From f213299d7f9431a103fefa721fdfa05e885e7e96 Mon Sep 17 00:00:00 2001 From: Rob Romano Date: Mon, 19 Nov 2012 19:11:35 -0800 Subject: [PATCH 1/5] Update docs/topics/contributing.md --- docs/topics/contributing.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/topics/contributing.md b/docs/topics/contributing.md index 7fd61c10e..959abc818 100644 --- a/docs/topics/contributing.md +++ b/docs/topics/contributing.md @@ -4,8 +4,26 @@ > > — [Tim Berners-Lee][cite] +## Get the source + +Use `git` to clone the master REST Framework source files to your local systme. If you plan to contribute, +to the project, you also need to fork the repo on github. See https://help.github.com/articles/fork-a-repo +for more information. + ## Running the tests +Ensure your PYTHONPATH is configured so that the copy of REST Framework from your local git repo is picked up, +not any other version you may have installed on your system. + +Then, invoked the `runtests/runtests.py` script to execute all unittests. + +Here is an example session: + +``` +/home/mydir/djangorestframework$ export PYTHONPATH=/home/mydir/djangorestramework:$PYTHONPATH +/home/mydir/djangorestframework$ rest_framework/runtests/runtests.py +``` + ## Building the docs ## Managing compatibility issues From c90303aa8998a7db7eccd9059ee4127a1a33b771 Mon Sep 17 00:00:00 2001 From: Robert Romano Date: Mon, 19 Nov 2012 21:38:26 -0800 Subject: [PATCH 2/5] This commit fixes #299 to add examples of a custom permission --- docs/api-guide/permissions.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index 1a746fb64..b7d019eae 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -110,6 +110,41 @@ To implement a custom permission, override `BasePermission` and implement the `. The method should return `True` if the request should be granted access, and `False` otherwise. +Example of a custom permission checking authenticated user's first name for an attribute: + +``` + class IsNamedAfterBeatle(permissions.BasePermission): + """ + Custom permission allowing users with first name matching a Beatle + """ + def has_permission(self, request, view, obj=None): + if (request.user and + request.user.first_name in ("John", "Paul", "Ringo", "George",)): + return True + else: + return False +``` + +Example of a custom permission demonstrating object level permissions: + +``` + class IsOwnerOrReadOnly(permissions.BasePermission): + """ + Custom permission to only allow owners of an object to edit, otherwise + allow read only access + """ + + def has_permission(self, request, view, obj=None): + if obj is None: + if (request.method in SAFE_METHODS or + request.user and + request.user.is_authenticated()): + return True + + # Write permissions are only allowed to the owner + return obj.owner == request.user +``` + [cite]: https://developer.apple.com/library/mac/#documentation/security/Conceptual/AuthenticationAndAuthorizationGuide/Authorization/Authorization.html [authentication]: authentication.md From 507e8b9c68b330a78d9fea6d697859df27e6630c Mon Sep 17 00:00:00 2001 From: Robert Romano Date: Mon, 19 Nov 2012 21:40:11 -0800 Subject: [PATCH 3/5] Untabify example in #299 --- docs/api-guide/permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index b7d019eae..12bd6db79 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -119,7 +119,7 @@ Example of a custom permission checking authenticated user's first name for an a """ def has_permission(self, request, view, obj=None): if (request.user and - request.user.first_name in ("John", "Paul", "Ringo", "George",)): + request.user.first_name in ("John", "Paul", "Ringo", "George",)): return True else: return False From 13c1bfa15d0c0af23500c28036f5b9e22d356f6e Mon Sep 17 00:00:00 2001 From: Robert Romano Date: Mon, 19 Nov 2012 21:49:43 -0800 Subject: [PATCH 4/5] In example, fix name of DRF when cloned. --- docs/topics/contributing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/topics/contributing.md b/docs/topics/contributing.md index 959abc818..ddc89a3fb 100644 --- a/docs/topics/contributing.md +++ b/docs/topics/contributing.md @@ -20,8 +20,8 @@ Then, invoked the `runtests/runtests.py` script to execute all unittests. Here is an example session: ``` -/home/mydir/djangorestframework$ export PYTHONPATH=/home/mydir/djangorestramework:$PYTHONPATH -/home/mydir/djangorestframework$ rest_framework/runtests/runtests.py +/home/mydir/django-rest-framework$ export PYTHONPATH=/home/mydir/djangorestramework:$PYTHONPATH +/home/mydir/django-rest-framework$ rest_framework/runtests/runtests.py ``` ## Building the docs From c5acaa8939968a3bf14ac091199e83ac8c9b0f5d Mon Sep 17 00:00:00 2001 From: Rob Romano Date: Mon, 26 Nov 2012 15:28:29 -0800 Subject: [PATCH 5/5] Fix docs about the login token: authtoken.views.obtain_auth_token --- docs/api-guide/authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md index a30bd22c1..5ba75e0bd 100644 --- a/docs/api-guide/authentication.md +++ b/docs/api-guide/authentication.md @@ -117,7 +117,7 @@ When using TokenAuthentication, it may be useful to add a login view for clients REST framework provides a built-in login view for clients to retrieve the token called `rest_framework.authtoken.obtain_auth_token`. To use it, add a pattern to include the token login view for clients as follows: urlpatterns += patterns('', - url(r'^api-token-auth/', 'rest_framework.authtoken.obtain_auth_token') + url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token') ) The `r'^api-token-auth/'` part of pattern can actually be whatever URL you want to use. The authtoken login view will render a JSON response when a valid `username` and `password` fields are POST'ed to the view using forms or JSON: