This enables us to make queries like:
http://example.com/api/products?manufacturer__name=foo
This is nice, but it shows underlying model structure in REST API, which may -be undesired, but you can use:
+This is nice, but it exposes the Django's double underscore convention as part of the API. If you instead want to explicitly name the filter argument you can instead explicitly include it on the FilterSet class:
import django_filters
from myapp.models import Product
from myapp.serializers import ProductSerializer
from rest_framework import generics
class ProductFilter(django_filters.FilterSet):
-
manufacturer = django_filters.CharFilter(name="manufacturer__name")
class Meta:
@@ -520,6 +531,7 @@ class ProductFilter(django_filters.FilterSet):
+
+
@@ -172,11 +187,9 @@
format_suffix_patterns
Accept headers vs. format suffixes
-
-
-
-
-
+
+
+
@@ -251,6 +264,7 @@ def comment_list(request, format=None):
+
+
@@ -194,11 +209,9 @@
Third party packages
Django REST Framework bulk
-
-
-
-
-
+
+
+
@@ -475,6 +488,7 @@ class BaseRetrieveUpdateDestroyView(MultipleFieldLookupMixin,
+
+
@@ -178,11 +193,9 @@
Third party packages
DRF-extensions
-
-
-
-
-
+
+
+
@@ -334,6 +347,7 @@ class CustomPaginationSerializer(pagination.BasePaginationSerializer):
+
+
@@ -184,11 +199,9 @@
MessagePack
CamelCase JSON
-
-
-
-
-
+
+
+
@@ -340,6 +353,7 @@ def parse(self, stream, media_type=None, parser_context=None):
+
+
@@ -187,11 +202,9 @@
Composed Permissions
REST Condition
-
-
-
-
-
+
+
+
@@ -223,6 +236,9 @@ or if you override the get_object method on a generic view, then yo
self.check_object_permissions(self.request, obj)
return obj
For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects.
+Often when you're using object level permissions you'll also want to filter the queryset appropriately, to ensure that users only have visibility onto instances that they are permitted to view.
The default permission policy may be set globally, using the DEFAULT_PERMISSION_CLASSES setting. For example.
REST_FRAMEWORK = {
@@ -383,6 +399,7 @@ class BlacklistPermission(permissions.BasePermission):
+
+
@@ -188,11 +203,9 @@
Third Party Packages
DRF Nested Routers
-
-
-
-
-
+
+
+
@@ -584,6 +597,7 @@ In the 2.4 release, these parts of the API will be removed entirely.
+
+
@@ -198,11 +213,9 @@
UltraJSON
CamelCase JSON
-
-
-
-
-
+
+
+
@@ -523,6 +536,7 @@ In this case you can underspecify the media types it should respond to, by using
+
+
@@ -184,11 +199,9 @@
.stream
Standard HttpRequest attributes
-
-
-
-
-
+
+
+
@@ -282,6 +295,7 @@
+
+
@@ -182,11 +197,9 @@
Standard HttpResponse attributes
.render()
-
-
-
-
-
+
+
+
@@ -265,6 +278,7 @@ response['Cache-Control'] = 'no-cache'
+
+
@@ -172,11 +187,9 @@
reverse
reverse_lazy
-
-
-
-
-
+
+
+
@@ -240,6 +253,7 @@ class APIRootView(APIView):
+
+
@@ -181,11 +196,9 @@
wq.db
DRF-extensions
-
-
-
-
-
+
+
+
@@ -354,6 +367,7 @@ app.router.register_model(MyModel)
+
+
@@ -191,11 +206,9 @@
Dynamically modifying fields
Customising the default fields
-
-
-
-
-
+
+
+
@@ -666,6 +679,7 @@ The ModelSerializer class lets you automatically create a Serialize
+
+
@@ -180,11 +195,9 @@
View names and descriptions
Miscellaneous settings
-
-
-
-
-
+
+
+
@@ -438,6 +451,7 @@ If set to None then generic filtering is disabled.
+
+
@@ -176,11 +191,9 @@
Server Error - 5xx
Helper functions
-
-
-
-
-
+
+
+
@@ -300,6 +313,7 @@ is_server_error() # 5xx
+
+
@@ -186,11 +201,9 @@
Setting the default format
Setting the available formats
-
-
-
-
-
+
+
+
@@ -412,6 +425,7 @@ self.assertEqual(response.content, '{"username": "lauren", "id": 4}')
+
+
@@ -179,11 +194,9 @@
Custom throttles
Example
-
-
-
-
-
+
+
+
@@ -344,6 +357,7 @@ class UploadView(APIView):
+
+
@@ -177,11 +192,9 @@
@api_view()
API policy decorators
-
-
-
-
-
+
+
+
@@ -321,6 +334,7 @@ def view(request):
+
+
@@ -179,11 +194,9 @@
Custom ViewSet base classes
Example
-
-
-
-
-
+
+
+
@@ -398,6 +411,7 @@ class UserViewSet(viewsets.ModelViewSet):
+
+
@@ -181,12 +196,10 @@
Security
License
-
-
-
The team behind REST framework is launching a new API service.
-If you want to be first in line when we start issuing invitations, please sign up here.
-
-
+
+
+
+
@@ -227,7 +240,7 @@
Authentication policies including OAuth1a and OAuth2 out of the box.
Serialization that supports both ORM and non-ORM data sources.
Customizable all the way down - just use regular function-based views if you don't need the more powerful features.
-Extensive documentation, great community support, and a growing package ecosystem.
+Extensive documentation, and great community support.
Used and trusted by large companies such as Mozilla and Eventbrite.
@@ -431,6 +444,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
@@ -174,11 +189,9 @@
Community
API changes
-
-
-
-
-
+
+
+
@@ -311,6 +324,7 @@ serializer.data
+
+
@@ -186,11 +201,9 @@
Version 2.2 API changes
What comes next?
-
-
-
-
-
+
+
+
@@ -404,6 +417,7 @@ urlpatterns = patterns('',
+
+
@@ -173,11 +188,9 @@
CSRF protection
CORS
-
-
-
-
-
+
+
+
@@ -224,6 +237,7 @@
+
+
@@ -173,11 +188,9 @@
Formats
Customizing
-
-
-
-
-
+
+
+
@@ -318,6 +331,7 @@ class BookSerializer(serializers.ModelSerializer):
+
+
@@ -176,11 +191,9 @@
URL based format suffixes
Doesn't HTML5 support PUT and DELETE forms?
-
-
-
-
-
+
+
+
@@ -258,6 +271,7 @@ as well as how to support content types other than form-encoded data.
+
+
@@ -185,11 +200,9 @@
Getting started
Linking to your package
-
-
-
-
-
+
+
+
@@ -335,6 +348,7 @@ More text...
+
+
@@ -172,11 +187,9 @@
Additional thanks
Contact
-
-
-
-
-
+
+
+
@@ -397,6 +410,7 @@
+
+
@@ -173,11 +188,9 @@
Self describing APIs
The hypermedia approach
-
-
-
-
-
+
+
+
@@ -263,6 +276,7 @@
+
+
@@ -181,11 +196,9 @@
0.2.x series
0.1.x series
-
-
-
-
-
+
+
+
@@ -801,6 +814,7 @@
+
+
@@ -178,11 +193,9 @@
Documentation
Summary
-
-
-
-
-
+
+
+
@@ -259,6 +272,7 @@
+
+
@@ -173,11 +188,9 @@
What REST framework provides.
What REST framework doesn't provide.
-
-
-
-
-
+
+
+
@@ -227,6 +240,7 @@ the Design of Network-based Software Architectures.
+
+
@@ -171,11 +186,9 @@
Writable nested serializers
One-to-many data structures
-
-
-
-
-
+
+
+
@@ -235,6 +248,7 @@ class ToDoListSerializer(serializers.ModelSerializer):
+
+
@@ -180,11 +195,9 @@
Testing our first attempt at a Web API
Where are we now
-
-
-
-
-
+
+
+
@@ -499,6 +512,7 @@ Quit the server with CONTROL-C.
+
+
@@ -178,11 +193,9 @@
How's it looking?
What's next?
-
-
-
-
-
+
+
+
@@ -338,6 +351,7 @@ curl -X POST http://127.0.0.1:8000/snippets/ -d '{"code": "print 456"}' -H "Cont
+
+
@@ -173,11 +188,9 @@
Using mixins
Using generic class based views
-
-
-
-
-
+
+
+
@@ -331,6 +344,7 @@ class SnippetDetail(generics.RetrieveUpdateDestroyAPIView):
+
+
@@ -179,11 +194,9 @@
Authenticating with the API
Summary
-
-
-
-
-
+
+
+
@@ -367,6 +380,7 @@ class IsOwnerOrReadOnly(permissions.BasePermission):
+
+
@@ -176,11 +191,9 @@
Adding pagination
Browsing the API
-
-
-
-
-
+
+
+
@@ -333,6 +346,7 @@ urlpatterns += patterns('',
+
+
@@ -176,11 +191,9 @@
Reviewing our work
Onwards and upwards
-
-
-
-
-
+
+
+
@@ -322,6 +335,7 @@ urlpatterns = patterns('',
+
+
@@ -176,11 +191,9 @@
Settings
Testing our API
-
-
-
-
-
+
+
+
@@ -348,6 +361,7 @@ REST_FRAMEWORK = {
+