINATE_BY_PARAM': 'page_size'
|
||||
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination'
|
||||
}
|
||||
|
||||
You can also set the pagination style on a per-view basis, using the `ListAPIView` generic class-based view.
|
||||
You can also set the pagination class on an individual view by using the `pagination_class` attribute. Typically you'll want to use the same pagination style throughout your API, although you might want to vary individual aspects of the pagination, such as default or maximum page size, on a per-view basis.
|
||||
|
||||
class PaginatedListView(ListAPIView):
|
||||
queryset = ExampleModel.objects.all()
|
||||
serializer_class = ExampleModelSerializer
|
||||
paginate_by = 10
|
||||
paginate_by_param = 'page_size'
|
||||
## Modifying the pagination style
|
||||
|
||||
Note that using a `paginate_by` value of `None` will turn off pagination for the view.
|
||||
If you want to modify particular aspects of the pagination style, you'll want to override one of the pagination classes, and set the attributes that you want to change.
|
||||
|
||||
For more complex requirements such as serialization that differs depending on the requested media type you can override the `.get_paginate_by()` and `.get_pagination_serializer_class()` methods.
|
||||
class LargeResultsSetPagination(PageNumberPagination):
|
||||
page_size = 1000
|
||||
page_size_query_param = 'page_size'
|
||||
max_page_size = 10000
|
||||
|
||||
class StandardResultsSetPagination(PageNumberPagination):
|
||||
page_size = 100
|
||||
page_size_query_param = 'page_size'
|
||||
max_page_size = 1000
|
||||
|
||||
You can then apply your new style to a view using the `.pagination_class` attribute:
|
||||
|
||||
class BillingRecordsView(generics.ListAPIView):
|
||||
queryset = Billing.objects.all()
|
||||
serializer = BillingRecordsSerializer
|
||||
pagination_class = LargeResultsSetPagination
|
||||
|
||||
Or apply the style globally, using the `DEFAULT_PAGINATION_CLASS` settings key. For example:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PAGINATION_CLASS': 'apps.core.pagination.StandardResultsSetPagination'
|
||||
}
|
||||
|
||||
---
|
||||
|
||||
# Custom pagination serializers
|
||||
# API Reference
|
||||
|
||||
To create a custom pagination serializer class you should override `pagination.BasePaginationSerializer` and set the fields that you want the serializer to return.
|
||||
## PageNumberPagination
|
||||
|
||||
You can also override the name used for the object list field, by setting the `results_field` attribute, which defaults to `'results'`.
|
||||
This pagination style accepts a single number page number in the request query parameters.
|
||||
|
||||
**Request**:
|
||||
|
||||
GET https://api.example.org/accounts/?page=4
|
||||
|
||||
**Response**:
|
||||
|
||||
HTTP 200 OK
|
||||
{
|
||||
"count": 1023
|
||||
"next": "https://api.example.org/accounts/?page=5",
|
||||
"previous": "https://api.example.org/accounts/?page=3",
|
||||
"results": [
|
||||
…
|
||||
]
|
||||
}
|
||||
|
||||
#### Setup
|
||||
|
||||
To enable the `PageNumberPagination` style globally, use the following configuration, modifying the `PAGE_SIZE` as desired:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.PageNumberPagination',
|
||||
'PAGE_SIZE': 100
|
||||
}
|
||||
|
||||
On `GenericAPIView` subclasses you may also set the `pagination_class` attribute to select `PageNumberPagination` on a per-view basis.
|
||||
|
||||
#### Configuration
|
||||
|
||||
The `PageNumberPagination` class includes a number of attributes that may be overridden to modify the pagination style.
|
||||
|
||||
To set these attributes you should override the `PageNumberPagination` class, and then enable your custom pagination class as above.
|
||||
|
||||
* `page_size` - A numeric value indicating the page size. If set, this overrides the `PAGE_SIZE` setting. Defaults to the same value as the `PAGE_SIZE` settings key.
|
||||
* `page_query_param` - A string value indicating the name of the query parameter to use for the pagination control.
|
||||
* `page_size_query_param` - If set, this is a string value indicating the name of a query parameter that allows the client to set the page size on a per-request basis. Defaults to `None`, indicating that the client may not control the requested page size.
|
||||
* `max_page_size` - If set, this is a numeric value indicating the maximum allowable requested page size. This attribute is only valid if `page_size_query_param` is also set.
|
||||
* `last_page_strings` - A list or tuple of string values indicating values that may be used with the `page_query_param` to request the final page in the set. Defaults to `('last',)`
|
||||
* `template` - The name of a template to use when rendering pagination controls in the browsable API. May be overridden to modify the rendering style, or set to `None` to disable HTML pagination controls completely. Defaults to `"rest_framework/pagination/numbers.html"`.
|
||||
|
||||
---
|
||||
|
||||
## LimitOffsetPagination
|
||||
|
||||
This pagination style mirrors the syntax used when looking up multiple database records. The client includes both a "limit" and an
|
||||
"offset" query parameter. The limit indicates the maximum number of items to return, and is equivalent to the `page_size` in other styles. The offset indicates the starting position of the query in relation to the complete set of unpaginated items.
|
||||
|
||||
**Request**:
|
||||
|
||||
GET https://api.example.org/accounts/?limit=100&offset=400
|
||||
|
||||
**Response**:
|
||||
|
||||
HTTP 200 OK
|
||||
{
|
||||
"count": 1023
|
||||
"next": "https://api.example.org/accounts/?limit=100&offset=500",
|
||||
"previous": "https://api.example.org/accounts/?limit=100&offset=300",
|
||||
"results": [
|
||||
…
|
||||
]
|
||||
}
|
||||
|
||||
#### Setup
|
||||
|
||||
To enable the `LimitOffsetPagination` style globally, use the following configuration:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.LimitOffsetPagination'
|
||||
}
|
||||
|
||||
Optionally, you may also set a `PAGE_SIZE` key. If the `PAGE_SIZE` parameter is also used then the `limit` query parameter will be optional, and may be omitted by the client.
|
||||
|
||||
On `GenericAPIView` subclasses you may also set the `pagination_class` attribute to select `LimitOffsetPagination` on a per-view basis.
|
||||
|
||||
#### Configuration
|
||||
|
||||
The `LimitOffsetPagination` class includes a number of attributes that may be overridden to modify the pagination style.
|
||||
|
||||
To set these attributes you should override the `LimitOffsetPagination` class, and then enable your custom pagination class as above.
|
||||
|
||||
* `default_limit` - A numeric value indicating the limit to use if one is not provided by the client in a query parameter. Defaults to the same value as the `PAGE_SIZE` settings key.
|
||||
* `limit_query_param` - A string value indicating the name of the "limit" query parameter. Defaults to `'limit'`.
|
||||
* `offset_query_param` - A string value indicating the name of the "offset" query parameter. Defaults to `'offset'`.
|
||||
* `max_limit` - If set this is a numeric value indicating the maximum allowable limit that may be requested by the client. Defaults to `None`.
|
||||
* `template` - The name of a template to use when rendering pagination controls in the browsable API. May be overridden to modify the rendering style, or set to `None` to disable HTML pagination controls completely. Defaults to `"rest_framework/pagination/numbers.html"`.
|
||||
|
||||
---
|
||||
|
||||
## CursorPagination
|
||||
|
||||
The cursor-based pagination presents an opaque "cursor" indicator that the client may use to page through the result set. This pagination style only presents forward and reverse controls, and does not allow the client to navigate to arbitrary positions.
|
||||
|
||||
Cursor based pagination requires that there is a unique, unchanging ordering of items in the result set. This ordering might typically be a creation timestamp on the records, as this presents a consistent ordering to paginate against.
|
||||
|
||||
Cursor based pagination is more complex than other schemes. It also requires that the result set presents a fixed ordering, and does not allow the client to arbitrarily index into the result set. However it does provide the following benefits:
|
||||
|
||||
* Provides a consistent pagination view. When used properly `CursorPagination` ensures that the client will never see the same item twice when paging through records, even when new items are being inserted by other clients during the pagination process.
|
||||
* Supports usage with very large datasets. With extremely large datasets pagination using offset-based pagination styles may become inefficient or unusable. Cursor based pagination schemes instead have fixed-time properties, and do not slow down as the dataset size increases.
|
||||
|
||||
#### Details and limitations
|
||||
|
||||
Proper use of cursor based pagination requires a little attention to detail. You'll need to think about what ordering you want the scheme to be applied against. The default is to order by `"-created"`. This assumes that **there must be a 'created' timestamp field** on the model instances, and will present a "timeline" style paginated view, with the most recently added items first.
|
||||
|
||||
You can modify the ordering by overriding the `'ordering'` attribute on the pagination class, or by using the `OrderingFilter` filter class together with `CursorPagination`. When used with `OrderingFilter` you should strongly consider restricting the fields that the user may order by.
|
||||
|
||||
Proper usage of cursor pagination should have an ordering field that satisfies the following:
|
||||
|
||||
* Should be an unchanging value, such as a timestamp, slug, or other field that is only set once, on creation.
|
||||
* Should be unique, or nearly unique. Millisecond precision timestamps are a good example. This implementation of cursor pagination uses a smart "position plus offset" style that allows it to properly support not-strictly-unique values as the ordering.
|
||||
* Should be a non-nullable value that can be coerced to a string.
|
||||
* The field should have a database index.
|
||||
|
||||
Using an ordering field that does not satisfy these constraints will generally still work, but you'll be loosing some of the benefits of cursor pagination.
|
||||
|
||||
For more technical details on the implementation we use for cursor pagination, the ["Building cursors for the Disqus API"][disqus-cursor-api] blog post gives a good overview of the basic approach.
|
||||
|
||||
#### Setup
|
||||
|
||||
To enable the `CursorPagination` style globally, use the following configuration, modifying the `PAGE_SIZE` as desired:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PAGINATION_CLASS': 'rest_framework.pagination.CursorPagination',
|
||||
'PAGE_SIZE': 100
|
||||
}
|
||||
|
||||
On `GenericAPIView` subclasses you may also set the `pagination_class` attribute to select `CursorPagination` on a per-view basis.
|
||||
|
||||
#### Configuration
|
||||
|
||||
The `CursorPagination` class includes a number of attributes that may be overridden to modify the pagination style.
|
||||
|
||||
To set these attributes you should override the `CursorPagination` class, and then enable your custom pagination class as above.
|
||||
|
||||
* `page_size` = A numeric value indicating the page size. If set, this overrides the `DEFAULT_PAGE_SIZE` setting. Defaults to the same value as the `DEFAULT_PAGE_SIZE` settings key.
|
||||
* `cursor_query_param` = A string value indicating the name of the "cursor" query parameter. Defaults to `'cursor'`.
|
||||
* `ordering` = This should be a string, or list of strings, indicating the field against which the cursor based pagination will be applied. For example: `ordering = 'slug'`. Defaults to `-created`. This value may also be overridden by using `OrderingFilter` on the view.
|
||||
* `template` = The name of a template to use when rendering pagination controls in the browsable API. May be overridden to modify the rendering style, or set to `None` to disable HTML pagination controls completely. Defaults to `"rest_framework/pagination/previous_and_next.html"`.
|
||||
|
||||
---
|
||||
|
||||
# Custom pagination styles
|
||||
|
||||
To create a custom pagination serializer class you should subclass `pagination.BasePagination` and override the `paginate_queryset(self, queryset, request, view=None)` and `get_paginated_response(self, data)` methods:
|
||||
|
||||
* The `paginate_queryset` method is passed the initial queryset and should return an iterable object that contains only the data in the requested page.
|
||||
* The `get_paginated_response` method is passed the serialized page data and should return a `Response` instance.
|
||||
|
||||
Note that the `paginate_queryset` method may set state on the pagination instance, that may later be used by the `get_paginated_response` method.
|
||||
|
||||
## Example
|
||||
|
||||
For example, to nest a pair of links labelled 'prev' and 'next', and set the name for the results field to 'objects', you might use something like this.
|
||||
Suppose we want to replace the default pagination output style with a modified format that includes the next and previous links under in a nested 'links' key. We could specify a custom pagination class like so:
|
||||
|
||||
class LinksSerializer(serializers.Serializer):
|
||||
next = pagination.NextPageField(source='*')
|
||||
prev = pagination.PreviousPageField(source='*')
|
||||
class CustomPagination(pagination.PageNumberPagination):
|
||||
def get_paginated_response(self, data):
|
||||
return Response({
|
||||
'links': {
|
||||
'next': self.get_next_link(),
|
||||
'previous': self.get_previous_link()
|
||||
},
|
||||
'count': self.page.paginator.count,
|
||||
'results': data
|
||||
})
|
||||
|
||||
class CustomPaginationSerializer(pagination.BasePaginationSerializer):
|
||||
links = LinksSerializer(source='*') # Takes the page object as the source
|
||||
total_results = serializers.Field(source='paginator.count')
|
||||
|
||||
results_field = 'objects'
|
||||
|
||||
## Using your custom pagination serializer
|
||||
|
||||
To have your custom pagination serializer be used by default, use the `DEFAULT_PAGINATION_SERIALIZER_CLASS` setting:
|
||||
We'd then need to setup the custom class in our configuration:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PAGINATION_SERIALIZER_CLASS':
|
||||
'example_app.pagination.CustomPaginationSerializer',
|
||||
'DEFAULT_PAGINATION_CLASS': 'my_project.apps.core.pagination.CustomPagination',
|
||||
'PAGE_SIZE': 100
|
||||
}
|
||||
|
||||
Alternatively, to set your custom pagination serializer on a per-view basis, use the `pagination_serializer_class` attribute on a generic class based view:
|
||||
Note that if you care about how the ordering of keys is displayed in responses in the browsable API you might choose to use an `OrderedDict` when constructing the body of paginated responses, but this is optional.
|
||||
|
||||
class PaginatedListView(ListAPIView):
|
||||
model = ExampleModel
|
||||
pagination_serializer_class = CustomPaginationSerializer
|
||||
paginate_by = 10
|
||||
## Header based pagination
|
||||
|
||||
Let's modify the built-in `PageNumberPagination` style, so that instead of include the pagination links in the body of the response, we'll instead include a `Link` header, in a [similar style to the GitHub API][github-link-pagination].
|
||||
|
||||
class LinkHeaderPagination(pagination.PageNumberPagination):
|
||||
def get_paginated_response(self, data):
|
||||
next_url = self.get_next_link()
|
||||
previous_url = self.get_previous_link()
|
||||
|
||||
if next_url is not None and previous_url is not None:
|
||||
link = '<{next_url}; rel="next">, <{previous_url}; rel="prev">'
|
||||
elif next_url is not None:
|
||||
link = '<{next_url}; rel="next">'
|
||||
elif previous_url is not None:
|
||||
link = '<{previous_url}; rel="prev">'
|
||||
else:
|
||||
link = ''
|
||||
|
||||
link = link.format(next_url=next_url, previous_url=previous_url)
|
||||
headers = {'Link': link} if link else {}
|
||||
|
||||
return Response(data, headers=headers)
|
||||
|
||||
## Using your custom pagination class
|
||||
|
||||
To have your custom pagination class be used by default, use the `DEFAULT_PAGINATION_CLASS` setting:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PAGINATION_CLASS': 'my_project.apps.core.pagination.LinkHeaderPagination',
|
||||
'PAGE_SIZE': 100
|
||||
}
|
||||
|
||||
API responses for list endpoints will now include a `Link` header, instead of including the pagination links as part of the body of the response, for example:
|
||||
|
||||
---
|
||||
|
||||
![Link Header][link-header]
|
||||
|
||||
*A custom pagination style, using the 'Link' header'*
|
||||
|
||||
---
|
||||
|
||||
# HTML pagination controls
|
||||
|
||||
By default using the pagination classes will cause HTML pagination controls to be displayed in the browsable API. There are two built-in display styles. The `PageNumberPagination` and `LimitOffsetPagination` classes display a list of page numbers with previous and next controls. The `CursorPagination` class displays a simpler style that only displays a previous and next control.
|
||||
|
||||
## Customizing the controls
|
||||
|
||||
You can override the templates that render the HTML pagination controls. The two built-in styles are:
|
||||
|
||||
* `rest_framework/pagination/numbers.html`
|
||||
* `rest_framework/pagination/previous_and_next.html`
|
||||
|
||||
Providing a template with either of these paths in a global template directory will override the default rendering for the relevant pagination classes.
|
||||
|
||||
Alternatively you can disable HTML pagination controls completely by subclassing on of the existing classes, setting `template = None` as an attribute on the class. You'll then need to configure your `DEFAULT_PAGINATION_CLASS` settings key to use your custom class as the default pagination style.
|
||||
|
||||
#### Low-level API
|
||||
|
||||
The low-level API for determining if a pagination class should display the controls or not is exposed as a `display_page_controls` attribute on the pagination instance. Custom pagination classes should be set to `True` in the `paginate_queryset` method if they require the HTML pagination controls to be displayed.
|
||||
|
||||
The `.to_html()` and `.get_html_context()` methods may also be overridden in a custom pagination class in order to further customize how the controls are rendered.
|
||||
|
||||
---
|
||||
|
||||
# Third party packages
|
||||
|
||||
The following third party packages are also available.
|
||||
|
||||
## DRF-extensions
|
||||
|
||||
The [`DRF-extensions` package][drf-extensions] includes a [`PaginateByMaxMixin` mixin class][paginate-by-max-mixin] that allows your API clients to specify `?page_size=max` to obtain the maximum allowed page size.
|
||||
|
||||
[cite]: https://docs.djangoproject.com/en/dev/topics/pagination/
|
||||
[github-link-pagination]: https://developer.github.com/guides/traversing-with-pagination/
|
||||
[link-header]: ../img/link-header-pagination.png
|
||||
[drf-extensions]: http://chibisov.github.io/drf-extensions/docs/
|
||||
[paginate-by-max-mixin]: http://chibisov.github.io/drf-extensions/docs/#paginatebymaxmixin
|
||||
[disqus-cursor-api]: http://cramer.io/2011/03/08/building-cursors-for-the-disqus-api/
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="parsers.py"></a>
|
||||
source: parsers.py
|
||||
|
||||
# Parsers
|
||||
|
||||
|
@ -12,7 +12,7 @@ REST framework includes a number of built in Parser classes, that allow you to a
|
|||
|
||||
## How the parser is determined
|
||||
|
||||
The set of valid parsers for a view is always defined as a list of classes. When either `request.DATA` or `request.FILES` is accessed, REST framework will examine the `Content-Type` header on the incoming request, and determine which parser to use to parse the request content.
|
||||
The set of valid parsers for a view is always defined as a list of classes. When `request.data` is accessed, REST framework will examine the `Content-Type` header on the incoming request, and determine which parser to use to parse the request content.
|
||||
|
||||
---
|
||||
|
||||
|
@ -26,35 +26,39 @@ As an example, if you are sending `json` encoded data using jQuery with the [.aj
|
|||
|
||||
## Setting the parsers
|
||||
|
||||
The default set of parsers may be set globally, using the `DEFAULT_PARSER_CLASSES` setting. For example, the following settings would allow requests with `YAML` content.
|
||||
The default set of parsers may be set globally, using the `DEFAULT_PARSER_CLASSES` setting. For example, the following settings would allow only requests with `JSON` content, instead of the default of JSON or form data.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PARSER_CLASSES': (
|
||||
'rest_framework.parsers.YAMLParser',
|
||||
'rest_framework.parsers.JSONParser',
|
||||
)
|
||||
}
|
||||
|
||||
You can also set the renderers used for an individual view, or viewset,
|
||||
You can also set the parsers used for an individual view, or viewset,
|
||||
using the `APIView` class based views.
|
||||
|
||||
from rest_framework.parsers import JSONParser
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
|
||||
class ExampleView(APIView):
|
||||
"""
|
||||
A view that can accept POST requests with YAML content.
|
||||
A view that can accept POST requests with JSON content.
|
||||
"""
|
||||
parser_classes = (YAMLParser,)
|
||||
parser_classes = (JSONParser,)
|
||||
|
||||
def post(self, request, format=None):
|
||||
return Response({'received data': request.DATA})
|
||||
return Response({'received data': request.data})
|
||||
|
||||
Or, if you're using the `@api_view` decorator with function based views.
|
||||
|
||||
@api_view(['POST'])
|
||||
@parser_classes((YAMLParser,))
|
||||
@parser_classes((JSONParser,))
|
||||
def example_view(request, format=None):
|
||||
"""
|
||||
A view that can accept POST requests with YAML content.
|
||||
A view that can accept POST requests with JSON content.
|
||||
"""
|
||||
return Response({'received data': request.DATA})
|
||||
return Response({'received data': request.data})
|
||||
|
||||
---
|
||||
|
||||
|
@ -66,29 +70,9 @@ Parses `JSON` request content.
|
|||
|
||||
**.media_type**: `application/json`
|
||||
|
||||
## YAMLParser
|
||||
|
||||
Parses `YAML` request content.
|
||||
|
||||
Requires the `pyyaml` package to be installed.
|
||||
|
||||
**.media_type**: `application/yaml`
|
||||
|
||||
## XMLParser
|
||||
|
||||
Parses REST framework's default style of `XML` request content.
|
||||
|
||||
Note that the `XML` markup language is typically used as the base language for more strictly defined domain-specific languages, such as `RSS`, `Atom`, and `XHTML`.
|
||||
|
||||
If you are considering using `XML` for your API, you may want to consider implementing a custom renderer and parser for your specific requirements, and using an existing domain-specific media-type, or creating your own custom XML-based media-type.
|
||||
|
||||
Requires the `defusedxml` package to be installed.
|
||||
|
||||
**.media_type**: `application/xml`
|
||||
|
||||
## FormParser
|
||||
|
||||
Parses HTML form content. `request.DATA` will be populated with a `QueryDict` of data, `request.FILES` will be populated with an empty `QueryDict` of data.
|
||||
Parses HTML form content. `request.data` will be populated with a `QueryDict` of data.
|
||||
|
||||
You will typically want to use both `FormParser` and `MultiPartParser` together in order to fully support HTML form data.
|
||||
|
||||
|
@ -96,7 +80,7 @@ You will typically want to use both `FormParser` and `MultiPartParser` together
|
|||
|
||||
## MultiPartParser
|
||||
|
||||
Parses multipart HTML form content, which supports file uploads. Both `request.DATA` and `request.FILES` will be populated with a `QueryDict`.
|
||||
Parses multipart HTML form content, which supports file uploads. Both `request.data` will be populated with a `QueryDict`.
|
||||
|
||||
You will typically want to use both `FormParser` and `MultiPartParser` together in order to fully support HTML form data.
|
||||
|
||||
|
@ -104,7 +88,7 @@ You will typically want to use both `FormParser` and `MultiPartParser` together
|
|||
|
||||
## FileUploadParser
|
||||
|
||||
Parses raw file upload content. The `request.DATA` property will be an empty `QueryDict`, and `request.FILES` will be a dictionary with a single key `'file'` containing the uploaded file.
|
||||
Parses raw file upload content. The `request.data` property will be a dictionary with a single key `'file'` containing the uploaded file.
|
||||
|
||||
If the view used with `FileUploadParser` is called with a `filename` URL keyword argument, then that argument will be used as the filename. If it is called without a `filename` URL keyword argument, then the client must set the filename in the `Content-Disposition` HTTP header. For example `Content-Disposition: attachment; filename=upload.jpg`.
|
||||
|
||||
|
@ -122,9 +106,9 @@ If the view used with `FileUploadParser` is called with a `filename` URL keyword
|
|||
parser_classes = (FileUploadParser,)
|
||||
|
||||
def put(self, request, filename, format=None):
|
||||
file_obj = request.FILES['file']
|
||||
file_obj = request.data['file']
|
||||
# ...
|
||||
# do some staff with uploaded file
|
||||
# do some stuff with uploaded file
|
||||
# ...
|
||||
return Response(status=204)
|
||||
|
||||
|
@ -135,7 +119,7 @@ If the view used with `FileUploadParser` is called with a `filename` URL keyword
|
|||
|
||||
To implement a custom parser, you should override `BaseParser`, set the `.media_type` property, and implement the `.parse(self, stream, media_type, parser_context)` method.
|
||||
|
||||
The method should return the data that will be used to populate the `request.DATA` property.
|
||||
The method should return the data that will be used to populate the `request.data` property.
|
||||
|
||||
The arguments passed to `.parse()` are:
|
||||
|
||||
|
@ -157,7 +141,7 @@ By default this will include the following keys: `view`, `request`, `args`, `kwa
|
|||
|
||||
## Example
|
||||
|
||||
The following is an example plaintext parser that will populate the `request.DATA` property with a string representing the body of the request.
|
||||
The following is an example plaintext parser that will populate the `request.data` property with a string representing the body of the request.
|
||||
|
||||
class PlainTextParser(BaseParser):
|
||||
"""
|
||||
|
@ -178,13 +162,64 @@ The following is an example plaintext parser that will populate the `request.DAT
|
|||
|
||||
The following third party packages are also available.
|
||||
|
||||
## YAML
|
||||
|
||||
[REST framework YAML][rest-framework-yaml] provides [YAML][yaml] parsing and rendering support. It was previously included directly in the REST framework package, and is now instead supported as a third-party package.
|
||||
|
||||
#### Installation & configuration
|
||||
|
||||
Install using pip.
|
||||
|
||||
$ pip install djangorestframework-yaml
|
||||
|
||||
Modify your REST framework settings.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PARSER_CLASSES': (
|
||||
'rest_framework_yaml.parsers.YAMLParser',
|
||||
),
|
||||
'DEFAULT_RENDERER_CLASSES': (
|
||||
'rest_framework_yaml.renderers.YAMLRenderer',
|
||||
),
|
||||
}
|
||||
|
||||
## XML
|
||||
|
||||
[REST Framework XML][rest-framework-xml] provides a simple informal XML format. It was previously included directly in the REST framework package, and is now instead supported as a third-party package.
|
||||
|
||||
#### Installation & configuration
|
||||
|
||||
Install using pip.
|
||||
|
||||
$ pip install djangorestframework-xml
|
||||
|
||||
Modify your REST framework settings.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PARSER_CLASSES': (
|
||||
'rest_framework_xml.parsers.XMLParser',
|
||||
),
|
||||
'DEFAULT_RENDERER_CLASSES': (
|
||||
'rest_framework_xml.renderers.XMLRenderer',
|
||||
),
|
||||
}
|
||||
|
||||
## MessagePack
|
||||
|
||||
[MessagePack][messagepack] is a fast, efficient binary serialization format. [Juan Riaza][juanriaza] maintains the [djangorestframework-msgpack][djangorestframework-msgpack] package which provides MessagePack renderer and parser support for REST framework.
|
||||
|
||||
## CamelCase JSON
|
||||
|
||||
[djangorestframework-camel-case] provides camel case JSON renderers and parsers for REST framework. This allows serializers to use Python-style underscored field names, but be exposed in the API as Javascript-style camel case field names. It is maintained by [Vitaly Babiy][vbabiy].
|
||||
|
||||
[jquery-ajax]: http://api.jquery.com/jQuery.ajax/
|
||||
[cite]: https://groups.google.com/d/topic/django-developers/dxI4qVzrBY4/discussion
|
||||
[upload-handlers]: https://docs.djangoproject.com/en/dev/topics/http/file-uploads/#upload-handlers
|
||||
[rest-framework-yaml]: http://jpadilla.github.io/django-rest-framework-yaml/
|
||||
[rest-framework-xml]: http://jpadilla.github.io/django-rest-framework-xml/
|
||||
[yaml]: http://www.yaml.org/
|
||||
[messagepack]: https://github.com/juanriaza/django-rest-framework-msgpack
|
||||
[juanriaza]: https://github.com/juanriaza
|
||||
[vbabiy]: https://github.com/vbabiy
|
||||
[djangorestframework-msgpack]: https://github.com/juanriaza/django-rest-framework-msgpack
|
||||
[djangorestframework-camel-case]: https://github.com/vbabiy/djangorestframework-camel-case
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="permissions.py"></a>
|
||||
source: permissions.py
|
||||
|
||||
# Permissions
|
||||
|
||||
|
@ -10,12 +10,24 @@ Together with [authentication] and [throttling], permissions determine whether a
|
|||
|
||||
Permission checks are always run at the very start of the view, before any other code is allowed to proceed. Permission checks will typically use the authentication information in the `request.user` and `request.auth` properties to determine if the incoming request should be permitted.
|
||||
|
||||
Permissions are used to grant or deny access different classes of users to different parts of the API.
|
||||
|
||||
The simplest style of permission would be to allow access to any authenticated user, and deny access to any unauthenticated user. This corresponds the `IsAuthenticated` class in REST framework.
|
||||
|
||||
A slightly less strict style of permission would be to allow full access to authenticated users, but allow read-only access to unauthenticated users. This corresponds to the `IsAuthenticatedOrReadOnly` class in REST framework.
|
||||
|
||||
## How permissions are determined
|
||||
|
||||
Permissions in REST framework are always defined as a list of permission classes.
|
||||
|
||||
Before running the main body of the view each permission in the list is checked.
|
||||
If any permission check fails an `exceptions.PermissionDenied` exception will be raised, and the main body of the view will not run.
|
||||
If any permission check fails an `exceptions.PermissionDenied` or `exceptions.NotAuthenticated` exception will be raised, and the main body of the view will not run.
|
||||
|
||||
When the permissions checks fail either a "403 Forbidden" or a "401 Unauthorized" response will be returned, according to the following rules:
|
||||
|
||||
* The request was successfully authenticated, but permission was denied. *— An HTTP 403 Forbidden response will be returned.*
|
||||
* The request was not successfully authenticated, and the highest priority authentication class *does not* use `WWW-Authenticate` headers. *— An HTTP 403 Forbidden response will be returned.*
|
||||
* The request was not successfully authenticated, and the highest priority authentication class *does* use `WWW-Authenticate` headers. *— An HTTP 401 Unauthorized response, with an appropriate `WWW-Authenticate` header will be returned.*
|
||||
|
||||
## Object level permissions
|
||||
|
||||
|
@ -25,9 +37,23 @@ Object level permissions are run by REST framework's generic views when `.get_ob
|
|||
As with view level permissions, an `exceptions.PermissionDenied` exception will be raised if the user is not allowed to act on the given object.
|
||||
|
||||
If you're writing your own views and want to enforce object level permissions,
|
||||
you'll need to explicitly call the `.check_object_permissions(request, obj)` method on the view at the point at which you've retrieved the object.
|
||||
or if you override the `get_object` method on a generic view, then you'll need to explicitly call the `.check_object_permissions(request, obj)` method on the view at the point at which you've retrieved the object.
|
||||
|
||||
This will either raise a `PermissionDenied` or `NotAuthenticated` exception, or simply return if the view has the appropriate permissions.
|
||||
|
||||
For example:
|
||||
|
||||
def get_object(self):
|
||||
obj = get_object_or_404(self.get_queryset())
|
||||
self.check_object_permissions(self.request, obj)
|
||||
return obj
|
||||
|
||||
#### Limitations of object level permissions
|
||||
|
||||
For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects.
|
||||
|
||||
Often when you're using object level permissions you'll also want to [filter the queryset][filtering] appropriately, to ensure that users only have visibility onto instances that they are permitted to view.
|
||||
|
||||
## Setting the permission policy
|
||||
|
||||
The default permission policy may be set globally, using the `DEFAULT_PERMISSION_CLASSES` setting. For example.
|
||||
|
@ -47,6 +73,10 @@ If not specified, this setting defaults to allowing unrestricted access:
|
|||
You can also set the authentication policy on a per-view, or per-viewset basis,
|
||||
using the `APIView` class based views.
|
||||
|
||||
from rest_framework.permissions import IsAuthenticated
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
|
||||
class ExampleView(APIView):
|
||||
permission_classes = (IsAuthenticated,)
|
||||
|
||||
|
@ -86,7 +116,7 @@ This permission is suitable if you want your API to only be accessible to regist
|
|||
|
||||
The `IsAdminUser` permission class will deny permission to any user, unless `user.is_staff` is `True` in which case permission will be allowed.
|
||||
|
||||
This permission is suitable is you want your API to only be accessible to a subset of trusted administrators.
|
||||
This permission is suitable if you want your API to only be accessible to a subset of trusted administrators.
|
||||
|
||||
## IsAuthenticatedOrReadOnly
|
||||
|
||||
|
@ -96,7 +126,7 @@ This permission is suitable if you want to your API to allow read permissions to
|
|||
|
||||
## DjangoModelPermissions
|
||||
|
||||
This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. When applied to a view that has a `.model` property, authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.
|
||||
This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. This permission must only be applied to views that has a `.queryset` property set. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.
|
||||
|
||||
* `POST` requests require the user to have the `add` permission on the model.
|
||||
* `PUT` and `PATCH` requests require the user to have the `change` permission on the model.
|
||||
|
@ -106,24 +136,35 @@ The default behaviour can also be overridden to support custom model permissions
|
|||
|
||||
To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property. Refer to the source code for details.
|
||||
|
||||
#### Using with views that do not include a `queryset` attribute.
|
||||
|
||||
If you're using this permission with a view that uses an overridden `get_queryset()` method there may not be a `queryset` attribute on the view. In this case we suggest also marking the view with a sential queryset, so that this class can determine the required permissions. For example:
|
||||
|
||||
queryset = User.objects.none() # Required for DjangoModelPermissions
|
||||
|
||||
## DjangoModelPermissionsOrAnonReadOnly
|
||||
|
||||
Similar to `DjangoModelPermissions`, but also allows unauthenticated users to have read-only access to the API.
|
||||
|
||||
## TokenHasReadWriteScope
|
||||
## DjangoObjectPermissions
|
||||
|
||||
This permission class is intended for use with either of the `OAuthAuthentication` and `OAuth2Authentication` classes, and ties into the scoping that their backends provide.
|
||||
This permission class ties into Django's standard [object permissions framework][objectpermissions] that allows per-object permissions on models. In order to use this permission class, you'll also need to add a permission backend that supports object-level permissions, such as [django-guardian][guardian].
|
||||
|
||||
Requests with a safe methods of `GET`, `OPTIONS` or `HEAD` will be allowed if the authenticated token has read permission.
|
||||
As with `DjangoModelPermissions`, this permission must only be applied to views that have a `.queryset` property. Authorization will only be granted if the user *is authenticated* and has the *relevant per-object permissions* and *relevant model permissions* assigned.
|
||||
|
||||
Requests for `POST`, `PUT`, `PATCH` and `DELETE` will be allowed if the authenticated token has write permission.
|
||||
* `POST` requests require the user to have the `add` permission on the model instance.
|
||||
* `PUT` and `PATCH` requests require the user to have the `change` permission on the model instance.
|
||||
* `DELETE` requests require the user to have the `delete` permission on the model instance.
|
||||
|
||||
This permission class relies on the implementations of the [django-oauth-plus][django-oauth-plus] and [django-oauth2-provider][django-oauth2-provider] libraries, which both provide limited support for controlling the scope of access tokens:
|
||||
Note that `DjangoObjectPermissions` **does not** require the `django-guardian` package, and should support other object-level backends equally well.
|
||||
|
||||
* `django-oauth-plus`: Tokens are associated with a `Resource` class which has a `name`, `url` and `is_readonly` properties.
|
||||
* `django-oauth2-provider`: Tokens are associated with a bitwise `scope` attribute, that defaults to providing bitwise values for `read` and/or `write`.
|
||||
As with `DjangoModelPermissions` you can use custom model permissions by overriding `DjangoModelPermissions` and setting the `.perms_map` property. Refer to the source code for details.
|
||||
|
||||
If you require more advanced scoping for your API, such as restricting tokens to accessing a subset of functionality of your API then you will need to provide a custom permission class. See the source of the `django-oauth-plus` or `django-oauth2-provider` package for more details on scoping token access.
|
||||
---
|
||||
|
||||
**Note**: If you need object level `view` permissions for `GET`, `HEAD` and `OPTIONS` requests, you'll want to consider also adding the `DjangoObjectPermissionsFilter` class to ensure that list endpoints only return results including objects for which the user has appropriate view permissions.
|
||||
|
||||
---
|
||||
|
||||
---
|
||||
|
||||
|
@ -145,11 +186,7 @@ If you need to test if a request is a read operation or a write operation, you s
|
|||
|
||||
---
|
||||
|
||||
**Note**: In versions 2.0 and 2.1, the signature for the permission checks always included an optional `obj` parameter, like so: `.has_permission(self, request, view, obj=None)`. The method would be called twice, first for the global permission checks, with no object supplied, and second for the object-level check when required.
|
||||
|
||||
As of version 2.2 this signature has now been replaced with two separate method calls, which is more explict and obvious. The old style signature continues to work, but it's use will result in a `PendingDeprecationWarning`, which is silent by default. In 2.3 this will be escalated to a `DeprecationWarning`, and in 2.4 the old-style signature will be removed.
|
||||
|
||||
For more details see the [2.2 release announcement][2.2-announcement].
|
||||
**Note**: The instance-level `has_object_permission` method will only be called if the view-level `has_permission` checks have already passed. Also note that in order for the instance-level checks to run, the view code should explicitly call `.check_object_permissions(request, obj)`. If you are using the generic views then this will be handled for you by default.
|
||||
|
||||
---
|
||||
|
||||
|
@ -157,6 +194,8 @@ For more details see the [2.2 release announcement][2.2-announcement].
|
|||
|
||||
The following is an example of a permission class that checks the incoming request's IP address against a blacklist, and denies the request if the IP has been blacklisted.
|
||||
|
||||
from rest_framework import permissions
|
||||
|
||||
class BlacklistPermission(permissions.BasePermission):
|
||||
"""
|
||||
Global permission check for blacklisted IPs.
|
||||
|
@ -188,12 +227,34 @@ Note that the generic views will check the appropriate object level permissions,
|
|||
|
||||
Also note that the generic views will only check the object-level permissions for views that retrieve a single model instance. If you require object-level filtering of list views, you'll need to filter the queryset separately. See the [filtering documentation][filtering] for more details.
|
||||
|
||||
---
|
||||
|
||||
# Third party packages
|
||||
|
||||
The following third party packages are also available.
|
||||
|
||||
## DRF Any Permissions
|
||||
|
||||
The [DRF Any Permissions][drf-any-permissions] packages provides a different permission behavior in contrast to REST framework. Instead of all specified permissions being required, only one of the given permissions has to be true in order to get access to the view.
|
||||
|
||||
## Composed Permissions
|
||||
|
||||
The [Composed Permissions][composed-permissions] package provides a simple way to define complex and multi-depth (with logic operators) permission objects, using small and reusable components.
|
||||
|
||||
## REST Condition
|
||||
|
||||
The [REST Condition][rest-condition] package is another extension for building complex permissions in a simple and convenient way. The extension allows you to combine permissions with logical operators.
|
||||
|
||||
[cite]: https://developer.apple.com/library/mac/#documentation/security/Conceptual/AuthenticationAndAuthorizationGuide/Authorization/Authorization.html
|
||||
[authentication]: authentication.md
|
||||
[throttling]: throttling.md
|
||||
[contribauth]: https://docs.djangoproject.com/en/1.0/topics/auth/#permissions
|
||||
[filtering]: filtering.md
|
||||
[contribauth]: https://docs.djangoproject.com/en/dev/topics/auth/customizing/#custom-permissions
|
||||
[objectpermissions]: https://docs.djangoproject.com/en/dev/topics/auth/customizing/#handling-object-permissions
|
||||
[guardian]: https://github.com/lukaszb/django-guardian
|
||||
[django-oauth-plus]: http://code.larlet.fr/django-oauth-plus
|
||||
[django-oauth2-provider]: https://github.com/caffeinehit/django-oauth2-provider
|
||||
[get_objects_for_user]: http://pythonhosted.org/django-guardian/api/guardian.shortcuts.html#get-objects-for-user
|
||||
[2.2-announcement]: ../topics/2.2-announcement.md
|
||||
[filtering]: filtering.md
|
||||
[drf-any-permissions]: https://github.com/kevin-brown/drf-any-permissions
|
||||
[composed-permissions]: https://github.com/niwibe/djangorestframework-composed-permissions
|
||||
[rest-condition]: https://github.com/caxap/rest_condition
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="relations.py"></a>
|
||||
source: relations.py
|
||||
|
||||
# Serializer relations
|
||||
|
||||
|
@ -16,6 +16,20 @@ Relational fields are used to represent model relationships. They can be applie
|
|||
|
||||
---
|
||||
|
||||
#### Inspecting automatically generated relationships.
|
||||
|
||||
When using the `ModelSerializer` class, serializer fields and relationships will be automatically generated for you. Inspecting these automatically generated fields can be a useful tool for determining how to customize the relationship style.
|
||||
|
||||
To do so, open the Django shell, using `python manage.py shell`, then import the serializer class, instantiate it, and print the object representation…
|
||||
|
||||
>>> from myapp.serializers import AccountSerializer
|
||||
>>> serializer = AccountSerializer()
|
||||
>>> print repr(serializer) # Or `print(repr(serializer))` in Python 3.x.
|
||||
AccountSerializer():
|
||||
id = IntegerField(label='ID', read_only=True)
|
||||
name = CharField(allow_blank=True, max_length=100, required=False)
|
||||
owner = PrimaryKeyRelatedField(queryset=User.objects.all())
|
||||
|
||||
# API Reference
|
||||
|
||||
In order to explain the various types of relational fields, we'll use a couple of simple models for our examples. Our models will be for music albums, and the tracks listed on each album.
|
||||
|
@ -37,14 +51,14 @@ In order to explain the various types of relational fields, we'll use a couple o
|
|||
def __unicode__(self):
|
||||
return '%d: %s' % (self.order, self.title)
|
||||
|
||||
## RelatedField
|
||||
## StringRelatedField
|
||||
|
||||
`RelatedField` may be used to represent the target of the relationship using it's `__unicode__` method.
|
||||
`StringRelatedField` may be used to represent the target of the relationship using its `__unicode__` method.
|
||||
|
||||
For example, the following serializer.
|
||||
|
||||
class AlbumSerializer(serializers.ModelSerializer):
|
||||
tracks = RelatedField(many=True)
|
||||
tracks = serializers.StringRelatedField(many=True)
|
||||
|
||||
class Meta:
|
||||
model = Album
|
||||
|
@ -54,7 +68,7 @@ Would serialize to the following representation.
|
|||
|
||||
{
|
||||
'album_name': 'Things We Lost In The Fire',
|
||||
'artist': 'Low'
|
||||
'artist': 'Low',
|
||||
'tracks': [
|
||||
'1: Sunflower',
|
||||
'2: Whitetail',
|
||||
|
@ -71,12 +85,12 @@ This field is read only.
|
|||
|
||||
## PrimaryKeyRelatedField
|
||||
|
||||
`PrimaryKeyRelatedField` may be used to represent the target of the relationship using it's primary key.
|
||||
`PrimaryKeyRelatedField` may be used to represent the target of the relationship using its primary key.
|
||||
|
||||
For example, the following serializer:
|
||||
|
||||
class AlbumSerializer(serializers.ModelSerializer):
|
||||
tracks = PrimaryKeyRelatedField(many=True, read_only=True)
|
||||
tracks = serializers.PrimaryKeyRelatedField(many=True, read_only=True)
|
||||
|
||||
class Meta:
|
||||
model = Album
|
||||
|
@ -86,7 +100,7 @@ Would serialize to a representation like this:
|
|||
|
||||
{
|
||||
'album_name': 'The Roots',
|
||||
'artist': 'Undun'
|
||||
'artist': 'Undun',
|
||||
'tracks': [
|
||||
89,
|
||||
90,
|
||||
|
@ -99,9 +113,9 @@ By default this field is read-write, although you can change this behavior using
|
|||
|
||||
**Arguments**:
|
||||
|
||||
* `queryset` - The queryset used for model instance lookups when validating the field input. Relationships must either set a queryset explicitly, or set `read_only=True`.
|
||||
* `many` - If applied to a to-many relationship, you should set this argument to `True`.
|
||||
* `required` - If set to `False`, the field will accept values of `None` or the empty-string for nullable relationships.
|
||||
* `queryset` - By default `ModelSerializer` classes will use the default queryset for the relationship. `Serializer` classes must either set a queryset explicitly, or set `read_only=True`.
|
||||
* `allow_null` - If set to `True`, the field will accept values of `None` or the empty string for nullable relationships. Defaults to `False`.
|
||||
|
||||
## HyperlinkedRelatedField
|
||||
|
||||
|
@ -110,8 +124,11 @@ By default this field is read-write, although you can change this behavior using
|
|||
For example, the following serializer:
|
||||
|
||||
class AlbumSerializer(serializers.ModelSerializer):
|
||||
tracks = HyperlinkedRelatedField(many=True, read_only=True,
|
||||
view_name='track-detail')
|
||||
tracks = serializers.HyperlinkedRelatedField(
|
||||
many=True,
|
||||
read_only=True,
|
||||
view_name='track-detail'
|
||||
)
|
||||
|
||||
class Meta:
|
||||
model = Album
|
||||
|
@ -121,7 +138,7 @@ Would serialize to a representation like this:
|
|||
|
||||
{
|
||||
'album_name': 'Graceland',
|
||||
'artist': 'Paul Simon'
|
||||
'artist': 'Paul Simon',
|
||||
'tracks': [
|
||||
'http://www.example.com/api/tracks/45/',
|
||||
'http://www.example.com/api/tracks/46/',
|
||||
|
@ -134,11 +151,12 @@ By default this field is read-write, although you can change this behavior using
|
|||
|
||||
**Arguments**:
|
||||
|
||||
* `view_name` - The view name that should be used as the target of the relationship. **required**.
|
||||
* `view_name` - The view name that should be used as the target of the relationship. If you're using [the standard router classes][routers] this will be a string with the format `<modelname>-detail`. **required**.
|
||||
* `queryset` - The queryset used for model instance lookups when validating the field input. Relationships must either set a queryset explicitly, or set `read_only=True`.
|
||||
* `many` - If applied to a to-many relationship, you should set this argument to `True`.
|
||||
* `required` - If set to `False`, the field will accept values of `None` or the empty-string for nullable relationships.
|
||||
* `queryset` - By default `ModelSerializer` classes will use the default queryset for the relationship. `Serializer` classes must either set a queryset explicitly, or set `read_only=True`.
|
||||
* `allow_null` - If set to `True`, the field will accept values of `None` or the empty string for nullable relationships. Defaults to `False`.
|
||||
* `lookup_field` - The field on the target that should be used for the lookup. Should correspond to a URL keyword argument on the referenced view. Default is `'pk'`.
|
||||
* `lookup_url_kwarg` - The name of the keyword argument defined in the URL conf that corresponds to the lookup field. Defaults to using the same value as `lookup_field`.
|
||||
* `format` - If using format suffixes, hyperlinked fields will use the same format suffix for the target unless overridden by using the `format` argument.
|
||||
|
||||
## SlugRelatedField
|
||||
|
@ -148,7 +166,11 @@ By default this field is read-write, although you can change this behavior using
|
|||
For example, the following serializer:
|
||||
|
||||
class AlbumSerializer(serializers.ModelSerializer):
|
||||
tracks = SlugRelatedField(many=True, read_only=True, slug_field='title')
|
||||
tracks = serializers.SlugRelatedField(
|
||||
many=True,
|
||||
read_only=True,
|
||||
slug_field='title'
|
||||
)
|
||||
|
||||
class Meta:
|
||||
model = Album
|
||||
|
@ -158,7 +180,7 @@ Would serialize to a representation like this:
|
|||
|
||||
{
|
||||
'album_name': 'Dear John',
|
||||
'artist': 'Loney Dear'
|
||||
'artist': 'Loney Dear',
|
||||
'tracks': [
|
||||
'Airport Surroundings',
|
||||
'Everything Turns to You',
|
||||
|
@ -174,16 +196,16 @@ When using `SlugRelatedField` as a read-write field, you will normally want to e
|
|||
**Arguments**:
|
||||
|
||||
* `slug_field` - The field on the target that should be used to represent it. This should be a field that uniquely identifies any given instance. For example, `username`. **required**
|
||||
* `queryset` - The queryset used for model instance lookups when validating the field input. Relationships must either set a queryset explicitly, or set `read_only=True`.
|
||||
* `many` - If applied to a to-many relationship, you should set this argument to `True`.
|
||||
* `required` - If set to `False`, the field will accept values of `None` or the empty-string for nullable relationships.
|
||||
* `queryset` - By default `ModelSerializer` classes will use the default queryset for the relationship. `Serializer` classes must either set a queryset explicitly, or set `read_only=True`.
|
||||
* `allow_null` - If set to `True`, the field will accept values of `None` or the empty string for nullable relationships. Defaults to `False`.
|
||||
|
||||
## HyperlinkedIdentityField
|
||||
|
||||
This field can be applied as an identity relationship, such as the `'url'` field on a HyperlinkedModelSerializer. It can also be used for an attribute on the object. For example, the following serializer:
|
||||
|
||||
class AlbumSerializer(serializers.HyperlinkedModelSerializer):
|
||||
track_listing = HyperlinkedIdentityField(view_name='track-list')
|
||||
track_listing = serializers.HyperlinkedIdentityField(view_name='track-list')
|
||||
|
||||
class Meta:
|
||||
model = Album
|
||||
|
@ -193,7 +215,7 @@ Would serialize to a representation like this:
|
|||
|
||||
{
|
||||
'album_name': 'The Eraser',
|
||||
'artist': 'Thom Yorke'
|
||||
'artist': 'Thom Yorke',
|
||||
'track_listing': 'http://www.example.com/api/track_list/12/',
|
||||
}
|
||||
|
||||
|
@ -201,8 +223,9 @@ This field is always read-only.
|
|||
|
||||
**Arguments**:
|
||||
|
||||
* `view_name` - The view name that should be used as the target of the relationship. **required**.
|
||||
* `view_name` - The view name that should be used as the target of the relationship. If you're using [the standard router classes][routers] this will be a string with the format `<model_name>-detail`. **required**.
|
||||
* `lookup_field` - The field on the target that should be used for the lookup. Should correspond to a URL keyword argument on the referenced view. Default is `'pk'`.
|
||||
* `lookup_url_kwarg` - The name of the keyword argument defined in the URL conf that corresponds to the lookup field. Defaults to using the same value as `lookup_field`.
|
||||
* `format` - If using format suffixes, hyperlinked fields will use the same format suffix for the target unless overridden by using the `format` argument.
|
||||
|
||||
---
|
||||
|
@ -213,8 +236,6 @@ Nested relationships can be expressed by using serializers as fields.
|
|||
|
||||
If the field is used to represent a to-many relationship, you should add the `many=True` flag to the serializer field.
|
||||
|
||||
Note that nested relationships are currently read-only. For read-write relationships, you should use a flat relational style.
|
||||
|
||||
## Example
|
||||
|
||||
For example, the following serializer:
|
||||
|
@ -225,7 +246,7 @@ For example, the following serializer:
|
|||
fields = ('order', 'title')
|
||||
|
||||
class AlbumSerializer(serializers.ModelSerializer):
|
||||
tracks = TrackSerializer(many=True)
|
||||
tracks = TrackSerializer(many=True, read_only=True)
|
||||
|
||||
class Meta:
|
||||
model = Album
|
||||
|
@ -235,7 +256,7 @@ Would serialize to a nested representation like this:
|
|||
|
||||
{
|
||||
'album_name': 'The Grey Album',
|
||||
'artist': 'Danger Mouse'
|
||||
'artist': 'Danger Mouse',
|
||||
'tracks': [
|
||||
{'order': 1, 'title': 'Public Service Announcement'},
|
||||
{'order': 2, 'title': 'What More Can I Say'},
|
||||
|
@ -246,18 +267,18 @@ Would serialize to a nested representation like this:
|
|||
|
||||
# Custom relational fields
|
||||
|
||||
To implement a custom relational field, you should override `RelatedField`, and implement the `.to_native(self, value)` method. This method takes the target of the field as the `value` argument, and should return the representation that should be used to serialize the target.
|
||||
To implement a custom relational field, you should override `RelatedField`, and implement the `.to_representation(self, value)` method. This method takes the target of the field as the `value` argument, and should return the representation that should be used to serialize the target. The `value` argument will typically be a model instance.
|
||||
|
||||
If you want to implement a read-write relational field, you must also implement the `.from_native(self, data)` method, and add `read_only = False` to the class definition.
|
||||
If you want to implement a read-write relational field, you must also implement the `.to_internal_value(self, data)` method.
|
||||
|
||||
## Example
|
||||
|
||||
For, example, we could define a relational field, to serialize a track to a custom string representation, using it's ordering, title, and duration.
|
||||
For, example, we could define a relational field, to serialize a track to a custom string representation, using its ordering, title, and duration.
|
||||
|
||||
import time
|
||||
|
||||
class TrackListingField(serializers.RelatedField):
|
||||
def to_native(self, value):
|
||||
def to_representation(self, value):
|
||||
duration = time.strftime('%M:%S', time.gmtime(value.duration))
|
||||
return 'Track %d: %s (%s)' % (value.order, value.name, duration)
|
||||
|
||||
|
@ -272,7 +293,7 @@ This custom field would then serialize to the following representation.
|
|||
|
||||
{
|
||||
'album_name': 'Sometimes I Wish We Were an Eagle',
|
||||
'artist': 'Bill Callahan'
|
||||
'artist': 'Bill Callahan',
|
||||
'tracks': [
|
||||
'Track 1: Jim Cain (04:39)',
|
||||
'Track 2: Eid Ma Clack Shaw (04:19)',
|
||||
|
@ -285,6 +306,16 @@ This custom field would then serialize to the following representation.
|
|||
|
||||
# Further notes
|
||||
|
||||
## The `queryset` argument
|
||||
|
||||
The `queryset` argument is only ever required for *writable* relationship field, in which case it is used for performing the model instance lookup, that maps from the primitive user input, into a model instance.
|
||||
|
||||
In version 2.x a serializer class could *sometimes* automatically determine the `queryset` argument *if* a `ModelSerializer` class was being used.
|
||||
|
||||
This behavior is now replaced with *always* using an explicit `queryset` argument for writable relational fields.
|
||||
|
||||
Doing so reduces the amount of hidden 'magic' that `ModelSerializer` provides, makes the behavior of the field more clear, and ensures that it is trivial to move between using the `ModelSerializer` shortcut, or using fully explicit `Serializer` classes.
|
||||
|
||||
## Reverse relations
|
||||
|
||||
Note that reverse relationships are not automatically included by the `ModelSerializer` and `HyperlinkedModelSerializer` classes. To include a reverse relationship, you must explicitly add it to the fields list. For example:
|
||||
|
@ -351,7 +382,7 @@ We could define a custom field that could be used to serialize tagged instances,
|
|||
A custom field to use for the `tagged_object` generic relationship.
|
||||
"""
|
||||
|
||||
def to_native(self, value):
|
||||
def to_representation(self, value):
|
||||
"""
|
||||
Serialize tagged objects to a simple textual representation.
|
||||
"""
|
||||
|
@ -361,9 +392,9 @@ We could define a custom field that could be used to serialize tagged instances,
|
|||
return 'Note: ' + value.text
|
||||
raise Exception('Unexpected type of tagged object')
|
||||
|
||||
If you need the target of the relationship to have a nested representation, you can use the required serializers inside the `.to_native()` method:
|
||||
If you need the target of the relationship to have a nested representation, you can use the required serializers inside the `.to_representation()` method:
|
||||
|
||||
def to_native(self, value):
|
||||
def to_representation(self, value):
|
||||
"""
|
||||
Serialize bookmark instances using a bookmark serializer,
|
||||
and note instances using a note serializer.
|
||||
|
@ -386,7 +417,7 @@ For more information see [the Django documentation on generic relations][generic
|
|||
By default, relational fields that target a ``ManyToManyField`` with a
|
||||
``through`` model specified are set to read-only.
|
||||
|
||||
If you exlicitly specify a relational field pointing to a
|
||||
If you explicitly specify a relational field pointing to a
|
||||
``ManyToManyField`` with a through model, be sure to set ``read_only``
|
||||
to ``True``.
|
||||
|
||||
|
@ -405,7 +436,6 @@ attributes are not configured to correctly match the URL conf.
|
|||
|
||||
#### get_object(self, queryset, view_name, view_args, view_kwargs)
|
||||
|
||||
|
||||
This method should the object that corresponds to the matched URL conf arguments.
|
||||
|
||||
May raise an `ObjectDoesNotExist` exception.
|
||||
|
@ -422,28 +452,21 @@ For example, if all your object URLs used both a account and a slug in the the U
|
|||
def get_object(self, queryset, view_name, view_args, view_kwargs):
|
||||
account = view_kwargs['account']
|
||||
slug = view_kwargs['slug']
|
||||
return queryset.get(account=account, slug=sug)
|
||||
return queryset.get(account=account, slug=slug)
|
||||
|
||||
---
|
||||
|
||||
## Deprecated APIs
|
||||
# Third Party Packages
|
||||
|
||||
The following classes have been deprecated, in favor of the `many=<bool>` syntax.
|
||||
They continue to function, but their usage will raise a `PendingDeprecationWarning`, which is silent by default.
|
||||
The following third party packages are also available.
|
||||
|
||||
* `ManyRelatedField`
|
||||
* `ManyPrimaryKeyRelatedField`
|
||||
* `ManyHyperlinkedRelatedField`
|
||||
* `ManySlugRelatedField`
|
||||
## DRF Nested Routers
|
||||
|
||||
The `null=<bool>` flag has been deprecated in favor of the `required=<bool>` flag. It will continue to function, but will raise a `PendingDeprecationWarning`.
|
||||
|
||||
In the 2.3 release, these warnings will be escalated to a `DeprecationWarning`, which is loud by default.
|
||||
In the 2.4 release, these parts of the API will be removed entirely.
|
||||
|
||||
For more details see the [2.2 release announcement][2.2-announcement].
|
||||
The [drf-nested-routers package][drf-nested-routers] provides routers and relationship fields for working with nested resources.
|
||||
|
||||
[cite]: http://lwn.net/Articles/193245/
|
||||
[reverse-relationships]: https://docs.djangoproject.com/en/dev/topics/db/queries/#following-relationships-backward
|
||||
[routers]: http://www.django-rest-framework.org/api-guide/routers#defaultrouter
|
||||
[generic-relations]: https://docs.djangoproject.com/en/dev/ref/contrib/contenttypes/#id1
|
||||
[2.2-announcement]: ../topics/2.2-announcement.md
|
||||
[drf-nested-routers]: https://github.com/alanjds/drf-nested-routers
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="renderers.py"></a>
|
||||
source: renderers.py
|
||||
|
||||
# Renderers
|
||||
|
||||
|
@ -18,11 +18,11 @@ For more information see the documentation on [content negotiation][conneg].
|
|||
|
||||
## Setting the renderers
|
||||
|
||||
The default set of renderers may be set globally, using the `DEFAULT_RENDERER_CLASSES` setting. For example, the following settings would use `YAML` as the main media type and also include the self describing API.
|
||||
The default set of renderers may be set globally, using the `DEFAULT_RENDERER_CLASSES` setting. For example, the following settings would use `JSON` as the main media type and also include the self describing API.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_RENDERER_CLASSES': (
|
||||
'rest_framework.renderers.YAMLRenderer',
|
||||
'rest_framework.renderers.JSONRenderer',
|
||||
'rest_framework.renderers.BrowsableAPIRenderer',
|
||||
)
|
||||
}
|
||||
|
@ -30,11 +30,16 @@ The default set of renderers may be set globally, using the `DEFAULT_RENDERER_CL
|
|||
You can also set the renderers used for an individual view, or viewset,
|
||||
using the `APIView` class based views.
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from rest_framework.renderers import JSONRenderer
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.views import APIView
|
||||
|
||||
class UserCountView(APIView):
|
||||
"""
|
||||
A view that returns the count of active users, in JSON or JSONp.
|
||||
A view that returns the count of active users in JSON.
|
||||
"""
|
||||
renderer_classes = (JSONRenderer, JSONPRenderer)
|
||||
renderer_classes = (JSONRenderer, )
|
||||
|
||||
def get(self, request, format=None):
|
||||
user_count = User.objects.filter(active=True).count()
|
||||
|
@ -44,10 +49,10 @@ using the `APIView` class based views.
|
|||
Or, if you're using the `@api_view` decorator with function based views.
|
||||
|
||||
@api_view(['GET'])
|
||||
@renderer_classes((JSONRenderer, JSONPRenderer))
|
||||
@renderer_classes((JSONRenderer,))
|
||||
def user_count_view(request, format=None):
|
||||
"""
|
||||
A view that returns the count of active users, in JSON or JSONp.
|
||||
A view that returns the count of active users in JSON.
|
||||
"""
|
||||
user_count = User.objects.filter(active=True).count()
|
||||
content = {'user_count': user_count}
|
||||
|
@ -69,83 +74,24 @@ If your API includes views that can serve both regular webpages and API response
|
|||
|
||||
Renders the request data into `JSON`, using utf-8 encoding.
|
||||
|
||||
Note that non-ascii characters will be rendered using JSON's `\uXXXX` character escape. For example:
|
||||
Note that the default style is to include unicode characters, and render the response using a compact style with no unnecessary whitespace:
|
||||
|
||||
{"unicode black star": "\u2605"}
|
||||
{"unicode black star":"★","value":999}
|
||||
|
||||
The client may additionally include an `'indent'` media type parameter, in which case the returned `JSON` will be indented. For example `Accept: application/json; indent=4`.
|
||||
|
||||
{
|
||||
"unicode black star": "\u2605"
|
||||
"unicode black star": "★",
|
||||
"value": 999
|
||||
}
|
||||
|
||||
The default JSON encoding style can be altered using the `UNICODE_JSON` and `COMPACT_JSON` settings keys.
|
||||
|
||||
**.media_type**: `application/json`
|
||||
|
||||
**.format**: `'.json'`
|
||||
|
||||
**.charset**: `utf-8`
|
||||
|
||||
## UnicodeJSONRenderer
|
||||
|
||||
Renders the request data into `JSON`, using utf-8 encoding.
|
||||
|
||||
Note that non-ascii characters will not be character escaped. For example:
|
||||
|
||||
{"unicode black star": "★"}
|
||||
|
||||
The client may additionally include an `'indent'` media type parameter, in which case the returned `JSON` will be indented. For example `Accept: application/json; indent=4`.
|
||||
|
||||
{
|
||||
"unicode black star": "★"
|
||||
}
|
||||
|
||||
Both the `JSONRenderer` and `UnicodeJSONRenderer` styles conform to [RFC 4627][rfc4627], and are syntactically valid JSON.
|
||||
|
||||
**.media_type**: `application/json`
|
||||
|
||||
**.format**: `'.json'`
|
||||
|
||||
**.charset**: `utf-8`
|
||||
|
||||
## JSONPRenderer
|
||||
|
||||
Renders the request data into `JSONP`. The `JSONP` media type provides a mechanism of allowing cross-domain AJAX requests, by wrapping a `JSON` response in a javascript callback.
|
||||
|
||||
The javascript callback function must be set by the client including a `callback` URL query parameter. For example `http://example.com/api/users?callback=jsonpCallback`. If the callback function is not explicitly set by the client it will default to `'callback'`.
|
||||
|
||||
**Note**: If you require cross-domain AJAX requests, you may want to consider using the more modern approach of [CORS][cors] as an alternative to `JSONP`. See the [CORS documentation][cors-docs] for more details.
|
||||
|
||||
**.media_type**: `application/javascript`
|
||||
|
||||
**.format**: `'.jsonp'`
|
||||
|
||||
**.charset**: `utf-8`
|
||||
|
||||
## YAMLRenderer
|
||||
|
||||
Renders the request data into `YAML`.
|
||||
|
||||
Requires the `pyyaml` package to be installed.
|
||||
|
||||
**.media_type**: `application/yaml`
|
||||
|
||||
**.format**: `'.yaml'`
|
||||
|
||||
**.charset**: `utf-8`
|
||||
|
||||
## XMLRenderer
|
||||
|
||||
Renders REST framework's default style of `XML` response content.
|
||||
|
||||
Note that the `XML` markup language is used typically used as the base language for more strictly defined domain-specific languages, such as `RSS`, `Atom`, and `XHTML`.
|
||||
|
||||
If you are considering using `XML` for your API, you may want to consider implementing a custom renderer and parser for your specific requirements, and using an existing domain-specific media-type, or creating your own custom XML-based media-type.
|
||||
|
||||
**.media_type**: `application/xml`
|
||||
|
||||
**.format**: `'.xml'`
|
||||
|
||||
**.charset**: `utf-8`
|
||||
**.charset**: `None`
|
||||
|
||||
## TemplateHTMLRenderer
|
||||
|
||||
|
@ -162,14 +108,14 @@ The template name is determined by (in order of preference):
|
|||
|
||||
An example of a view that uses `TemplateHTMLRenderer`:
|
||||
|
||||
class UserDetail(generics.RetrieveUserAPIView):
|
||||
class UserDetail(generics.RetrieveAPIView):
|
||||
"""
|
||||
A view that returns a templated HTML representations of a given user.
|
||||
"""
|
||||
queryset = User.objects.all()
|
||||
renderer_classes = (TemplateHTMLRenderer,)
|
||||
|
||||
def get(self, request, *args, **kwargs)
|
||||
def get(self, request, *args, **kwargs):
|
||||
self.object = self.get_object()
|
||||
return Response({'user': self.object}, template_name='user_detail.html')
|
||||
|
||||
|
@ -207,6 +153,20 @@ You can use `TemplateHTMLRenderer` either to return regular HTML pages using RES
|
|||
|
||||
See also: `TemplateHTMLRenderer`
|
||||
|
||||
## HTMLFormRenderer
|
||||
|
||||
Renders data returned by a serializer into an HTML form. The output of this renderer does not include the enclosing `<form>` tags or an submit actions, as you'll probably need those to include the desired method and URL. Also note that the `HTMLFormRenderer` does not yet support including field error messages.
|
||||
|
||||
Note that the template used by the `HTMLFormRenderer` class, and the context submitted to it **may be subject to change**. If you need to use this renderer class it is advised that you either make a local copy of the class and templates, or follow the release note on REST framework upgrades closely.
|
||||
|
||||
**.media_type**: `text/html`
|
||||
|
||||
**.format**: `'.form'`
|
||||
|
||||
**.charset**: `utf-8`
|
||||
|
||||
**.template**: `'rest_framework/form.html'`
|
||||
|
||||
## BrowsableAPIRenderer
|
||||
|
||||
Renders data into HTML for the Browsable API. This renderer will determine which other renderer would have been given highest priority, and use that to display an API style response within the HTML page.
|
||||
|
@ -217,6 +177,8 @@ Renders data into HTML for the Browsable API. This renderer will determine whic
|
|||
|
||||
**.charset**: `utf-8`
|
||||
|
||||
**.template**: `'rest_framework/api.html'`
|
||||
|
||||
#### Customizing BrowsableAPIRenderer
|
||||
|
||||
By default the response content will be rendered with the highest priority renderer apart from `BrowseableAPIRenderer`. If you need to customize this behavior, for example to use HTML as the default return format, but use JSON in the browsable API, you can do so by overriding the `get_default_renderer()` method. For example:
|
||||
|
@ -241,7 +203,7 @@ This renderer is used for rendering HTML multipart form data. **It is not suita
|
|||
|
||||
To implement a custom renderer, you should override `BaseRenderer`, set the `.media_type` and `.format` properties, and implement the `.render(self, data, media_type=None, renderer_context=None)` method.
|
||||
|
||||
The method should return a bytestring, which wil be used as the body of the HTTP response.
|
||||
The method should return a bytestring, which will be used as the body of the HTTP response.
|
||||
|
||||
The arguments passed to the `.render()` method are:
|
||||
|
||||
|
@ -290,12 +252,15 @@ By default renderer classes are assumed to be using the `UTF-8` encoding. To us
|
|||
|
||||
Note that if a renderer class returns a unicode string, then the response content will be coerced into a bytestring by the `Response` class, with the `charset` attribute set on the renderer used to determine the encoding.
|
||||
|
||||
If the renderer returns a bytestring representing raw binary content, you should set a charset value of `None`, which will ensure the `Content-Type` header of the response will not have a `charset` value set. Doing so will also ensure that the browsable API will not attempt to display the binary content as a string.
|
||||
If the renderer returns a bytestring representing raw binary content, you should set a charset value of `None`, which will ensure the `Content-Type` header of the response will not have a `charset` value set.
|
||||
|
||||
In some cases you may also want to set the `render_style` attribute to `'binary'`. Doing so will also ensure that the browsable API will not attempt to display the binary content as a string.
|
||||
|
||||
class JPEGRenderer(renderers.BaseRenderer):
|
||||
media_type = 'image/jpeg'
|
||||
format = 'jpg'
|
||||
charset = None
|
||||
render_style = 'binary'
|
||||
|
||||
def render(self, data, media_type=None, renderer_context=None):
|
||||
return data
|
||||
|
@ -377,6 +342,74 @@ Templates will render with a `RequestContext` which includes the `status_code` a
|
|||
|
||||
The following third party packages are also available.
|
||||
|
||||
## YAML
|
||||
|
||||
[REST framework YAML][rest-framework-yaml] provides [YAML][yaml] parsing and rendering support. It was previously included directly in the REST framework package, and is now instead supported as a third-party package.
|
||||
|
||||
#### Installation & configuration
|
||||
|
||||
Install using pip.
|
||||
|
||||
$ pip install djangorestframework-yaml
|
||||
|
||||
Modify your REST framework settings.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PARSER_CLASSES': (
|
||||
'rest_framework_yaml.parsers.YAMLParser',
|
||||
),
|
||||
'DEFAULT_RENDERER_CLASSES': (
|
||||
'rest_framework_yaml.renderers.YAMLRenderer',
|
||||
),
|
||||
}
|
||||
|
||||
## XML
|
||||
|
||||
[REST Framework XML][rest-framework-xml] provides a simple informal XML format. It was previously included directly in the REST framework package, and is now instead supported as a third-party package.
|
||||
|
||||
#### Installation & configuration
|
||||
|
||||
Install using pip.
|
||||
|
||||
$ pip install djangorestframework-xml
|
||||
|
||||
Modify your REST framework settings.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_PARSER_CLASSES': (
|
||||
'rest_framework_xml.parsers.XMLParser',
|
||||
),
|
||||
'DEFAULT_RENDERER_CLASSES': (
|
||||
'rest_framework_xml.renderers.XMLRenderer',
|
||||
),
|
||||
}
|
||||
|
||||
## JSONP
|
||||
|
||||
[REST framework JSONP][rest-framework-jsonp] provides JSONP rendering support. It was previously included directly in the REST framework package, and is now instead supported as a third-party package.
|
||||
|
||||
---
|
||||
|
||||
**Warning**: If you require cross-domain AJAX requests, you should generally be using the more modern approach of [CORS][cors] as an alternative to `JSONP`. See the [CORS documentation][cors-docs] for more details.
|
||||
|
||||
The `jsonp` approach is essentially a browser hack, and is [only appropriate for globally readable API endpoints][jsonp-security], where `GET` requests are unauthenticated and do not require any user permissions.
|
||||
|
||||
---
|
||||
|
||||
#### Installation & configuration
|
||||
|
||||
Install using pip.
|
||||
|
||||
$ pip install djangorestframework-jsonp
|
||||
|
||||
Modify your REST framework settings.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_RENDERER_CLASSES': (
|
||||
'rest_framework_yaml.renderers.JSONPRenderer',
|
||||
),
|
||||
}
|
||||
|
||||
## MessagePack
|
||||
|
||||
[MessagePack][messagepack] is a fast, efficient binary serialization format. [Juan Riaza][juanriaza] maintains the [djangorestframework-msgpack][djangorestframework-msgpack] package which provides MessagePack renderer and parser support for REST framework.
|
||||
|
@ -385,20 +418,49 @@ The following third party packages are also available.
|
|||
|
||||
Comma-separated values are a plain-text tabular data format, that can be easily imported into spreadsheet applications. [Mjumbe Poe][mjumbewu] maintains the [djangorestframework-csv][djangorestframework-csv] package which provides CSV renderer support for REST framework.
|
||||
|
||||
## UltraJSON
|
||||
|
||||
[UltraJSON][ultrajson] is an optimized C JSON encoder which can give significantly faster JSON rendering. [Jacob Haslehurst][hzy] maintains the [drf-ujson-renderer][drf-ujson-renderer] package which implements JSON rendering using the UJSON package.
|
||||
|
||||
## CamelCase JSON
|
||||
|
||||
[djangorestframework-camel-case] provides camel case JSON renderers and parsers for REST framework. This allows serializers to use Python-style underscored field names, but be exposed in the API as Javascript-style camel case field names. It is maintained by [Vitaly Babiy][vbabiy].
|
||||
|
||||
## Pandas (CSV, Excel, PNG)
|
||||
|
||||
[Django REST Pandas] provides a serializer and renderers that support additional data processing and output via the [Pandas] DataFrame API. Django REST Pandas includes renderers for Pandas-style CSV files, Excel workbooks (both `.xls` and `.xlsx`), and a number of [other formats]. It is maintained by [S. Andrew Sheppard][sheppard] as part of the [wq Project][wq].
|
||||
|
||||
|
||||
[cite]: https://docs.djangoproject.com/en/dev/ref/template-response/#the-rendering-process
|
||||
[conneg]: content-negotiation.md
|
||||
[browser-accept-headers]: http://www.gethifi.com/blog/browser-rest-http-accept-headers
|
||||
[rfc4627]: http://www.ietf.org/rfc/rfc4627.txt
|
||||
[cors]: http://www.w3.org/TR/cors/
|
||||
[cors-docs]: ../topics/ajax-csrf-cors.md
|
||||
[testing]: testing.md
|
||||
[HATEOAS]: http://timelessrepo.com/haters-gonna-hateoas
|
||||
[quote]: http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
|
||||
[application/vnd.github+json]: http://developer.github.com/v3/media/
|
||||
[application/vnd.collection+json]: http://www.amundsen.com/media-types/collection/
|
||||
[django-error-views]: https://docs.djangoproject.com/en/dev/topics/http/views/#customizing-error-views
|
||||
[rest-framework-jsonp]: http://jpadilla.github.io/django-rest-framework-jsonp/
|
||||
[cors]: http://www.w3.org/TR/cors/
|
||||
[cors-docs]: http://www.django-rest-framework.org/topics/ajax-csrf-cors/
|
||||
[jsonp-security]: http://stackoverflow.com/questions/613962/is-jsonp-safe-to-use
|
||||
[rest-framework-yaml]: http://jpadilla.github.io/django-rest-framework-yaml/
|
||||
[rest-framework-xml]: http://jpadilla.github.io/django-rest-framework-xml/
|
||||
[messagepack]: http://msgpack.org/
|
||||
[juanriaza]: https://github.com/juanriaza
|
||||
[mjumbewu]: https://github.com/mjumbewu
|
||||
[vbabiy]: https://github.com/vbabiy
|
||||
[rest-framework-yaml]: http://jpadilla.github.io/django-rest-framework-yaml/
|
||||
[rest-framework-xml]: http://jpadilla.github.io/django-rest-framework-xml/
|
||||
[yaml]: http://www.yaml.org/
|
||||
[djangorestframework-msgpack]: https://github.com/juanriaza/django-rest-framework-msgpack
|
||||
[djangorestframework-csv]: https://github.com/mjumbewu/django-rest-framework-csv
|
||||
[ultrajson]: https://github.com/esnme/ultrajson
|
||||
[hzy]: https://github.com/hzy
|
||||
[drf-ujson-renderer]: https://github.com/gizmag/drf-ujson-renderer
|
||||
[djangorestframework-camel-case]: https://github.com/vbabiy/djangorestframework-camel-case
|
||||
[Django REST Pandas]: https://github.com/wq/django-rest-pandas
|
||||
[Pandas]: http://pandas.pydata.org/
|
||||
[other formats]: https://github.com/wq/django-rest-pandas#supported-formats
|
||||
[sheppard]: https://github.com/sheppard
|
||||
[wq]: https://github.com/wq
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="request.py"></a>
|
||||
source: request.py
|
||||
|
||||
# Requests
|
||||
|
||||
|
@ -14,26 +14,29 @@ REST framework's `Request` class extends the standard `HttpRequest`, adding supp
|
|||
|
||||
REST framework's Request objects provide flexible request parsing that allows you to treat requests with JSON data or other media types in the same way that you would normally deal with form data.
|
||||
|
||||
## .DATA
|
||||
## .data
|
||||
|
||||
`request.DATA` returns the parsed content of the request body. This is similar to the standard `request.POST` attribute except that:
|
||||
`request.data` returns the parsed content of the request body. This is similar to the standard `request.POST` and `request.FILES` attributes except that:
|
||||
|
||||
* It includes all parsed content, including *file and non-file* inputs.
|
||||
* It supports parsing the content of HTTP methods other than `POST`, meaning that you can access the content of `PUT` and `PATCH` requests.
|
||||
* It supports REST framework's flexible request parsing, rather than just supporting form data. For example you can handle incoming JSON data in the same way that you handle incoming form data.
|
||||
|
||||
For more details see the [parsers documentation].
|
||||
|
||||
## .FILES
|
||||
## .query_params
|
||||
|
||||
`request.FILES` returns any uploaded files that may be present in the content of the request body. This is the same as the standard `HttpRequest` behavior, except that the same flexible request parsing is used for `request.DATA`.
|
||||
`request.query_params` is a more correctly named synonym for `request.GET`.
|
||||
|
||||
For more details see the [parsers documentation].
|
||||
For clarity inside your code, we recommend using `request.query_params` instead of the Django's standard `request.GET`. Doing so will help keep your codebase more correct and obvious - any HTTP method type may include query parameters, not just `GET` requests.
|
||||
|
||||
## .DATA and .FILES
|
||||
|
||||
The old-style version 2.x `request.DATA` and `request.FILES` attributes are still available, but are now pending deprecation in favor of the unified `request.data` attribute.
|
||||
|
||||
## .QUERY_PARAMS
|
||||
|
||||
`request.QUERY_PARAMS` is a more correctly named synonym for `request.GET`.
|
||||
|
||||
For clarity inside your code, we recommend using `request.QUERY_PARAMS` instead of the usual `request.GET`, as *any* HTTP method type may include query parameters.
|
||||
The old-style version 2.x `request.QUERY_PARAMS` attribute is still available, but is now pending deprecation in favor of the more pythonic `request.query_params`.
|
||||
|
||||
## .parsers
|
||||
|
||||
|
@ -43,12 +46,26 @@ You won't typically need to access this property.
|
|||
|
||||
---
|
||||
|
||||
**Note:** If a client sends malformed content, then accessing `request.DATA` or `request.FILES` may raise a `ParseError`. By default REST framework's `APIView` class or `@api_view` decorator will catch the error and return a `400 Bad Request` response.
|
||||
**Note:** If a client sends malformed content, then accessing `request.data` may raise a `ParseError`. By default REST framework's `APIView` class or `@api_view` decorator will catch the error and return a `400 Bad Request` response.
|
||||
|
||||
If a client sends a request with a content-type that cannot be parsed then a `UnsupportedMediaType` exception will be raised, which by default will be caught and return a `415 Unsupported Media Type` response.
|
||||
|
||||
---
|
||||
|
||||
# Content negotiation
|
||||
|
||||
The request exposes some properties that allow you to determine the result of the content negotiation stage. This allows you to implement behaviour such as selecting a different serialisation schemes for different media types.
|
||||
|
||||
## .accepted_renderer
|
||||
|
||||
The renderer instance what was selected by the content negotiation stage.
|
||||
|
||||
## .accepted_media_type
|
||||
|
||||
A string representing the media type that was accepted by the content negotiation stage.
|
||||
|
||||
---
|
||||
|
||||
# Authentication
|
||||
|
||||
REST framework provides flexible, per-request authentication, that gives you the ability to:
|
||||
|
@ -117,7 +134,7 @@ For more information see the [browser enhancements documentation].
|
|||
|
||||
# Standard HttpRequest attributes
|
||||
|
||||
As REST framework's `Request` extends Django's `HttpRequest`, all the other standard attributes and methods are also available. For example the `request.META` dictionary is available as normal.
|
||||
As REST framework's `Request` extends Django's `HttpRequest`, all the other standard attributes and methods are also available. For example the `request.META` and `request.session` dictionaries are available as normal.
|
||||
|
||||
Note that due to implementation reasons the `Request` class does not inherit from `HttpRequest` class, but instead extends the class using composition.
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="response.py"></a>
|
||||
source: response.py
|
||||
|
||||
# Responses
|
||||
|
||||
|
@ -24,7 +24,7 @@ Unless you want to heavily customize REST framework for some reason, you should
|
|||
|
||||
Unlike regular `HttpResponse` objects, you do not instantiate `Response` objects with rendered content. Instead you pass in unrendered data, which may consist of any Python primitives.
|
||||
|
||||
The renderers used by the `Response` class cannot natively handle complex datatypes such as Django model instances, so you need to serialize the data into primative datatypes before creating the `Response` object.
|
||||
The renderers used by the `Response` class cannot natively handle complex datatypes such as Django model instances, so you need to serialize the data into primitive datatypes before creating the `Response` object.
|
||||
|
||||
You can use REST framework's `Serializer` classes to perform this data serialization, or use your own custom serialization.
|
||||
|
||||
|
@ -54,7 +54,7 @@ The rendered content of the response. The `.render()` method must have been cal
|
|||
|
||||
## .template_name
|
||||
|
||||
The `template_name`, if supplied. Only required if `HTMLRenderer` or some other custom template renderer is the accepted renderer for the reponse.
|
||||
The `template_name`, if supplied. Only required if `HTMLRenderer` or some other custom template renderer is the accepted renderer for the response.
|
||||
|
||||
## .accepted_renderer
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="reverse.py"></a>
|
||||
source: reverse.py
|
||||
|
||||
# Returning URLs
|
||||
|
||||
|
@ -17,7 +17,7 @@ The advantages of doing so are:
|
|||
|
||||
REST framework provides two utility functions to make it more simple to return absolute URIs from your Web API.
|
||||
|
||||
There's no requirement for you to use them, but if you do then the self-describing API will be able to automatically hyperlink it's output for you, which makes browsing the API much easier.
|
||||
There's no requirement for you to use them, but if you do then the self-describing API will be able to automatically hyperlink its output for you, which makes browsing the API much easier.
|
||||
|
||||
## reverse
|
||||
|
||||
|
@ -27,13 +27,13 @@ Has the same behavior as [`django.core.urlresolvers.reverse`][reverse], except t
|
|||
|
||||
You should **include the request as a keyword argument** to the function, for example:
|
||||
|
||||
import datetime
|
||||
from rest_framework.reverse import reverse
|
||||
from rest_framework.views import APIView
|
||||
from django.utils.timezone import now
|
||||
|
||||
class APIRootView(APIView):
|
||||
def get(self, request):
|
||||
year = datetime.datetime.now().year
|
||||
year = now().year
|
||||
data = {
|
||||
...
|
||||
'year-summary-url': reverse('year-summary', args=[year], request=request)
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="routers.py"></a>
|
||||
source: routers.py
|
||||
|
||||
# Routers
|
||||
|
||||
|
@ -12,7 +12,9 @@ REST framework adds support for automatic URL routing to Django, and provides yo
|
|||
|
||||
## Usage
|
||||
|
||||
Here's an example of a simple URL conf, that uses `DefaultRouter`.
|
||||
Here's an example of a simple URL conf, that uses `SimpleRouter`.
|
||||
|
||||
from rest_framework import routers
|
||||
|
||||
router = routers.SimpleRouter()
|
||||
router.register(r'users', UserViewSet)
|
||||
|
@ -26,7 +28,7 @@ There are two mandatory arguments to the `register()` method:
|
|||
|
||||
Optionally, you may also specify an additional argument:
|
||||
|
||||
* `base_name` - The base to use for the URL names that are created. If unset the basename will be automatically generated based on the `model` or `queryset` attribute on the viewset, if it has one. Note that if the viewset does not include a `model` or `queryset` attribute then you must set `base_name` when registering the viewset.
|
||||
* `base_name` - The base to use for the URL names that are created. If unset the basename will be automatically generated based on the `queryset` attribute of the viewset, if it has one. Note that if the viewset does not include a `queryset` attribute then you must set `base_name` when registering the viewset.
|
||||
|
||||
The example above would generate the following URL patterns:
|
||||
|
||||
|
@ -35,12 +37,62 @@ The example above would generate the following URL patterns:
|
|||
* URL pattern: `^accounts/$` Name: `'account-list'`
|
||||
* URL pattern: `^accounts/{pk}/$` Name: `'account-detail'`
|
||||
|
||||
---
|
||||
|
||||
**Note**: The `base_name` argument is used to specify the initial part of the view name pattern. In the example above, that's the `user` or `account` part.
|
||||
|
||||
Typically you won't *need* to specify the `base_name` argument, but if you have a viewset where you've defined a custom `get_queryset` method, then the viewset may not have a `.queryset` attribute set. If you try to register that viewset you'll see an error like this:
|
||||
|
||||
'base_name' argument not specified, and could not automatically determine the name from the viewset, as it does not have a '.queryset' attribute.
|
||||
|
||||
This means you'll need to explicitly set the `base_name` argument when registering the viewset, as it could not be automatically determined from the model name.
|
||||
|
||||
---
|
||||
|
||||
### Using `include` with routers
|
||||
|
||||
The `.urls` attribute on a router instance is simply a standard list of URL patterns. There are a number of different styles for how you can include these URLs.
|
||||
|
||||
For example, you can append `router.urls` to a list of existing views…
|
||||
|
||||
router = routers.SimpleRouter()
|
||||
router.register(r'users', UserViewSet)
|
||||
router.register(r'accounts', AccountViewSet)
|
||||
|
||||
urlpatterns = [
|
||||
url(r'^forgot-password/$', ForgotPasswordFormView.as_view()),
|
||||
]
|
||||
|
||||
urlpatterns += router.urls
|
||||
|
||||
Alternatively you can use Django's `include` function, like so…
|
||||
|
||||
urlpatterns = [
|
||||
url(r'^forgot-password/$', ForgotPasswordFormView.as_view()),
|
||||
url(r'^', include(router.urls)),
|
||||
]
|
||||
|
||||
Router URL patterns can also be namespaces.
|
||||
|
||||
urlpatterns = [
|
||||
url(r'^forgot-password/$', ForgotPasswordFormView.as_view()),
|
||||
url(r'^api/', include(router.urls, namespace='api')),
|
||||
]
|
||||
|
||||
If using namespacing with hyperlinked serializers you'll also need to ensure that any `view_name` parameters on the serializers correctly reflect the namespace. In the example above you'd need to include a parameter such as `view_name='api:user-detail'` for serializer fields hyperlinked to the user detail view.
|
||||
|
||||
### Extra link and actions
|
||||
|
||||
Any methods on the viewset decorated with `@link` or `@action` will also be routed.
|
||||
For example, a given method like this on the `UserViewSet` class:
|
||||
Any methods on the viewset decorated with `@detail_route` or `@list_route` will also be routed.
|
||||
For example, given a method like this on the `UserViewSet` class:
|
||||
|
||||
@action(permission_classes=[IsAdminOrIsSelf])
|
||||
from myapp.permissions import IsAdminOrIsSelf
|
||||
from rest_framework.decorators import detail_route
|
||||
|
||||
class UserViewSet(ModelViewSet):
|
||||
...
|
||||
|
||||
@detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
|
||||
def set_password(self, request, pk=None):
|
||||
...
|
||||
|
||||
|
@ -48,31 +100,57 @@ The following URL pattern would additionally be generated:
|
|||
|
||||
* URL pattern: `^users/{pk}/set_password/$` Name: `'user-set-password'`
|
||||
|
||||
If you do not want to use the default URL generated for your custom action, you can instead use the url_path parameter to customize it.
|
||||
|
||||
For example, if you want to change the URL for our custom action to `^users/{pk}/change-password/$`, you could write:
|
||||
|
||||
from myapp.permissions import IsAdminOrIsSelf
|
||||
from rest_framework.decorators import detail_route
|
||||
|
||||
class UserViewSet(ModelViewSet):
|
||||
...
|
||||
|
||||
@detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf], url_path='change-password')
|
||||
def set_password(self, request, pk=None):
|
||||
...
|
||||
|
||||
The above example would now generate the following URL pattern:
|
||||
|
||||
* URL pattern: `^users/{pk}/change-password/$` Name: `'user-change-password'`
|
||||
|
||||
For more information see the viewset documentation on [marking extra actions for routing][route-decorators].
|
||||
|
||||
# API Guide
|
||||
|
||||
## SimpleRouter
|
||||
|
||||
This router includes routes for the standard set of `list`, `create`, `retrieve`, `update`, `partial_update` and `destroy` actions. The viewset can also mark additional methods to be routed, using the `@link` or `@action` decorators.
|
||||
This router includes routes for the standard set of `list`, `create`, `retrieve`, `update`, `partial_update` and `destroy` actions. The viewset can also mark additional methods to be routed, using the `@detail_route` or `@list_route` decorators.
|
||||
|
||||
<table border=1>
|
||||
<tr><th>URL Style</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
|
||||
<tr><td rowspan=2>{prefix}/</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
|
||||
<tr><td>POST</td><td>create</td></tr>
|
||||
<tr><td>{prefix}/{methodname}/</td><td>GET, or as specified by `methods` argument</td><td>`@list_route` decorated method</td><td>{basename}-{methodname}</td></tr>
|
||||
<tr><td rowspan=4>{prefix}/{lookup}/</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
|
||||
<tr><td>PUT</td><td>update</td></tr>
|
||||
<tr><td>PATCH</td><td>partial_update</td></tr>
|
||||
<tr><td>DELETE</td><td>destroy</td></tr>
|
||||
<tr><td rowspan=2>{prefix}/{lookup}/{methodname}/</td><td>GET</td><td>@link decorated method</td><td rowspan=2>{basename}-{methodname}</td></tr>
|
||||
<tr><td>POST</td><td>@action decorated method</td></tr>
|
||||
<tr><td>{prefix}/{lookup}/{methodname}/</td><td>GET, or as specified by `methods` argument</td><td>`@detail_route` decorated method</td><td>{basename}-{methodname}</td></tr>
|
||||
</table>
|
||||
|
||||
By default the URLs created by `SimpleRouter` are appending with a trailing slash.
|
||||
By default the URLs created by `SimpleRouter` are appended with a trailing slash.
|
||||
This behavior can be modified by setting the `trailing_slash` argument to `False` when instantiating the router. For example:
|
||||
|
||||
router = SimpleRouter(trailing_slash=False)
|
||||
|
||||
Trailing slashes are conventional in Django, but are not used by default in some other frameworks such as Rails. Which style you choose to use is largely a matter of preference, although some javascript frameworks may expect a particular routing style.
|
||||
|
||||
The router will match lookup values containing any characters except slashes and period characters. For a more restrictive (or lenient) lookup pattern, set the `lookup_value_regex` attribute on the viewset. For example, you can limit the lookup to valid UUIDs:
|
||||
|
||||
class MyModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet):
|
||||
lookup_field = 'my_model_id'
|
||||
lookup_value_regex = '[0-9a-f]{32}'
|
||||
|
||||
## DefaultRouter
|
||||
|
||||
This router is similar to `SimpleRouter` as above, but additionally includes a default API root view, that returns a response containing hyperlinks to all the list views. It also generates routes for optional `.json` style format suffixes.
|
||||
|
@ -82,21 +160,21 @@ This router is similar to `SimpleRouter` as above, but additionally includes a d
|
|||
<tr><td>[.format]</td><td>GET</td><td>automatically generated root view</td><td>api-root</td></tr></tr>
|
||||
<tr><td rowspan=2>{prefix}/[.format]</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
|
||||
<tr><td>POST</td><td>create</td></tr>
|
||||
<tr><td>{prefix}/{methodname}/[.format]</td><td>GET, or as specified by `methods` argument</td><td>`@list_route` decorated method</td><td>{basename}-{methodname}</td></tr>
|
||||
<tr><td rowspan=4>{prefix}/{lookup}/[.format]</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
|
||||
<tr><td>PUT</td><td>update</td></tr>
|
||||
<tr><td>PATCH</td><td>partial_update</td></tr>
|
||||
<tr><td>DELETE</td><td>destroy</td></tr>
|
||||
<tr><td rowspan=2>{prefix}/{lookup}/{methodname}/[.format]</td><td>GET</td><td>@link decorated method</td><td rowspan=2>{basename}-{methodname}</td></tr>
|
||||
<tr><td>POST</td><td>@action decorated method</td></tr>
|
||||
<tr><td>{prefix}/{lookup}/{methodname}/[.format]</td><td>GET, or as specified by `methods` argument</td><td>`@detail_route` decorated method</td><td>{basename}-{methodname}</td></tr>
|
||||
</table>
|
||||
|
||||
As with `SimpleRouter` the trailing slashs on the URL routes can be removed by setting the `trailing_slash` argument to `False` when instantiating the router.
|
||||
As with `SimpleRouter` the trailing slashes on the URL routes can be removed by setting the `trailing_slash` argument to `False` when instantiating the router.
|
||||
|
||||
router = DefaultRouter(trailing_slash=False)
|
||||
|
||||
# Custom Routers
|
||||
|
||||
Implementing a custom router isn't something you'd need to do very often, but it can be useful if you have specific requirements about how the your URLs for your API are strutured. Doing so allows you to encapsulate the URL structure in a reusable way that ensures you don't have to write your URL patterns explicitly for each new view.
|
||||
Implementing a custom router isn't something you'd need to do very often, but it can be useful if you have specific requirements about how the your URLs for your API are structured. Doing so allows you to encapsulate the URL structure in a reusable way that ensures you don't have to write your URL patterns explicitly for each new view.
|
||||
|
||||
The simplest way to implement a custom router is to subclass one of the existing router classes. The `.routes` attribute is used to template the URL patterns that will be mapped to each viewset. The `.routes` attribute is a list of `Route` named tuples.
|
||||
|
||||
|
@ -116,31 +194,122 @@ The arguments to the `Route` named tuple are:
|
|||
|
||||
**initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view. Note that the `suffix` argument is reserved for identifying the viewset type, used when generating the view name and breadcrumb links.
|
||||
|
||||
## Customizing dynamic routes
|
||||
|
||||
You can also customize how the `@list_route` and `@detail_route` decorators are routed.
|
||||
To route either or both of these decorators, include a `DynamicListRoute` and/or `DynamicDetailRoute` named tuple in the `.routes` list.
|
||||
|
||||
The arguments to `DynamicListRoute` and `DynamicDetailRoute` are:
|
||||
|
||||
**url**: A string representing the URL to be routed. May include the same format strings as `Route`, and additionally accepts the `{methodname}` and `{methodnamehyphen}` format strings.
|
||||
|
||||
**name**: The name of the URL as used in `reverse` calls. May include the following format strings: `{basename}`, `{methodname}` and `{methodnamehyphen}`.
|
||||
|
||||
**initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view.
|
||||
|
||||
## Example
|
||||
|
||||
The following example will only route to the `list` and `retrieve` actions, and does not use the trailing slash convention.
|
||||
|
||||
class ReadOnlyRouter(SimpleRouter):
|
||||
from rest_framework.routers import Route, DynamicDetailRoute, SimpleRouter
|
||||
|
||||
class CustomReadOnlyRouter(SimpleRouter):
|
||||
"""
|
||||
A router for read-only APIs, which doesn't use trailing slashes.
|
||||
"""
|
||||
routes = [
|
||||
Route(url=r'^{prefix}$',
|
||||
Route(
|
||||
url=r'^{prefix}$',
|
||||
mapping={'get': 'list'},
|
||||
name='{basename}-list',
|
||||
initkwargs={'suffix': 'List'}),
|
||||
Route(url=r'^{prefix}/{lookup}$',
|
||||
initkwargs={'suffix': 'List'}
|
||||
),
|
||||
Route(
|
||||
url=r'^{prefix}/{lookup}$',
|
||||
mapping={'get': 'retrieve'},
|
||||
name='{basename}-detail',
|
||||
initkwargs={'suffix': 'Detail'})
|
||||
initkwargs={'suffix': 'Detail'}
|
||||
),
|
||||
DynamicDetailRoute(
|
||||
url=r'^{prefix}/{lookup}/{methodnamehyphen}$',
|
||||
name='{basename}-{methodnamehyphen}',
|
||||
initkwargs={}
|
||||
)
|
||||
]
|
||||
|
||||
The `SimpleRouter` class provides another example of setting the `.routes` attribute.
|
||||
Let's take a look at the routes our `CustomReadOnlyRouter` would generate for a simple viewset.
|
||||
|
||||
`views.py`:
|
||||
|
||||
class UserViewSet(viewsets.ReadOnlyModelViewSet):
|
||||
"""
|
||||
A viewset that provides the standard actions
|
||||
"""
|
||||
queryset = User.objects.all()
|
||||
serializer_class = UserSerializer
|
||||
lookup_field = 'username'
|
||||
|
||||
@detail_route()
|
||||
def group_names(self, request):
|
||||
"""
|
||||
Returns a list of all the group names that the given
|
||||
user belongs to.
|
||||
"""
|
||||
user = self.get_object()
|
||||
groups = user.groups.all()
|
||||
return Response([group.name for group in groups])
|
||||
|
||||
`urls.py`:
|
||||
|
||||
router = CustomReadOnlyRouter()
|
||||
router.register('users', UserViewSet)
|
||||
urlpatterns = router.urls
|
||||
|
||||
The following mappings would be generated...
|
||||
|
||||
<table border=1>
|
||||
<tr><th>URL</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
|
||||
<tr><td>/users</td><td>GET</td><td>list</td><td>user-list</td></tr>
|
||||
<tr><td>/users/{username}</td><td>GET</td><td>retrieve</td><td>user-detail</td></tr>
|
||||
<tr><td>/users/{username}/group-names</td><td>GET</td><td>group_names</td><td>user-group-names</td></tr>
|
||||
</table>
|
||||
|
||||
For another example of setting the `.routes` attribute, see the source code for the `SimpleRouter` class.
|
||||
|
||||
## Advanced custom routers
|
||||
|
||||
If you want to provide totally custom behavior, you can override `BaseRouter` and override the `get_urls(self)` method. The method should insect the registered viewsets and return a list of URL patterns. The registered prefix, viewset and basename tuples may be inspected by accessing the `self.registry` attribute.
|
||||
If you want to provide totally custom behavior, you can override `BaseRouter` and override the `get_urls(self)` method. The method should inspect the registered viewsets and return a list of URL patterns. The registered prefix, viewset and basename tuples may be inspected by accessing the `self.registry` attribute.
|
||||
|
||||
You may also want to override the `get_default_base_name(self, viewset)` method, or else always explicitly set the `base_name` argument when registering your viewsets with the router.
|
||||
|
||||
# Third Party Packages
|
||||
|
||||
The following third party packages are also available.
|
||||
|
||||
## DRF Nested Routers
|
||||
|
||||
The [drf-nested-routers package][drf-nested-routers] provides routers and relationship fields for working with nested resources.
|
||||
|
||||
## wq.db
|
||||
|
||||
The [wq.db package][wq.db] provides an advanced [Router][wq.db-router] class (and singleton instance) that extends `DefaultRouter` with a `register_model()` API. Much like Django's `admin.site.register`, the only required argument to `app.router.register_model` is a model class. Reasonable defaults for a url prefix and viewset will be inferred from the model and global configuration.
|
||||
|
||||
from wq.db.rest import app
|
||||
from myapp.models import MyModel
|
||||
|
||||
app.router.register_model(MyModel)
|
||||
|
||||
## DRF-extensions
|
||||
|
||||
The [`DRF-extensions` package][drf-extensions] provides [routers][drf-extensions-routers] for creating [nested viewsets][drf-extensions-nested-viewsets], [collection level controllers][drf-extensions-collection-level-controllers] with [customizable endpoint names][drf-extensions-customizable-endpoint-names].
|
||||
|
||||
[cite]: http://guides.rubyonrails.org/routing.html
|
||||
[route-decorators]: viewsets.md#marking-extra-actions-for-routing
|
||||
[drf-nested-routers]: https://github.com/alanjds/drf-nested-routers
|
||||
[wq.db]: http://wq.io/wq.db
|
||||
[wq.db-router]: http://wq.io/docs/app.py
|
||||
[drf-extensions]: http://chibisov.github.io/drf-extensions/docs/
|
||||
[drf-extensions-routers]: http://chibisov.github.io/drf-extensions/docs/#routers
|
||||
[drf-extensions-nested-viewsets]: http://chibisov.github.io/drf-extensions/docs/#nested-routes
|
||||
[drf-extensions-collection-level-controllers]: http://chibisov.github.io/drf-extensions/docs/#collection-level-controllers
|
||||
[drf-extensions-customizable-endpoint-names]: http://chibisov.github.io/drf-extensions/docs/#controller-endpoint-name
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="settings.py"></a>
|
||||
source: settings.py
|
||||
|
||||
# Settings
|
||||
|
||||
|
@ -12,10 +12,10 @@ For example your project's `settings.py` file might include something like this:
|
|||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_RENDERER_CLASSES': (
|
||||
'rest_framework.renderers.YAMLRenderer',
|
||||
'rest_framework.renderers.JSONRenderer',
|
||||
),
|
||||
'DEFAULT_PARSER_CLASSES': (
|
||||
'rest_framework.parsers.YAMLParser',
|
||||
'rest_framework.parsers.JSONParser',
|
||||
)
|
||||
}
|
||||
|
||||
|
@ -51,7 +51,7 @@ Default:
|
|||
|
||||
#### DEFAULT_PARSER_CLASSES
|
||||
|
||||
A list or tuple of parser classes, that determines the default set of parsers used when accessing the `request.DATA` property.
|
||||
A list or tuple of parser classes, that determines the default set of parsers used when accessing the `request.data` property.
|
||||
|
||||
Default:
|
||||
|
||||
|
@ -74,7 +74,7 @@ Default:
|
|||
|
||||
#### DEFAULT_PERMISSION_CLASSES
|
||||
|
||||
A list or tuple of permission classes, that determines the default set of permissions checked at the start of a view.
|
||||
A list or tuple of permission classes, that determines the default set of permissions checked at the start of a view. Permission must be granted by every class in the list.
|
||||
|
||||
Default:
|
||||
|
||||
|
@ -100,12 +100,6 @@ Default: `'rest_framework.negotiation.DefaultContentNegotiation'`
|
|||
|
||||
*The following settings control the behavior of the generic class based views.*
|
||||
|
||||
#### DEFAULT_MODEL_SERIALIZER_CLASS
|
||||
|
||||
A class that determines the default type of model serializer that should be used by a generic view if `model` is specified, but `serializer_class` is not provided.
|
||||
|
||||
Default: `'rest_framework.serializers.ModelSerializer'`
|
||||
|
||||
#### DEFAULT_PAGINATION_SERIALIZER_CLASS
|
||||
|
||||
A class the determines the default serialization style for paginated responses.
|
||||
|
@ -127,8 +121,71 @@ Default: `None`
|
|||
|
||||
The name of a query parameter, which can be used by the client to override the default page size to use for pagination. If set to `None`, clients may not override the default page size.
|
||||
|
||||
For example, given the following settings:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'PAGINATE_BY': 10,
|
||||
'PAGINATE_BY_PARAM': 'page_size',
|
||||
}
|
||||
|
||||
A client would be able to modify the pagination size by using the `page_size` query parameter. For example:
|
||||
|
||||
GET http://example.com/api/accounts?page_size=25
|
||||
|
||||
Default: `None`
|
||||
|
||||
#### MAX_PAGINATE_BY
|
||||
|
||||
The maximum page size to allow when the page size is specified by the client. If set to `None`, then no maximum limit is applied.
|
||||
|
||||
For example, given the following settings:
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'PAGINATE_BY': 10,
|
||||
'PAGINATE_BY_PARAM': 'page_size',
|
||||
'MAX_PAGINATE_BY': 100
|
||||
}
|
||||
|
||||
A client request like the following would return a paginated list of up to 100 items.
|
||||
|
||||
GET http://example.com/api/accounts?page_size=999
|
||||
|
||||
Default: `None`
|
||||
|
||||
### SEARCH_PARAM
|
||||
|
||||
The name of a query parameter, which can be used to specify the search term used by `SearchFilter`.
|
||||
|
||||
Default: `search`
|
||||
|
||||
#### ORDERING_PARAM
|
||||
|
||||
The name of a query parameter, which can be used to specify the ordering of results returned by `OrderingFilter`.
|
||||
|
||||
Default: `ordering`
|
||||
|
||||
---
|
||||
|
||||
## Versioning settings
|
||||
|
||||
#### DEFAULT_VERSION
|
||||
|
||||
The value that should be used for `request.version` when no versioning information is present.
|
||||
|
||||
Default: `None`
|
||||
|
||||
#### ALLOWED_VERSIONS
|
||||
|
||||
If set, this value will restrict the set of versions that may be returned by the versioning scheme, and will raise an error if the provided version if not in this set.
|
||||
|
||||
Default: `None`
|
||||
|
||||
#### VERSION_PARAMETER
|
||||
|
||||
The string that should used for any versioning parameters, such as in the media type or URL query parameters.
|
||||
|
||||
Default: `'version'`
|
||||
|
||||
---
|
||||
|
||||
## Authentication settings
|
||||
|
@ -165,7 +222,7 @@ Default: `'multipart'`
|
|||
|
||||
The renderer classes that are supported when building test requests.
|
||||
|
||||
The format of any of these renderer classes may be used when contructing a test request, for example: `client.post('/users', {'username': 'jamie'}, format='json')`
|
||||
The format of any of these renderer classes may be used when constructing a test request, for example: `client.post('/users', {'username': 'jamie'}, format='json')`
|
||||
|
||||
Default:
|
||||
|
||||
|
@ -230,7 +287,7 @@ A format string that should be used by default for rendering the output of `Date
|
|||
|
||||
May be any of `None`, `'iso-8601'` or a Python [strftime format][strftime] string.
|
||||
|
||||
Default: `None`
|
||||
Default: `'iso-8601'`
|
||||
|
||||
#### DATETIME_INPUT_FORMATS
|
||||
|
||||
|
@ -246,7 +303,7 @@ A format string that should be used by default for rendering the output of `Date
|
|||
|
||||
May be any of `None`, `'iso-8601'` or a Python [strftime format][strftime] string.
|
||||
|
||||
Default: `None`
|
||||
Default: `'iso-8601'`
|
||||
|
||||
#### DATE_INPUT_FORMATS
|
||||
|
||||
|
@ -262,7 +319,7 @@ A format string that should be used by default for rendering the output of `Time
|
|||
|
||||
May be any of `None`, `'iso-8601'` or a Python [strftime format][strftime] string.
|
||||
|
||||
Default: `None`
|
||||
Default: `'iso-8601'`
|
||||
|
||||
#### TIME_INPUT_FORMATS
|
||||
|
||||
|
@ -274,13 +331,121 @@ Default: `['iso-8601']`
|
|||
|
||||
---
|
||||
|
||||
## Encodings
|
||||
|
||||
#### UNICODE_JSON
|
||||
|
||||
When set to `True`, JSON responses will allow unicode characters in responses. For example:
|
||||
|
||||
{"unicode black star":"★"}
|
||||
|
||||
When set to `False`, JSON responses will escape non-ascii characters, like so:
|
||||
|
||||
{"unicode black star":"\u2605"}
|
||||
|
||||
Both styles conform to [RFC 4627][rfc4627], and are syntactically valid JSON. The unicode style is preferred as being more user-friendly when inspecting API responses.
|
||||
|
||||
Default: `True`
|
||||
|
||||
#### COMPACT_JSON
|
||||
|
||||
When set to `True`, JSON responses will return compact representations, with no spacing after `':'` and `','` characters. For example:
|
||||
|
||||
{"is_admin":false,"email":"jane@example"}
|
||||
|
||||
When set to `False`, JSON responses will return slightly more verbose representations, like so:
|
||||
|
||||
{"is_admin": false, "email": "jane@example"}
|
||||
|
||||
The default style is to return minified responses, in line with [Heroku's API design guidelines][heroku-minified-json].
|
||||
|
||||
Default: `True`
|
||||
|
||||
#### COERCE_DECIMAL_TO_STRING
|
||||
|
||||
When returning decimal objects in API representations that do not support a native decimal type, it is normally best to return the value as a string. This avoids the loss of precision that occurs with binary floating point implementations.
|
||||
|
||||
When set to `True`, the serializer `DecimalField` class will return strings instead of `Decimal` objects. When set to `False`, serializers will return `Decimal` objects, which the default JSON encoder will return as floats.
|
||||
|
||||
Default: `True`
|
||||
|
||||
---
|
||||
|
||||
## View names and descriptions
|
||||
|
||||
**The following settings are used to generate the view names and descriptions, as used in responses to `OPTIONS` requests, and as used in the browsable API.**
|
||||
|
||||
#### VIEW_NAME_FUNCTION
|
||||
|
||||
A string representing the function that should be used when generating view names.
|
||||
|
||||
This should be a function with the following signature:
|
||||
|
||||
view_name(cls, suffix=None)
|
||||
|
||||
* `cls`: The view class. Typically the name function would inspect the name of the class when generating a descriptive name, by accessing `cls.__name__`.
|
||||
* `suffix`: The optional suffix used when differentiating individual views in a viewset.
|
||||
|
||||
Default: `'rest_framework.views.get_view_name'`
|
||||
|
||||
#### VIEW_DESCRIPTION_FUNCTION
|
||||
|
||||
A string representing the function that should be used when generating view descriptions.
|
||||
|
||||
This setting can be changed to support markup styles other than the default markdown. For example, you can use it to support `rst` markup in your view docstrings being output in the browsable API.
|
||||
|
||||
This should be a function with the following signature:
|
||||
|
||||
view_description(cls, html=False)
|
||||
|
||||
* `cls`: The view class. Typically the description function would inspect the docstring of the class when generating a description, by accessing `cls.__doc__`
|
||||
* `html`: A boolean indicating if HTML output is required. `True` when used in the browsable API, and `False` when used in generating `OPTIONS` responses.
|
||||
|
||||
Default: `'rest_framework.views.get_view_description'`
|
||||
|
||||
---
|
||||
|
||||
## Miscellaneous settings
|
||||
|
||||
#### EXCEPTION_HANDLER
|
||||
|
||||
A string representing the function that should be used when returning a response for any given exception. If the function returns `None`, a 500 error will be raised.
|
||||
|
||||
This setting can be changed to support error responses other than the default `{"detail": "Failure..."}` responses. For example, you can use it to provide API responses like `{"errors": [{"message": "Failure...", "code": ""} ...]}`.
|
||||
|
||||
This should be a function with the following signature:
|
||||
|
||||
exception_handler(exc, context)
|
||||
|
||||
* `exc`: The exception.
|
||||
|
||||
Default: `'rest_framework.views.exception_handler'`
|
||||
|
||||
#### NON_FIELD_ERRORS_KEY
|
||||
|
||||
A string representing the key that should be used for serializer errors that do not refer to a specific field, but are instead general errors.
|
||||
|
||||
Default: `'non_field_errors'`
|
||||
|
||||
#### URL_FIELD_NAME
|
||||
|
||||
A string representing the key that should be used for the URL fields generated by `HyperlinkedModelSerializer`.
|
||||
|
||||
Default: `'url'`
|
||||
|
||||
#### FORMAT_SUFFIX_KWARG
|
||||
|
||||
The name of a parameter in the URL conf that may be used to provide a format suffix.
|
||||
|
||||
Default: `'format'`
|
||||
|
||||
#### NUM_PROXIES
|
||||
|
||||
An integer of 0 or more, that may be used to specify the number of application proxies that the API runs behind. This allows throttling to more accurately identify client IP addresses. If set to `None` then less strict IP matching will be used by the throttle classes.
|
||||
|
||||
Default: `None`
|
||||
|
||||
[cite]: http://www.python.org/dev/peps/pep-0020/
|
||||
[rfc4627]: http://www.ietf.org/rfc/rfc4627.txt
|
||||
[heroku-minified-json]: https://github.com/interagent/http-api-design#keep-json-minified-in-all-responses
|
||||
[strftime]: http://docs.python.org/2/library/time.html#time.strftime
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="status.py"></a>
|
||||
source: status.py
|
||||
|
||||
# Status Codes
|
||||
|
||||
|
@ -9,6 +9,7 @@
|
|||
Using bare status codes in your responses isn't recommended. REST framework includes a set of named constants that you can use to make more code more obvious and readable.
|
||||
|
||||
from rest_framework import status
|
||||
from rest_framework.response import Response
|
||||
|
||||
def empty_view(self):
|
||||
content = {'please move along': 'nothing to see here'}
|
||||
|
@ -16,6 +17,18 @@ Using bare status codes in your responses isn't recommended. REST framework inc
|
|||
|
||||
The full set of HTTP status codes included in the `status` module is listed below.
|
||||
|
||||
The module also includes a set of helper functions for testing if a status code is in a given range.
|
||||
|
||||
from rest_framework import status
|
||||
from rest_framework.test import APITestCase
|
||||
|
||||
class ExampleTestCase(APITestCase):
|
||||
def test_url_root(self):
|
||||
url = reverse('index')
|
||||
response = self.client.get(url)
|
||||
self.assertTrue(status.is_success(response.status_code))
|
||||
|
||||
|
||||
For more information on proper usage of HTTP status codes see [RFC 2616][rfc2616]
|
||||
and [RFC 6585][rfc6585].
|
||||
|
||||
|
@ -89,6 +102,15 @@ Response status codes beginning with the digit "5" indicate cases in which the s
|
|||
HTTP_505_HTTP_VERSION_NOT_SUPPORTED
|
||||
HTTP_511_NETWORK_AUTHENTICATION_REQUIRED
|
||||
|
||||
## Helper functions
|
||||
|
||||
The following helper functions are available for identifying the category of the response code.
|
||||
|
||||
is_informational() # 1xx
|
||||
is_success() # 2xx
|
||||
is_redirect() # 3xx
|
||||
is_client_error() # 4xx
|
||||
is_server_error() # 5xx
|
||||
|
||||
[rfc2324]: http://www.ietf.org/rfc/rfc2324.txt
|
||||
[rfc2616]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
<a class="github" href="test.py"></a>
|
||||
source: test.py
|
||||
|
||||
# Testing
|
||||
|
||||
> Code without tests is broken as designed
|
||||
> Code without tests is broken as designed.
|
||||
>
|
||||
> — [Jacob Kaplan-Moss][cite]
|
||||
|
||||
|
@ -14,7 +14,9 @@ Extends [Django's existing `RequestFactory` class][requestfactory].
|
|||
|
||||
## Creating test requests
|
||||
|
||||
The `APIRequestFactory` class supports an almost identical API to Django's standard `RequestFactory` class. This means the that standard `.get()`, `.post()`, `.put()`, `.patch()`, `.delete()`, `.head()` and `.options()` methods are all available.
|
||||
The `APIRequestFactory` class supports an almost identical API to Django's standard `RequestFactory` class. This means that the standard `.get()`, `.post()`, `.put()`, `.patch()`, `.delete()`, `.head()` and `.options()` methods are all available.
|
||||
|
||||
from rest_framework.test import APIRequestFactory
|
||||
|
||||
# Using the standard RequestFactory API to create a form POST request
|
||||
factory = APIRequestFactory()
|
||||
|
@ -34,7 +36,7 @@ To support a wider set of request formats, or change the default format, [see th
|
|||
|
||||
#### Explicitly encoding the request body
|
||||
|
||||
If you need to explictly encode the request body, you can do so by setting the `content_type` flag. For example:
|
||||
If you need to explicitly encode the request body, you can do so by setting the `content_type` flag. For example:
|
||||
|
||||
request = factory.post('/notes/', json.dumps({'title': 'new idea'}), content_type='application/json')
|
||||
|
||||
|
@ -49,6 +51,8 @@ For example, using `APIRequestFactory`, you can make a form PUT request like so:
|
|||
|
||||
Using Django's `RequestFactory`, you'd need to explicitly encode the data yourself:
|
||||
|
||||
from django.test.client import encode_multipart, RequestFactory
|
||||
|
||||
factory = RequestFactory()
|
||||
data = {'title': 'remember to email dave'}
|
||||
content = encode_multipart('BoUnDaRyStRiNg', data)
|
||||
|
@ -61,6 +65,8 @@ When testing views directly using a request factory, it's often convenient to be
|
|||
|
||||
To forcibly authenticate a request, use the `force_authenticate()` method.
|
||||
|
||||
from rest_framework.tests import force_authenticate
|
||||
|
||||
factory = APIRequestFactory()
|
||||
user = User.objects.get(username='olivia')
|
||||
view = AccountDetail.as_view()
|
||||
|
@ -72,6 +78,12 @@ To forcibly authenticate a request, use the `force_authenticate()` method.
|
|||
|
||||
The signature for the method is `force_authenticate(request, user=None, token=None)`. When making the call, either or both of the user and token may be set.
|
||||
|
||||
For example, when forcibly authenticating using a token, you might do something like the following:
|
||||
|
||||
user = User.objects.get(username='olivia')
|
||||
request = factory.get('/accounts/django-superstars/')
|
||||
force_authenticate(request, user=user, token=user.token)
|
||||
|
||||
---
|
||||
|
||||
**Note**: When using `APIRequestFactory`, the object that is returned is Django's standard `HttpRequest`, and not REST framework's `Request` object, which is only generated once the view is called.
|
||||
|
@ -103,7 +115,9 @@ Extends [Django's existing `Client` class][client].
|
|||
|
||||
## Making requests
|
||||
|
||||
The `APIClient` class supports the same request interface as `APIRequestFactory`. This means the that standard `.get()`, `.post()`, `.put()`, `.patch()`, `.delete()`, `.head()` and `.options()` methods are all available. For example:
|
||||
The `APIClient` class supports the same request interface as Django's standard `Client` class. This means the that standard `.get()`, `.post()`, `.put()`, `.patch()`, `.delete()`, `.head()` and `.options()` methods are all available. For example:
|
||||
|
||||
from rest_framework.test import APIClient
|
||||
|
||||
client = APIClient()
|
||||
client.post('/notes/', {'title': 'new idea'}, format='json')
|
||||
|
@ -131,8 +145,11 @@ The `login` method is appropriate for testing APIs that use session authenticati
|
|||
|
||||
The `credentials` method can be used to set headers that will then be included on all subsequent requests by the test client.
|
||||
|
||||
from rest_framework.authtoken.models import Token
|
||||
from rest_framework.test import APIClient
|
||||
|
||||
# Include an appropriate `Authorization:` header on all requests.
|
||||
token = Token.objects.get(username='lauren')
|
||||
token = Token.objects.get(user__username='lauren')
|
||||
client = APIClient()
|
||||
client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
|
||||
|
||||
|
@ -203,12 +220,12 @@ You can use any of REST framework's test case classes as you would for the regul
|
|||
|
||||
When checking the validity of test responses it's often more convenient to inspect the data that the response was created with, rather than inspecting the fully rendered response.
|
||||
|
||||
For example, it's easier to inspect `request.data`:
|
||||
For example, it's easier to inspect `response.data`:
|
||||
|
||||
response = self.client.get('/users/4/')
|
||||
self.assertEqual(response.data, {'id': 4, 'username': 'lauren'})
|
||||
|
||||
Instead of inspecting the result of parsing `request.content`:
|
||||
Instead of inspecting the result of parsing `response.content`:
|
||||
|
||||
response = self.client.get('/users/4/')
|
||||
self.assertEqual(json.loads(response.content), {'id': 4, 'username': 'lauren'})
|
||||
|
@ -240,18 +257,18 @@ The default format used to make test requests may be set using the `TEST_REQUEST
|
|||
|
||||
If you need to test requests using something other than multipart or json requests, you can do so by setting the `TEST_REQUEST_RENDERER_CLASSES` setting.
|
||||
|
||||
For example, to add support for using `format='yaml'` in test requests, you might have something like this in your `settings.py` file.
|
||||
For example, to add support for using `format='html'` in test requests, you might have something like this in your `settings.py` file.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
...
|
||||
'TEST_REQUEST_RENDERER_CLASSES': (
|
||||
'rest_framework.renderers.MultiPartRenderer',
|
||||
'rest_framework.renderers.JSONRenderer',
|
||||
'rest_framework.renderers.YAMLRenderer'
|
||||
'rest_framework.renderers.TemplateHTMLRenderer'
|
||||
)
|
||||
}
|
||||
|
||||
[cite]: http://jacobian.org/writing/django-apps-with-buildout/#s-create-a-test-wrapper
|
||||
[client]: https://docs.djangoproject.com/en/dev/topics/testing/overview/#module-django.test.client
|
||||
[client]: https://docs.djangoproject.com/en/dev/topics/testing/tools/#the-test-client
|
||||
[requestfactory]: https://docs.djangoproject.com/en/dev/topics/testing/advanced/#django.test.client.RequestFactory
|
||||
[configuration]: #configuration
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="throttling.py"></a>
|
||||
source: throttling.py
|
||||
|
||||
# Throttling
|
||||
|
||||
|
@ -43,6 +43,10 @@ The rate descriptions used in `DEFAULT_THROTTLE_RATES` may include `second`, `mi
|
|||
You can also set the throttling policy on a per-view or per-viewset basis,
|
||||
using the `APIView` class based views.
|
||||
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.throttling import UserRateThrottle
|
||||
from rest_framework.views import APIView
|
||||
|
||||
class ExampleView(APIView):
|
||||
throttle_classes = (UserRateThrottle,)
|
||||
|
||||
|
@ -54,18 +58,35 @@ using the `APIView` class based views.
|
|||
|
||||
Or, if you're using the `@api_view` decorator with function based views.
|
||||
|
||||
@api_view('GET')
|
||||
@throttle_classes(UserRateThrottle)
|
||||
@api_view(['GET'])
|
||||
@throttle_classes([UserRateThrottle])
|
||||
def example_view(request, format=None):
|
||||
content = {
|
||||
'status': 'request was permitted'
|
||||
}
|
||||
return Response(content)
|
||||
|
||||
## How clients are identified
|
||||
|
||||
The `X-Forwarded-For` and `Remote-Addr` HTTP headers are used to uniquely identify client IP addresses for throttling. If the `X-Forwarded-For` header is present then it will be used, otherwise the value of the `Remote-Addr` header will be used.
|
||||
|
||||
If you need to strictly identify unique client IP addresses, you'll need to first configure the number of application proxies that the API runs behind by setting the `NUM_PROXIES` setting. This setting should be an integer of zero or more. If set to non-zero then the client IP will be identified as being the last IP address in the `X-Forwarded-For` header, once any application proxy IP addresses have first been excluded. If set to zero, then the `Remote-Addr` header will always be used as the identifying IP address.
|
||||
|
||||
It is important to understand that if you configure the `NUM_PROXIES` setting, then all clients behind a unique [NAT'd](http://en.wikipedia.org/wiki/Network_address_translation) gateway will be treated as a single client.
|
||||
|
||||
Further context on how the `X-Forwarded-For` header works, and identifying a remote client IP can be [found here][identifing-clients].
|
||||
|
||||
## Setting up the cache
|
||||
|
||||
The throttle classes provided by REST framework use Django's cache backend. You should make sure that you've set appropriate [cache settings][cache-setting]. The default value of `LocMemCache` backend should be okay for simple setups. See Django's [cache documentation][cache-docs] for more details.
|
||||
|
||||
If you need to use a cache other than `'default'`, you can do so by creating a custom throttle class and setting the `cache` attribute. For example:
|
||||
|
||||
class CustomAnonRateThrottle(AnonRateThrottle):
|
||||
cache = get_cache('alternate')
|
||||
|
||||
You'll need to remember to also set your custom throttle class in the `'DEFAULT_THROTTLE_CLASSES'` settings key, or using the `throttle_classes` view attribute.
|
||||
|
||||
---
|
||||
|
||||
# API Reference
|
||||
|
@ -139,7 +160,7 @@ For example, given the following views...
|
|||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_THROTTLE_CLASSES': (
|
||||
'rest_framework.throttling.ScopedRateThrottle'
|
||||
'rest_framework.throttling.ScopedRateThrottle',
|
||||
),
|
||||
'DEFAULT_THROTTLE_RATES': {
|
||||
'contacts': '1000/day',
|
||||
|
@ -157,6 +178,8 @@ To create a custom throttle, override `BaseThrottle` and implement `.allow_reque
|
|||
|
||||
Optionally you may also override the `.wait()` method. If implemented, `.wait()` should return a recommended number of seconds to wait before attempting the next request, or `None`. The `.wait()` method will only be called if `.allow_request()` has previously returned `False`.
|
||||
|
||||
If the `.wait()` method is implemented and the request is throttled, then a `Retry-After` header will be included in the response.
|
||||
|
||||
## Example
|
||||
|
||||
The following is an example of a rate throttle, that will randomly throttle 1 in every 10 requests.
|
||||
|
@ -167,5 +190,6 @@ The following is an example of a rate throttle, that will randomly throttle 1 in
|
|||
|
||||
[cite]: https://dev.twitter.com/docs/error-codes-responses
|
||||
[permissions]: permissions.md
|
||||
[identifing-clients]: http://oxpedia.org/wiki/index.php?title=AppSuite:Grizzly#Multiple_Proxies_in_front_of_the_cluster
|
||||
[cache-setting]: https://docs.djangoproject.com/en/dev/ref/settings/#caches
|
||||
[cache-docs]: https://docs.djangoproject.com/en/dev/topics/cache/#setting-up-the-cache
|
||||
|
|
225
docs/api-guide/validators.md
Normal file
|
@ -0,0 +1,225 @@
|
|||
source: validators.py
|
||||
|
||||
# Validators
|
||||
|
||||
> Validators can be useful for re-using validation logic between different types of fields.
|
||||
>
|
||||
> — [Django documentation][cite]
|
||||
|
||||
Most of the time you're dealing with validation in REST framework you'll simply be relying on the default field validation, or writing explicit validation methods on serializer or field classes.
|
||||
|
||||
However, sometimes you'll want to place your validation logic into reusable components, so that it can easily be reused throughout your codebase. This can be achieved by using validator functions and validator classes.
|
||||
|
||||
## Validation in REST framework
|
||||
|
||||
Validation in Django REST framework serializers is handled a little differently to how validation works in Django's `ModelForm` class.
|
||||
|
||||
With `ModelForm` the validation is performed partially on the form, and partially on the model instance. With REST framework the validation is performed entirely on the serializer class. This is advantageous for the following reasons:
|
||||
|
||||
* It introduces a proper separation of concerns, making your code behavior more obvious.
|
||||
* It is easy to switch between using shortcut `ModelSerializer` classes and using explicit `Serializer` classes. Any validation behavior being used for `ModelSerializer` is simple to replicate.
|
||||
* Printing the `repr` of a serializer instance will show you exactly what validation rules it applies. There's no extra hidden validation behavior being called on the model instance.
|
||||
|
||||
When you're using `ModelSerializer` all of this is handled automatically for you. If you want to drop down to using a `Serializer` classes instead, then you need to define the validation rules explicitly.
|
||||
|
||||
#### Example
|
||||
|
||||
As an example of how REST framework uses explicit validation, we'll take a simple model class that has a field with a uniqueness constraint.
|
||||
|
||||
class CustomerReportRecord(models.Model):
|
||||
time_raised = models.DateTimeField(default=timezone.now, editable=False)
|
||||
reference = models.CharField(unique=True, max_length=20)
|
||||
description = models.TextField()
|
||||
|
||||
Here's a basic `ModelSerializer` that we can use for creating or updating instances of `CustomerReportRecord`:
|
||||
|
||||
class CustomerReportSerializer(serializers.ModelSerializer):
|
||||
class Meta:
|
||||
model = CustomerReportRecord
|
||||
|
||||
If we open up the Django shell using `manage.py shell` we can now
|
||||
|
||||
>>> from project.example.serializers import CustomerReportSerializer
|
||||
>>> serializer = CustomerReportSerializer()
|
||||
>>> print(repr(serializer))
|
||||
CustomerReportSerializer():
|
||||
id = IntegerField(label='ID', read_only=True)
|
||||
time_raised = DateTimeField(read_only=True)
|
||||
reference = CharField(max_length=20, validators=[<UniqueValidator(queryset=CustomerReportRecord.objects.all())>])
|
||||
description = CharField(style={'type': 'textarea'})
|
||||
|
||||
The interesting bit here is the `reference` field. We can see that the uniqueness constraint is being explicitly enforced by a validator on the serializer field.
|
||||
|
||||
Because of this more explicit style REST framework includes a few validator classes that are not available in core Django. These classes are detailed below.
|
||||
|
||||
---
|
||||
|
||||
## UniqueValidator
|
||||
|
||||
This validator can be used to enforce the `unique=True` constraint on model fields.
|
||||
It takes a single required argument, and an optional `messages` argument:
|
||||
|
||||
* `queryset` *required* - This is the queryset against which uniqueness should be enforced.
|
||||
* `message` - The error message that should be used when validation fails.
|
||||
|
||||
This validator should be applied to *serializer fields*, like so:
|
||||
|
||||
slug = SlugField(
|
||||
max_length=100,
|
||||
validators=[UniqueValidator(queryset=BlogPost.objects.all())]
|
||||
)
|
||||
|
||||
## UniqueTogetherValidator
|
||||
|
||||
This validator can be used to enforce `unique_together` constraints on model instances.
|
||||
It has two required arguments, and a single optional `messages` argument:
|
||||
|
||||
* `queryset` *required* - This is the queryset against which uniqueness should be enforced.
|
||||
* `fields` *required* - A list or tuple of field names which should make a unique set. These must exist as fields on the serializer class.
|
||||
* `message` - The error message that should be used when validation fails.
|
||||
|
||||
The validator should be applied to *serializer classes*, like so:
|
||||
|
||||
class ExampleSerializer(serializers.Serializer):
|
||||
# ...
|
||||
class Meta:
|
||||
# ToDo items belong to a parent list, and have an ordering defined
|
||||
# by the 'position' field. No two items in a given list may share
|
||||
# the same position.
|
||||
validators = [
|
||||
UniqueTogetherValidator(
|
||||
queryset=ToDoItem.objects.all(),
|
||||
fields=('list', 'position')
|
||||
)
|
||||
]
|
||||
|
||||
---
|
||||
|
||||
**Note**: The `UniqueTogetherValidation` class always imposes an implicit constraint that all the fields it applies to are always treated as required. Fields with `default` values are an exception to this as they always supply a value even when omitted from user input.
|
||||
|
||||
---
|
||||
|
||||
## UniqueForDateValidator
|
||||
|
||||
## UniqueForMonthValidator
|
||||
|
||||
## UniqueForYearValidator
|
||||
|
||||
These validators can be used to enforce the `unique_for_date`, `unique_for_month` and `unique_for_year` constraints on model instances. They take the following arguments:
|
||||
|
||||
* `queryset` *required* - This is the queryset against which uniqueness should be enforced.
|
||||
* `field` *required* - A field name against which uniqueness in the given date range will be validated. This must exist as a field on the serializer class.
|
||||
* `date_field` *required* - A field name which will be used to determine date range for the uniqueness constrain. This must exist as a field on the serializer class.
|
||||
* `message` - The error message that should be used when validation fails.
|
||||
|
||||
The validator should be applied to *serializer classes*, like so:
|
||||
|
||||
class ExampleSerializer(serializers.Serializer):
|
||||
# ...
|
||||
class Meta:
|
||||
# Blog posts should have a slug that is unique for the current year.
|
||||
validators = [
|
||||
UniqueForYearValidator(
|
||||
queryset=BlogPostItem.objects.all(),
|
||||
field='slug',
|
||||
date_field='published'
|
||||
)
|
||||
]
|
||||
|
||||
The date field that is used for the validation is always required to be present on the serializer class. You can't simply rely on a model class `default=...`, because the value being used for the default wouldn't be generated until after the validation has run.
|
||||
|
||||
There are a couple of styles you may want to use for this depending on how you want your API to behave. If you're using `ModelSerializer` you'll probably simply rely on the defaults that REST framework generates for you, but if you are using `Serializer` or simply want more explicit control, use on of the styles demonstrated below.
|
||||
|
||||
#### Using with a writable date field.
|
||||
|
||||
If you want the date field to be writable the only thing worth noting is that you should ensure that it is always available in the input data, either by setting a `default` argument, or by setting `required=True`.
|
||||
|
||||
published = serializers.DateTimeField(required=True)
|
||||
|
||||
#### Using with a read-only date field.
|
||||
|
||||
If you want the date field to be visible, but not editable by the user, then set `read_only=True` and additionally set a `default=...` argument.
|
||||
|
||||
published = serializers.DateTimeField(read_only=True, default=timezone.now)
|
||||
|
||||
The field will not be writable to the user, but the default value will still be passed through to the `validated_data`.
|
||||
|
||||
#### Using with a hidden date field.
|
||||
|
||||
If you want the date field to be entirely hidden from the user, then use `HiddenField`. This field type does not accept user input, but instead always returns it's default value to the `validated_data` in the serializer.
|
||||
|
||||
published = serializers.HiddenField(default=timezone.now)
|
||||
|
||||
---
|
||||
|
||||
**Note**: The `UniqueFor<Range>Validation` classes always imposes an implicit constraint that the fields they are applied to are always treated as required. Fields with `default` values are an exception to this as they always supply a value even when omitted from user input.
|
||||
|
||||
---
|
||||
|
||||
# Advanced 'default' argument usage
|
||||
|
||||
Validators that are applied across multiple fields in the serializer can sometimes require a field input that should not be provided by the API client, but that *is* available as input to the validator.
|
||||
|
||||
Two patterns that you may want to use for this sort of validation include:
|
||||
|
||||
* Using `HiddenField`. This field will be present in `validated_data` but *will not* be used in the serializer output representation.
|
||||
* Using a standard field with `read_only=True`, but that also includes a `default=…` argument. This field *will* be used in the serializer output representation, but cannot be set directly by the user.
|
||||
|
||||
REST framework includes a couple of defaults that may be useful in this context.
|
||||
|
||||
#### CurrentUserDefault
|
||||
|
||||
A default class that can be used to represent the current user. In order to use this, the 'request' must have been provided as part of the context dictionary when instantiating the serializer.
|
||||
|
||||
owner = serializers.HiddenField(
|
||||
default=CurrentUserDefault()
|
||||
)
|
||||
|
||||
#### CreateOnlyDefault
|
||||
|
||||
A default class that can be used to *only set a default argument during create operations*. During updates the field is omitted.
|
||||
|
||||
It takes a single argument, which is the default value or callable that should be used during create operations.
|
||||
|
||||
created_at = serializers.DateTimeField(
|
||||
read_only=True,
|
||||
default=CreateOnlyDefault(timezone.now)
|
||||
)
|
||||
|
||||
---
|
||||
|
||||
# Writing custom validators
|
||||
|
||||
You can use any of Django's existing validators, or write your own custom validators.
|
||||
|
||||
## Function based
|
||||
|
||||
A validator may be any callable that raises a `serializers.ValidationError` on failure.
|
||||
|
||||
def even_number(value):
|
||||
if value % 2 != 0:
|
||||
raise serializers.ValidationError('This field must be an even number.')
|
||||
|
||||
## Class based
|
||||
|
||||
To write a class based validator, use the `__call__` method. Class based validators are useful as they allow you to parameterize and reuse behavior.
|
||||
|
||||
class MultipleOf:
|
||||
def __init__(self, base):
|
||||
self.base = base
|
||||
|
||||
def __call__(self, value):
|
||||
if value % self.base != 0
|
||||
message = 'This field must be a multiple of %d.' % self.base
|
||||
raise serializers.ValidationError(message)
|
||||
|
||||
#### Using `set_context()`
|
||||
|
||||
In some advanced cases you might want a validator to be passed the serializer field it is being used with as additional context. You can do so by declaring a `set_context` method on a class based validator.
|
||||
|
||||
def set_context(self, serializer_field):
|
||||
# Determine if this is an update or a create operation.
|
||||
# In `__call__` we can then use that information to modify the validation behavior.
|
||||
self.is_update = serializer_field.parent.instance is not None
|
||||
|
||||
[cite]: https://docs.djangoproject.com/en/dev/ref/validators/
|
205
docs/api-guide/versioning.md
Normal file
|
@ -0,0 +1,205 @@
|
|||
source: versioning.py
|
||||
|
||||
# Versioning
|
||||
|
||||
> Versioning an interface is just a "polite" way to kill deployed clients.
|
||||
>
|
||||
> — [Roy Fielding][cite].
|
||||
|
||||
API versioning allows you to alter behavior between different clients. REST framework provides for a number of different versioning schemes.
|
||||
|
||||
Versioning is determined by the incoming client request, and may either be based on the request URL, or based on the request headers.
|
||||
|
||||
There are a number of valid approaches to approaching versioning. [Non-versioned systems can also be appropriate][roy-fielding-on-versioning], particularly if you're engineering for very long-term systems with multiple clients outside of your control.
|
||||
|
||||
## Versioning with REST framework
|
||||
|
||||
When API versioning is enabled, the `request.version` attribute will contain a string that corresponds to the version requested in the incoming client request.
|
||||
|
||||
By default, versioning is not enabled, and `request.version` will always return `None`.
|
||||
|
||||
#### Varying behavior based on the version
|
||||
|
||||
How you vary the API behavior is up to you, but one example you might typically want is to switch to a different serialization style in a newer version. For example:
|
||||
|
||||
def get_serializer_class(self):
|
||||
if self.request.version == 'v1':
|
||||
return AccountSerializerVersion1
|
||||
return AccountSerializer
|
||||
|
||||
#### Reversing URLs for versioned APIs
|
||||
|
||||
The `reverse` function included by REST framework ties in with the versioning scheme. You need to make sure to include the current `request` as a keyword argument, like so.
|
||||
|
||||
reverse('bookings-list', request=request)
|
||||
|
||||
The above function will apply any URL transformations appropriate to the request version. For example:
|
||||
|
||||
* If `NamespacedVersioning` was being used, and the API version was 'v1', then the URL lookup used would be `'v1:bookings-list'`, which might resolve to a URL like `http://example.org/v1/bookings/`.
|
||||
* If `QueryParameterVersioning` was being used, and the API version was `1.0`, then the returned URL might be something like `http://example.org/bookings/?version=1.0`
|
||||
|
||||
#### Versioned APIs and hyperlinked serializers
|
||||
|
||||
When using hyperlinked serialization styles together with a URL based versioning scheme make sure to include the request as context to the serializer.
|
||||
|
||||
def get(self, request):
|
||||
queryset = Booking.objects.all()
|
||||
serializer = BookingsSerializer(queryset, many=True, context={'request': request})
|
||||
return Response({'all_bookings': serializer.data})
|
||||
|
||||
Doing so will allow any returned URLs to include the appropriate versioning.
|
||||
|
||||
## Configuring the versioning scheme
|
||||
|
||||
The versioning scheme is defined by the `DEFAULT_VERSIONING_CLASS` settings key.
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_VERSIONING_CLASS': 'rest_framework.versioning.NamespaceVersioning'
|
||||
}
|
||||
|
||||
Unless it is explicitly set, the value for `DEFAULT_VERSIONING_CLASS` will be `None`. In this case the `request.version` attribute will always return `None`.
|
||||
|
||||
You can also set the versioning scheme on an individual view. Typically you won't need to do this, as it makes more sense to have a single versioning scheme used globally. If you do need to do so, use the `versioning_class` attribute.
|
||||
|
||||
class ProfileList(APIView):
|
||||
versioning_class = versioning.QueryParameterVersioning
|
||||
|
||||
#### Other versioning settings
|
||||
|
||||
The following settings keys are also used to control versioning:
|
||||
|
||||
* `DEFAULT_VERSION`. The value that should be used for `request.version` when no versioning information is present. Defaults to `None`.
|
||||
* `ALLOWED_VERSIONS`. If set, this value will restrict the set of versions that may be returned by the versioning scheme, and will raise an error if the provided version if not in this set. Defaults to `None`.
|
||||
* `VERSION_PARAMETER`. The string that should used for any versioning parameters, such as in the media type or URL query parameters. Defaults to `'version'`.
|
||||
|
||||
---
|
||||
|
||||
# API Reference
|
||||
|
||||
## AcceptHeaderVersioning
|
||||
|
||||
This scheme requires the client to specify the version as part of the media type in the `Accept` header. The version is included as a media type parameter, that supplements the main media type.
|
||||
|
||||
Here's an example HTTP request using the accept header versioning style.
|
||||
|
||||
GET /bookings/ HTTP/1.1
|
||||
Host: example.com
|
||||
Accept: application/json; version=1.0
|
||||
|
||||
In the example request above `request.version` attribute would return the string `'1.0'`.
|
||||
|
||||
Versioning based on accept headers is [generally considered][klabnik-guidelines] as [best practice][heroku-guidelines], although other styles may be suitable depending on your client requirements.
|
||||
|
||||
#### Using accept headers with vendor media types
|
||||
|
||||
Strictly speaking the `json` media type is not specified as [including additional parameters][json-parameters]. If you are building a well-specified public API you might consider using a [vendor media type][vendor-media-type]. To do so, configure your renderers to use a JSON based renderer with a custom media type:
|
||||
|
||||
class BookingsAPIRenderer(JSONRenderer):
|
||||
media_type = 'application/vnd.megacorp.bookings+json'
|
||||
|
||||
Your client requests would now look like this:
|
||||
|
||||
GET /bookings/ HTTP/1.1
|
||||
Host: example.com
|
||||
Accept: application/vnd.megacorp.bookings+json; version=1.0
|
||||
|
||||
## URLParameterVersioning
|
||||
|
||||
This scheme requires the client to specify the version as part of the URL path.
|
||||
|
||||
GET /v1/bookings/ HTTP/1.1
|
||||
Host: example.com
|
||||
Accept: application/json
|
||||
|
||||
Your URL conf must include a pattern that matches the version with a `'version'` keyword argument, so that this information is available to the versioning scheme.
|
||||
|
||||
urlpatterns = [
|
||||
url(
|
||||
r'^(?P<version>{v1,v2})/bookings/$',
|
||||
bookings_list,
|
||||
name='bookings-list'
|
||||
),
|
||||
url(
|
||||
r'^(?P<version>{v1,v2})/bookings/(?P<pk>[0-9]+)/$',
|
||||
bookings_detail,
|
||||
name='bookings-detail'
|
||||
)
|
||||
]
|
||||
|
||||
## NamespaceVersioning
|
||||
|
||||
To the client, this scheme is the same as `URLParameterVersioning`. The only difference is how it is configured in your Django application, as it uses URL namespacing, instead of URL keyword arguments.
|
||||
|
||||
GET /v1/something/ HTTP/1.1
|
||||
Host: example.com
|
||||
Accept: application/json
|
||||
|
||||
With this scheme the `request.version` attribute is determined based on the `namespace` that matches the incoming request path.
|
||||
|
||||
In the following example we're giving a set of views two different possible URL prefixes, each under a different namespace:
|
||||
|
||||
# bookings/urls.py
|
||||
urlpatterns = [
|
||||
url(r'^$', bookings_list, name='bookings-list'),
|
||||
url(r'^(?P<pk>[0-9]+)/$', bookings_detail, name='bookings-detail')
|
||||
]
|
||||
|
||||
# urls.py
|
||||
urlpatterns = [
|
||||
url(r'^v1/bookings/', include('bookings.urls', namespace='v1')),
|
||||
url(r'^v2/bookings/', include('bookings.urls', namespace='v2'))
|
||||
]
|
||||
|
||||
Both `URLParameterVersioning` and `NamespaceVersioning` are reasonable if you just need a simple versioning scheme. The `URLParameterVersioning` approach might be better suitable for small ad-hoc projects, and the `NamespaceVersioning` is probably easier to manage for larger projects.
|
||||
|
||||
## HostNameVersioning
|
||||
|
||||
The hostname versioning scheme requires the client to specify the requested version as part of the hostname in the URL.
|
||||
|
||||
For example the following is an HTTP request to the `http://v1.example.com/bookings/` URL:
|
||||
|
||||
GET /bookings/ HTTP/1.1
|
||||
Host: v1.example.com
|
||||
Accept: application/json
|
||||
|
||||
By default this implementation expects the hostname to match this simple regular expression:
|
||||
|
||||
^([a-zA-Z0-9]+)\.[a-zA-Z0-9]+\.[a-zA-Z0-9]+$
|
||||
|
||||
Note that the first group is enclosed in brackets, indicating that this is the matched portion of the hostname.
|
||||
|
||||
The `HostNameVersioning` scheme can be awkward to use in debug mode as you will typically be accessing a raw IP address such as `127.0.0.1`. There are various online services which you to [access localhost with a custom subdomain][lvh] which you may find helpful in this case.
|
||||
|
||||
Hostname based versioning can be particularly useful if you have requirements to route incoming requests to different servers based on the version, as you can configure different DNS records for different API versions.
|
||||
|
||||
## QueryParameterVersioning
|
||||
|
||||
This scheme is a simple style that includes the version as a query parameter in the URL. For example:
|
||||
|
||||
GET /something/?version=0.1 HTTP/1.1
|
||||
Host: example.com
|
||||
Accept: application/json
|
||||
|
||||
---
|
||||
|
||||
# Custom versioning schemes
|
||||
|
||||
To implement a custom versioning scheme, subclass `BaseVersioning` and override the `.determine_version` method.
|
||||
|
||||
## Example
|
||||
|
||||
The following example uses a custom `X-API-Version` header to determine the requested version.
|
||||
|
||||
class XAPIVersionScheme(versioning.BaseVersioning):
|
||||
def determine_version(self, request, *args, **kwargs):
|
||||
return request.META.get('HTTP_X_API_VERSION', None)
|
||||
|
||||
If your versioning scheme is based on the request URL, you will also want to alter how versioned URLs are determined. In order to do so you should override the `.reverse()` method on the class. See the source code for examples.
|
||||
|
||||
[cite]: http://www.slideshare.net/evolve_conference/201308-fielding-evolve/31
|
||||
[roy-fielding-on-versioning]: http://www.infoq.com/articles/roy-fielding-on-versioning
|
||||
[klabnik-guidelines]: http://blog.steveklabnik.com/posts/2011-07-03-nobody-understands-rest-or-http#i_want_my_api_to_be_versioned
|
||||
[heroku-guidelines]: https://github.com/interagent/http-api-design#version-with-accepts-header
|
||||
[json-parameters]: http://tools.ietf.org/html/rfc4627#section-6
|
||||
[vendor-media-type]: http://en.wikipedia.org/wiki/Internet_media_type#Vendor_tree
|
||||
[lvh]: https://reinteractive.net/posts/199-developing-and-testing-rails-applications-with-subdomains
|
|
@ -1,4 +1,5 @@
|
|||
<a class="github" href="decorators.py"></a> <a class="github" href="views.py"></a>
|
||||
source: decorators.py
|
||||
views.py
|
||||
|
||||
# Class Based Views
|
||||
|
||||
|
@ -110,7 +111,7 @@ You won't typically need to override this method.
|
|||
|
||||
### .finalize_response(self, request, response, \*args, **kwargs)
|
||||
|
||||
Ensures that any `Response` object returned from the handler method will be rendered into the correct content type, as determined by the content negotation.
|
||||
Ensures that any `Response` object returned from the handler method will be rendered into the correct content type, as determined by the content negotiation.
|
||||
|
||||
You won't typically need to override this method.
|
||||
|
||||
|
@ -126,19 +127,26 @@ REST framework also allows you to work with regular function based views. It pr
|
|||
|
||||
## @api_view()
|
||||
|
||||
**Signature:** `@api_view(http_method_names)`
|
||||
**Signature:** `@api_view(http_method_names=['GET'])`
|
||||
|
||||
The core of this functionality is the `api_view` decorator, which takes a list of HTTP methods that your view should respond to. For example, this is how you would write a very simple view that just manually returns some data:
|
||||
|
||||
from rest_framework.decorators import api_view
|
||||
|
||||
@api_view(['GET'])
|
||||
@api_view()
|
||||
def hello_world(request):
|
||||
return Response({"message": "Hello, world!"})
|
||||
|
||||
|
||||
This view will use the default renderers, parsers, authentication classes etc specified in the [settings].
|
||||
|
||||
By default only `GET` methods will be accepted. Other methods will respond with "405 Method Not Allowed". To alter this behavior, specify which methods the view allows, like so:
|
||||
|
||||
@api_view(['GET', 'POST'])
|
||||
def hello_world(request):
|
||||
if request.method == 'POST':
|
||||
return Response({"message": "Got some data!", "data": request.data})
|
||||
return Response({"message": "Hello, world!"})
|
||||
|
||||
## API policy decorators
|
||||
|
||||
To override the default settings, REST framework provides a set of additional decorators which can be added to your views. These must come *after* (below) the `@api_view` decorator. For example, to create a view that uses a [throttle][throttling] to ensure it can only be called once per day by a particular user, use the `@throttle_classes` decorator, passing a list of throttle classes:
|
||||
|
@ -168,5 +176,5 @@ Each of these decorators takes a single argument which must be a list or tuple o
|
|||
|
||||
[cite]: http://reinout.vanrees.org/weblog/2011/08/24/class-based-views-usage.html
|
||||
[cite2]: http://www.boredomandlaziness.org/2012/05/djangos-cbvs-are-not-mistake-but.html
|
||||
[settings]: api-guide/settings.md
|
||||
[throttling]: api-guide/throttling.md
|
||||
[settings]: settings.md
|
||||
[throttling]: throttling.md
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
<a class="github" href="viewsets.py"></a>
|
||||
source: viewsets.py
|
||||
|
||||
# ViewSets
|
||||
|
||||
|
@ -19,6 +19,12 @@ Typically, rather than explicitly registering the views in a viewset in the urlc
|
|||
|
||||
Let's define a simple viewset that can be used to list or retrieve all the users in the system.
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from django.shortcuts import get_object_or_404
|
||||
from myapps.serializers import UserSerializer
|
||||
from rest_framework import viewsets
|
||||
from rest_framework.response import Response
|
||||
|
||||
class UserViewSet(viewsets.ViewSet):
|
||||
"""
|
||||
A simple ViewSet that for listing or retrieving users.
|
||||
|
@ -41,6 +47,9 @@ If we need to, we can bind this viewset into two separate views, like so:
|
|||
|
||||
Typically we wouldn't do this, but would instead register the viewset with a router, and allow the urlconf to be automatically generated.
|
||||
|
||||
from myapp.views import UserViewSet
|
||||
from rest_framework.routers import DefaultRouter
|
||||
|
||||
router = DefaultRouter()
|
||||
router.register(r'users', UserViewSet)
|
||||
urlpatterns = router.urls
|
||||
|
@ -61,7 +70,7 @@ There are two main advantages of using a `ViewSet` class over using a `View` cla
|
|||
|
||||
Both of these come with a trade-off. Using regular views and URL confs is more explicit and gives you more control. ViewSets are helpful if you want to get up and running quickly, or when you have a large API and you want to enforce a consistent URL configuration throughout.
|
||||
|
||||
## Marking extra methods for routing
|
||||
## Marking extra actions for routing
|
||||
|
||||
The default routers included with REST framework will provide routes for a standard set of create/retrieve/update/destroy style operations, as shown below:
|
||||
|
||||
|
@ -92,14 +101,16 @@ The default routers included with REST framework will provide routes for a stand
|
|||
def destroy(self, request, pk=None):
|
||||
pass
|
||||
|
||||
If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@link` or `@action` decorators. The `@link` decorator will route `GET` requests, and the `@action` decorator will route `POST` requests.
|
||||
If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@detail_route` or `@list_route` decorators.
|
||||
|
||||
The `@detail_route` decorator contains `pk` in its URL pattern and is intended for methods which require a single instance. The `@list_route` decorator is intended for methods which operate on a list of objects.
|
||||
|
||||
For example:
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from rest_framework import viewsets
|
||||
from rest_framework import status
|
||||
from rest_framework.decorators import action
|
||||
from rest_framework import viewsets
|
||||
from rest_framework.decorators import detail_route, list_route
|
||||
from rest_framework.response import Response
|
||||
from myapp.serializers import UserSerializer, PasswordSerializer
|
||||
|
||||
|
@ -110,10 +121,10 @@ For example:
|
|||
queryset = User.objects.all()
|
||||
serializer_class = UserSerializer
|
||||
|
||||
@action()
|
||||
@detail_route(methods=['post'])
|
||||
def set_password(self, request, pk=None):
|
||||
user = self.get_object()
|
||||
serializer = PasswordSerializer(data=request.DATA)
|
||||
serializer = PasswordSerializer(data=request.data)
|
||||
if serializer.is_valid():
|
||||
user.set_password(serializer.data['password'])
|
||||
user.save()
|
||||
|
@ -122,17 +133,27 @@ For example:
|
|||
return Response(serializer.errors,
|
||||
status=status.HTTP_400_BAD_REQUEST)
|
||||
|
||||
The `@action` and `@link` decorators can additionally take extra arguments that will be set for the routed view only. For example...
|
||||
@list_route()
|
||||
def recent_users(self, request):
|
||||
recent_users = User.objects.all().order('-last_login')
|
||||
page = self.paginate_queryset(recent_users)
|
||||
serializer = self.get_pagination_serializer(page)
|
||||
return Response(serializer.data)
|
||||
|
||||
@action(permission_classes=[IsAdminOrIsSelf])
|
||||
The decorators can additionally take extra arguments that will be set for the routed view only. For example...
|
||||
|
||||
@detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
|
||||
def set_password(self, request, pk=None):
|
||||
...
|
||||
|
||||
The `@action` decorator will route `POST` requests by default, but may also accept other HTTP methods, by using the `method` argument. For example:
|
||||
These decorators will route `GET` requests by default, but may also accept other HTTP methods, by using the `methods` argument. For example:
|
||||
|
||||
@action(methods=['POST', 'DELETE'])
|
||||
@detail_route(methods=['post', 'delete'])
|
||||
def unset_password(self, request, pk=None):
|
||||
...
|
||||
|
||||
The two new actions will then be available at the urls `^users/{pk}/set_password/$` and `^users/{pk}/unset_password/$`
|
||||
|
||||
---
|
||||
|
||||
# API Reference
|
||||
|
@ -180,6 +201,8 @@ Note that you can use any of the standard attributes or method overrides provide
|
|||
def get_queryset(self):
|
||||
return self.request.user.accounts.all()
|
||||
|
||||
Note however that upon removal of the `queryset` property from your `ViewSet`, any associated [router][routers] will be unable to derive the base_name of your Model automatically, and so you will have to specify the `base_name` kwarg as part of your [router registration][routers].
|
||||
|
||||
Also note that although this class provides the complete set of create/list/retrieve/update/destroy actions by default, you can restrict the available operations by using the standard permission classes.
|
||||
|
||||
## ReadOnlyModelViewSet
|
||||
|
@ -212,7 +235,7 @@ To create a base viewset class that provides `create`, `list` and `retrieve` ope
|
|||
mixins.RetrieveModelMixin,
|
||||
viewsets.GenericViewSet):
|
||||
"""
|
||||
A viewset that provides `retrieve`, `update`, and `list` actions.
|
||||
A viewset that provides `retrieve`, `create`, and `list` actions.
|
||||
|
||||
To use it, override the class and set the `.queryset` and
|
||||
`.serializer_class` attributes.
|
||||
|
@ -222,3 +245,4 @@ To create a base viewset class that provides `create`, `list` and `retrieve` ope
|
|||
By creating your own base `ViewSet` classes, you can provide common behavior that can be reused in multiple viewsets across your API.
|
||||
|
||||
[cite]: http://guides.rubyonrails.org/routing.html
|
||||
[routers]: routers.md
|
||||
|
|
Before Width: | Height: | Size: 57 KiB |
BIN
docs/img/cursor-pagination.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
docs/img/labels-and-milestones.png
Normal file
After Width: | Height: | Size: 82 KiB |
BIN
docs/img/link-header-pagination.png
Normal file
After Width: | Height: | Size: 35 KiB |
BIN
docs/img/logo.png
Normal file
After Width: | Height: | Size: 41 KiB |
BIN
docs/img/pages-pagination.png
Normal file
After Width: | Height: | Size: 10 KiB |
BIN
docs/img/sponsors/0-eventbrite.png
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
docs/img/sponsors/1-cyan.png
Normal file
After Width: | Height: | Size: 6.0 KiB |
BIN
docs/img/sponsors/1-divio.png
Normal file
After Width: | Height: | Size: 4.8 KiB |
BIN
docs/img/sponsors/1-kuwaitnet.png
Normal file
After Width: | Height: | Size: 3.6 KiB |
BIN
docs/img/sponsors/1-lulu.png
Normal file
After Width: | Height: | Size: 18 KiB |
BIN
docs/img/sponsors/1-potato.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
docs/img/sponsors/1-purplebit.png
Normal file
After Width: | Height: | Size: 8.9 KiB |
BIN
docs/img/sponsors/1-runscope.png
Normal file
After Width: | Height: | Size: 11 KiB |
BIN
docs/img/sponsors/1-simple-energy.png
Normal file
After Width: | Height: | Size: 53 KiB |
BIN
docs/img/sponsors/1-vokal_interactive.png
Normal file
After Width: | Height: | Size: 22 KiB |
BIN
docs/img/sponsors/1-wiredrive.png
Normal file
After Width: | Height: | Size: 7.9 KiB |
BIN
docs/img/sponsors/2-byte.png
Normal file
After Width: | Height: | Size: 13 KiB |
BIN
docs/img/sponsors/2-compile.png
Normal file
After Width: | Height: | Size: 3.0 KiB |
BIN
docs/img/sponsors/2-crate.png
Normal file
After Width: | Height: | Size: 8.1 KiB |
BIN
docs/img/sponsors/2-cryptico.png
Normal file
After Width: | Height: | Size: 9.7 KiB |
BIN
docs/img/sponsors/2-django.png
Normal file
After Width: | Height: | Size: 4.9 KiB |
BIN
docs/img/sponsors/2-heroku.png
Normal file
After Width: | Height: | Size: 7.2 KiB |
BIN
docs/img/sponsors/2-hipflask.png
Normal file
After Width: | Height: | Size: 5.9 KiB |
BIN
docs/img/sponsors/2-hipo.png
Normal file
After Width: | Height: | Size: 7.9 KiB |
BIN
docs/img/sponsors/2-koordinates.png
Normal file
After Width: | Height: | Size: 1.9 KiB |
BIN
docs/img/sponsors/2-laterpay.png
Normal file
After Width: | Height: | Size: 2.0 KiB |
BIN
docs/img/sponsors/2-lightning_kite.png
Normal file
After Width: | Height: | Size: 6.6 KiB |
BIN
docs/img/sponsors/2-mirus_research.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
docs/img/sponsors/2-nexthub.png
Normal file
After Width: | Height: | Size: 2.5 KiB |
BIN
docs/img/sponsors/2-opbeat.png
Normal file
After Width: | Height: | Size: 11 KiB |
BIN
docs/img/sponsors/2-prorenata.png
Normal file
After Width: | Height: | Size: 4.0 KiB |
BIN
docs/img/sponsors/2-pulsecode.png
Normal file
After Width: | Height: | Size: 2.3 KiB |
BIN
docs/img/sponsors/2-rapasso.png
Normal file
After Width: | Height: | Size: 13 KiB |
BIN
docs/img/sponsors/2-rheinwerk_verlag.png
Normal file
After Width: | Height: | Size: 1.5 KiB |
BIN
docs/img/sponsors/2-schuberg_philis.png
Normal file
After Width: | Height: | Size: 21 KiB |
BIN
docs/img/sponsors/2-security_compass.png
Normal file
After Width: | Height: | Size: 4.0 KiB |
BIN
docs/img/sponsors/2-sga.png
Normal file
After Width: | Height: | Size: 11 KiB |
BIN
docs/img/sponsors/2-singing-horse.png
Normal file
After Width: | Height: | Size: 20 KiB |
BIN
docs/img/sponsors/2-sirono.png
Normal file
After Width: | Height: | Size: 4.8 KiB |
BIN
docs/img/sponsors/2-vinta.png
Normal file
After Width: | Height: | Size: 6.7 KiB |
BIN
docs/img/sponsors/2-wusawork.png
Normal file
After Width: | Height: | Size: 12 KiB |
BIN
docs/img/sponsors/3-aba.png
Normal file
After Width: | Height: | Size: 18 KiB |
BIN
docs/img/sponsors/3-aditium.png
Normal file
After Width: | Height: | Size: 3.0 KiB |
BIN
docs/img/sponsors/3-alwaysdata.png
Normal file
After Width: | Height: | Size: 9.1 KiB |
BIN
docs/img/sponsors/3-ax_semantics.png
Normal file
After Width: | Height: | Size: 11 KiB |
BIN
docs/img/sponsors/3-beefarm.png
Normal file
After Width: | Height: | Size: 13 KiB |
BIN
docs/img/sponsors/3-blimp.png
Normal file
After Width: | Height: | Size: 6.1 KiB |
BIN
docs/img/sponsors/3-brightloop.png
Normal file
After Width: | Height: | Size: 6.7 KiB |
BIN
docs/img/sponsors/3-cantemo.gif
Normal file
After Width: | Height: | Size: 4.4 KiB |
BIN
docs/img/sponsors/3-crosswordtracker.png
Normal file
After Width: | Height: | Size: 6.6 KiB |
BIN
docs/img/sponsors/3-fluxility.png
Normal file
After Width: | Height: | Size: 9.8 KiB |
BIN
docs/img/sponsors/3-garfo.png
Normal file
After Width: | Height: | Size: 3.2 KiB |
BIN
docs/img/sponsors/3-gizmag.png
Normal file
After Width: | Height: | Size: 5.2 KiB |
BIN
docs/img/sponsors/3-holvi.png
Normal file
After Width: | Height: | Size: 7.4 KiB |
BIN
docs/img/sponsors/3-imt_computer_services.png
Normal file
After Width: | Height: | Size: 69 KiB |
BIN
docs/img/sponsors/3-infinite_code.png
Normal file
After Width: | Height: | Size: 21 KiB |
BIN
docs/img/sponsors/3-ipushpull.png
Normal file
After Width: | Height: | Size: 9.9 KiB |
BIN
docs/img/sponsors/3-isl.png
Normal file
After Width: | Height: | Size: 19 KiB |
BIN
docs/img/sponsors/3-life_the_game.png
Normal file
After Width: | Height: | Size: 5.4 KiB |
BIN
docs/img/sponsors/3-makespace.png
Normal file
After Width: | Height: | Size: 8.2 KiB |
BIN
docs/img/sponsors/3-nephila.png
Normal file
After Width: | Height: | Size: 8.2 KiB |
BIN
docs/img/sponsors/3-openeye.png
Normal file
After Width: | Height: | Size: 14 KiB |
BIN
docs/img/sponsors/3-pathwright.png
Normal file
After Width: | Height: | Size: 13 KiB |
BIN
docs/img/sponsors/3-phurba.png
Normal file
After Width: | Height: | Size: 3.0 KiB |
BIN
docs/img/sponsors/3-pkgfarm.png
Normal file
After Width: | Height: | Size: 2.2 KiB |
BIN
docs/img/sponsors/3-providenz.png
Normal file
After Width: | Height: | Size: 12 KiB |