encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-02-03 13:14:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/tomchristie/django-rest-framework

Browse Source
This commit is contained in:
Tom Christie 2013-07-29 09:11:29 +01:00
commit 6a6b2c9318
9 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/api-guide/throttling.md
View File

@ -44,7 +44,7 @@ You can also set the throttling policy on a per-view or per-viewset basis,
using the `APIView` class based views.
class ExampleView(APIView):
throttle_classes = (UserThrottle,)
throttle_classes = (UserRateThrottle,)
def get(self, request, format=None):
content = {
@ -55,7 +55,7 @@ using the `APIView` class based views.
Or, if you're using the `@api_view` decorator with function based views.
@api_view('GET')
@throttle_classes(UserThrottle)
@throttle_classes(UserRateThrottle)
def example_view(request, format=None):
content = {
'status': 'request was permitted'
@ -72,22 +72,22 @@ The throttle classes provided by REST framework use Django's cache backend. You
## AnonRateThrottle
The `AnonThrottle` will only ever throttle unauthenticated users. The IP address of the incoming request is used to generate a unique key to throttle against.
The `AnonRateThrottle` will only ever throttle unauthenticated users. The IP address of the incoming request is used to generate a unique key to throttle against.
The allowed request rate is determined from one of the following (in order of preference).
* The `rate` property on the class, which may be provided by overriding `AnonThrottle` and setting the property.
* The `rate` property on the class, which may be provided by overriding `AnonRateThrottle` and setting the property.
* The `DEFAULT_THROTTLE_RATES['anon']` setting.
`AnonThrottle` is suitable if you want to restrict the rate of requests from unknown sources.
`AnonRateThrottle` is suitable if you want to restrict the rate of requests from unknown sources.
## UserRateThrottle
The `UserThrottle` will throttle users to a given rate of requests across the API. The user id is used to generate a unique key to throttle against. Unauthenticated requests will fall back to using the IP address of the incoming request to generate a unique key to throttle against.
The `UserRateThrottle` will throttle users to a given rate of requests across the API. The user id is used to generate a unique key to throttle against. Unauthenticated requests will fall back to using the IP address of the incoming request to generate a unique key to throttle against.
The allowed request rate is determined from one of the following (in order of preference).
* The `rate` property on the class, which may be provided by overriding `UserThrottle` and setting the property.
* The `rate` property on the class, which may be provided by overriding `UserRateThrottle` and setting the property.
* The `DEFAULT_THROTTLE_RATES['user']` setting.
An API may have multiple `UserRateThrottles` in place at the same time. To do so, override `UserRateThrottle` and set a unique "scope" for each class.
@ -113,11 +113,11 @@ For example, multiple user throttle rates could be implemented by using the foll
}
}
`UserThrottle` is suitable if you want simple global rate restrictions per-user.
`UserRateThrottle` is suitable if you want simple global rate restrictions per-user.
## ScopedRateThrottle
The `ScopedThrottle` class can be used to restrict access to specific parts of the API. This throttle will only be applied if the view that is being accessed includes a `.throttle_scope` property. The unique throttle key will then be formed by concatenating the "scope" of the request with the unique user id or IP address.
The `ScopedRateThrottle` class can be used to restrict access to specific parts of the API. This throttle will only be applied if the view that is being accessed includes a `.throttle_scope` property. The unique throttle key will then be formed by concatenating the "scope" of the request with the unique user id or IP address.
The allowed request rate is determined by the `DEFAULT_THROTTLE_RATES` setting using a key from the request "scope".

1
docs/api-guide/viewsets.md
View File

@ -98,6 +98,7 @@ For example:
from django.contrib.auth.models import User
from rest_framework import viewsets
from rest_framework import status
from rest_framework.decorators import action
from rest_framework.response import Response
from myapp.serializers import UserSerializer, PasswordSerializer

2
docs/topics/ajax-csrf-cors.md
View File

@ -23,7 +23,7 @@ To guard against these type of attacks, you need to do two things:
If you're using `SessionAuthentication` you'll need to include valid CSRF tokens for any `POST`, `PUT`, `PATCH` or `DELETE` operations.
The Django documentation describes how to [include CSRF tokens in AJAX requests][csrf-ajax].
In order to make AJAX requests, you need to include CSRF token in the HTTP header, as [described in the Django documentation][csrf-ajax].
## CORS

1
docs/topics/browsable-api.md
View File

@ -75,6 +75,7 @@ All of the blocks available in the browsable API base template that can be used
* `branding` - Branding section of the navbar, see [Bootstrap components][bcomponentsnav].
* `breadcrumbs` - Links showing resource nesting, allowing the user to go back up the resources. It's recommended to preserve these, but they can be overridden using the breadcrumbs block.
* `footer` - Any copyright notices or similar footer materials can go here (by default right-aligned).
* `script` - JavaScript files for the page.
* `style` - CSS stylesheets for the page.
* `title` - Title of the page.
* `userlinks` - This is a list of links on the right of the header, by default containing login/logout links. To add links instead of replace, use `{{ block.super }}` to preserve the authentication links.

8
docs/topics/credits.md
View File

@ -147,6 +147,10 @@ The following people have helped make REST framework great.
* Rudolf Olah - [omouse]
* Gertjan Oude Lohuis - [gertjanol]
* Matthias Jacob - [cyroxx]
* Pavel Zinovkin - [pzinovkin]
* Will Kahn-Greene - [willkg]
* Kevin Brown - [kevin-brown]
* Rodrigo Martell - [coderigo]
Many thanks to everyone who's contributed to the project.
@ -330,3 +334,7 @@ You can also contact [@_tomchristie][twitter] directly on twitter.
[omouse]: https://github.com/omouse
[gertjanol]: https://github.com/gertjanol
[cyroxx]: https://github.com/cyroxx
[pzinovkin]: https://github.com/pzinovkin
[coderigo]: https://github.com/coderigo
[willkg]: https://github.com/willkg
[kevin-brown]: https://github.com/kevin-brown

2
docs/tutorial/5-relationships-and-hyperlinked-apis.md
View File

@ -80,7 +80,7 @@ We can easily re-write our existing serializers to use hyperlinking.
highlight = serializers.HyperlinkedIdentityField(view_name='snippet-highlight', format='html')
class Meta:
model = models.Snippet
model = Snippet
fields = ('url', 'highlight', 'owner',
'title', 'code', 'linenos', 'language', 'style')

2
rest_framework/fields.py
View File

@ -512,7 +512,7 @@ class EmailField(CharField):
form_field_class = forms.EmailField
default_error_messages = {
'invalid': _('Enter a valid e-mail address.'),
'invalid': _('Enter a valid email address.'),
}
default_validators = [validators.validate_email]

2
rest_framework/serializers.py
View File

@ -690,7 +690,7 @@ class ModelSerializer(Serializer):
assert field_name in ret, \
"Noexistant field '%s' specified in `read_only_fields` " \
"on serializer '%s'." % \
(self.__class__.__name__, field_name)
(field_name, self.__class__.__name__)
ret[field_name].read_only = True
return ret

2
rest_framework/tests/test_serializer.py
View File

@ -494,7 +494,7 @@ class CustomValidationTests(TestCase):
}
serializer = self.CommentSerializerWithFieldValidator(data=wrong_data)
self.assertFalse(serializer.is_valid())
self.assertEqual(serializer.errors, {'email': ['Enter a valid e-mail address.']})
self.assertEqual(serializer.errors, {'email': ['Enter a valid email address.']})
class PositiveIntegerAsChoiceTests(TestCase):