From 788aae2aaf9f0bd8cfdce167b24222c47e72ef99 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Thu, 16 Jul 2015 16:46:07 +0100
Subject: [PATCH 1/3] Upgrade guardian support to 1.3. Closes #3163.

---
 requirements/requirements-optionals.txt | 2 +-
 rest_framework/filters.py               | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/requirements/requirements-optionals.txt b/requirements/requirements-optionals.txt
index 411ca0aab..3ada43ebd 100644
--- a/requirements/requirements-optionals.txt
+++ b/requirements/requirements-optionals.txt
@@ -1,4 +1,4 @@
 # Optional packages which may be used with REST framework.
 markdown==2.5.2
-django-guardian==1.2.5
+django-guardian==1.3.0
 django-filter==0.10.0
diff --git a/rest_framework/filters.py b/rest_framework/filters.py
index 36ce00476..a5e06b574 100644
--- a/rest_framework/filters.py
+++ b/rest_framework/filters.py
@@ -198,4 +198,7 @@ class DjangoObjectPermissionsFilter(BaseFilterBackend):
             'model_name': get_model_name(model_cls)
         }
         permission = self.perm_format % kwargs
-        return guardian.shortcuts.get_objects_for_user(user, permission, queryset)
+        if guardian.VERSION >= (1, 3):
+            # Maintain behavior compatibility with versions prior to 1.3
+            extra = {'accept_global_perms': False}
+        return guardian.shortcuts.get_objects_for_user(user, permission, queryset, **extra)

From 138e9fcc8ff07e7717df0824140ead2b1bddb66e Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Fri, 17 Jul 2015 12:39:22 +0100
Subject: [PATCH 2/3] Helpful error on erronous 'serializer.save(commit=False)'

---
 rest_framework/serializers.py | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/rest_framework/serializers.py b/rest_framework/serializers.py
index 4562329ee..fa3a53374 100644
--- a/rest_framework/serializers.py
+++ b/rest_framework/serializers.py
@@ -153,6 +153,16 @@ class BaseSerializer(Field):
             'You cannot call `.save()` on a serializer with invalid data.'
         )
 
+        # Guard against incorrect use of `serializer.save(commit=False)`
+        assert 'commit' not in kwargs, (
+            "'commit' is not a valid keyword argument to the 'save()' method. "
+            "If you need to access data before committing to the database then "
+            "inspect 'serializer.validated_data' instead. "
+            "You can also pass additional keyword arguments to 'save()' if you "
+            "need to set extra attributes on the saved model instance. "
+            "For example: 'serializer.save(owner=request.user)'.'"
+        )
+
         validated_data = dict(
             list(self.validated_data.items()) +
             list(kwargs.items())
@@ -611,6 +621,16 @@ class ListSerializer(BaseSerializer):
         """
         Save and return a list of object instances.
         """
+        # Guard against incorrect use of `serializer.save(commit=False)`
+        assert 'commit' not in kwargs, (
+            "'commit' is not a valid keyword argument to the 'save()' method. "
+            "If you need to access data before committing to the database then "
+            "inspect 'serializer.validated_data' instead. "
+            "You can also pass additional keyword arguments to 'save()' if you "
+            "need to set extra attributes on the saved model instance. "
+            "For example: 'serializer.save(owner=request.user)'.'"
+        )
+
         validated_data = [
             dict(list(attrs.items()) + list(kwargs.items()))
             for attrs in self.validated_data

From 7f7e6b33ff364abff3917a0b7ffb3f0b6b4a22d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Padilla?= <jpadilla@webapplicate.com>
Date: Sun, 19 Jul 2015 21:47:09 -0400
Subject: [PATCH 3/3] Update quickstart.md

Closes #3171
---
 docs/tutorial/quickstart.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/docs/tutorial/quickstart.md b/docs/tutorial/quickstart.md
index 5feacf4c9..9b040a393 100644
--- a/docs/tutorial/quickstart.md
+++ b/docs/tutorial/quickstart.md
@@ -83,8 +83,6 @@ Rather than write multiple views we're grouping together all the common behavior
 
 We can easily break these down into individual views if we need to, but using viewsets keeps the view logic nicely organized as well as being very concise.
 
-For trivial cases you can simply set a `model` attribute on the `ViewSet` class and the serializer and queryset will be automatically generated for you.  Setting the `queryset` and/or `serializer_class` attributes gives you more explicit control of the API behaviour, and is the recommended style for most applications.
-
 ## URLs
 
 Okay, now let's wire up the API URLs.  On to `tutorial/urls.py`...