mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-29 13:04:03 +03:00
Merge remote-tracking branch 'reference/2.4.0' into feature/pytest
Conflicts: rest_framework/runtests/urls.py tests/test_response.py tox.ini
This commit is contained in:
commit
7b4463f739
|
@ -11,7 +11,6 @@ env:
|
||||||
- DJANGO="django==1.6.3"
|
- DJANGO="django==1.6.3"
|
||||||
- DJANGO="django==1.5.6"
|
- DJANGO="django==1.5.6"
|
||||||
- DJANGO="django==1.4.11"
|
- DJANGO="django==1.4.11"
|
||||||
- DJANGO="django==1.3.7"
|
|
||||||
|
|
||||||
install:
|
install:
|
||||||
- pip install $DJANGO
|
- pip install $DJANGO
|
||||||
|
@ -36,10 +35,5 @@ matrix:
|
||||||
env: DJANGO="https://www.djangoproject.com/download/1.7b2/tarball/"
|
env: DJANGO="https://www.djangoproject.com/download/1.7b2/tarball/"
|
||||||
- python: "3.2"
|
- python: "3.2"
|
||||||
env: DJANGO="django==1.4.11"
|
env: DJANGO="django==1.4.11"
|
||||||
- python: "3.2"
|
|
||||||
env: DJANGO="django==1.3.7"
|
|
||||||
- python: "3.3"
|
- python: "3.3"
|
||||||
env: DJANGO="django==1.4.11"
|
env: DJANGO="django==1.4.11"
|
||||||
- python: "3.3"
|
|
||||||
env: DJANGO="django==1.3.7"
|
|
||||||
|
|
||||||
|
|
|
@ -164,11 +164,12 @@ Corresponds to `django.db.models.fields.BooleanField`.
|
||||||
## CharField
|
## CharField
|
||||||
|
|
||||||
A text representation, optionally validates the text to be shorter than `max_length` and longer than `min_length`.
|
A text representation, optionally validates the text to be shorter than `max_length` and longer than `min_length`.
|
||||||
|
If `allow_none` is `False` (default), `None` values will be converted to an empty string.
|
||||||
|
|
||||||
Corresponds to `django.db.models.fields.CharField`
|
Corresponds to `django.db.models.fields.CharField`
|
||||||
or `django.db.models.fields.TextField`.
|
or `django.db.models.fields.TextField`.
|
||||||
|
|
||||||
**Signature:** `CharField(max_length=None, min_length=None)`
|
**Signature:** `CharField(max_length=None, min_length=None, allow_none=False)`
|
||||||
|
|
||||||
## URLField
|
## URLField
|
||||||
|
|
||||||
|
|
|
@ -51,13 +51,16 @@ This means you'll need to explicitly set the `base_name` argument when registeri
|
||||||
|
|
||||||
### Extra link and actions
|
### Extra link and actions
|
||||||
|
|
||||||
Any methods on the viewset decorated with `@link` or `@action` will also be routed.
|
Any methods on the viewset decorated with `@detail_route` or `@list_route` will also be routed.
|
||||||
For example, given a method like this on the `UserViewSet` class:
|
For example, given a method like this on the `UserViewSet` class:
|
||||||
|
|
||||||
from myapp.permissions import IsAdminOrIsSelf
|
from myapp.permissions import IsAdminOrIsSelf
|
||||||
from rest_framework.decorators import action
|
from rest_framework.decorators import detail_route
|
||||||
|
|
||||||
@action(permission_classes=[IsAdminOrIsSelf])
|
class UserViewSet(ModelViewSet):
|
||||||
|
...
|
||||||
|
|
||||||
|
@detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
|
||||||
def set_password(self, request, pk=None):
|
def set_password(self, request, pk=None):
|
||||||
...
|
...
|
||||||
|
|
||||||
|
@ -65,22 +68,24 @@ The following URL pattern would additionally be generated:
|
||||||
|
|
||||||
* URL pattern: `^users/{pk}/set_password/$` Name: `'user-set-password'`
|
* URL pattern: `^users/{pk}/set_password/$` Name: `'user-set-password'`
|
||||||
|
|
||||||
|
For more information see the viewset documentation on [marking extra actions for routing][route-decorators].
|
||||||
|
|
||||||
# API Guide
|
# API Guide
|
||||||
|
|
||||||
## SimpleRouter
|
## SimpleRouter
|
||||||
|
|
||||||
This router includes routes for the standard set of `list`, `create`, `retrieve`, `update`, `partial_update` and `destroy` actions. The viewset can also mark additional methods to be routed, using the `@link` or `@action` decorators.
|
This router includes routes for the standard set of `list`, `create`, `retrieve`, `update`, `partial_update` and `destroy` actions. The viewset can also mark additional methods to be routed, using the `@detail_route` or `@list_route` decorators.
|
||||||
|
|
||||||
<table border=1>
|
<table border=1>
|
||||||
<tr><th>URL Style</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
|
<tr><th>URL Style</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
|
||||||
<tr><td rowspan=2>{prefix}/</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
|
<tr><td rowspan=2>{prefix}/</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
|
||||||
<tr><td>POST</td><td>create</td></tr>
|
<tr><td>POST</td><td>create</td></tr>
|
||||||
|
<tr><td>{prefix}/{methodname}/</td><td>GET, or as specified by `methods` argument</td><td>`@list_route` decorated method</td><td>{basename}-{methodname}</td></tr>
|
||||||
<tr><td rowspan=4>{prefix}/{lookup}/</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
|
<tr><td rowspan=4>{prefix}/{lookup}/</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
|
||||||
<tr><td>PUT</td><td>update</td></tr>
|
<tr><td>PUT</td><td>update</td></tr>
|
||||||
<tr><td>PATCH</td><td>partial_update</td></tr>
|
<tr><td>PATCH</td><td>partial_update</td></tr>
|
||||||
<tr><td>DELETE</td><td>destroy</td></tr>
|
<tr><td>DELETE</td><td>destroy</td></tr>
|
||||||
<tr><td rowspan=2>{prefix}/{lookup}/{methodname}/</td><td>GET</td><td>@link decorated method</td><td rowspan=2>{basename}-{methodname}</td></tr>
|
<tr><td>{prefix}/{lookup}/{methodname}/</td><td>GET, or as specified by `methods` argument</td><td>`@detail_route` decorated method</td><td>{basename}-{methodname}</td></tr>
|
||||||
<tr><td>POST</td><td>@action decorated method</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
By default the URLs created by `SimpleRouter` are appended with a trailing slash.
|
By default the URLs created by `SimpleRouter` are appended with a trailing slash.
|
||||||
|
@ -90,6 +95,12 @@ This behavior can be modified by setting the `trailing_slash` argument to `False
|
||||||
|
|
||||||
Trailing slashes are conventional in Django, but are not used by default in some other frameworks such as Rails. Which style you choose to use is largely a matter of preference, although some javascript frameworks may expect a particular routing style.
|
Trailing slashes are conventional in Django, but are not used by default in some other frameworks such as Rails. Which style you choose to use is largely a matter of preference, although some javascript frameworks may expect a particular routing style.
|
||||||
|
|
||||||
|
The router will match lookup values containing any characters except slashes and period characters. For a more restrictive (or lenient) lookup pattern, set the `lookup_value_regex` attribute on the viewset. For example, you can limit the lookup to valid UUIDs:
|
||||||
|
|
||||||
|
class MyModelViewSet(mixins.RetrieveModelMixin, viewsets.GenericViewSet):
|
||||||
|
lookup_field = 'my_model_id'
|
||||||
|
lookup_value_regex = '[0-9a-f]{32}'
|
||||||
|
|
||||||
## DefaultRouter
|
## DefaultRouter
|
||||||
|
|
||||||
This router is similar to `SimpleRouter` as above, but additionally includes a default API root view, that returns a response containing hyperlinks to all the list views. It also generates routes for optional `.json` style format suffixes.
|
This router is similar to `SimpleRouter` as above, but additionally includes a default API root view, that returns a response containing hyperlinks to all the list views. It also generates routes for optional `.json` style format suffixes.
|
||||||
|
@ -99,12 +110,12 @@ This router is similar to `SimpleRouter` as above, but additionally includes a d
|
||||||
<tr><td>[.format]</td><td>GET</td><td>automatically generated root view</td><td>api-root</td></tr></tr>
|
<tr><td>[.format]</td><td>GET</td><td>automatically generated root view</td><td>api-root</td></tr></tr>
|
||||||
<tr><td rowspan=2>{prefix}/[.format]</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
|
<tr><td rowspan=2>{prefix}/[.format]</td><td>GET</td><td>list</td><td rowspan=2>{basename}-list</td></tr></tr>
|
||||||
<tr><td>POST</td><td>create</td></tr>
|
<tr><td>POST</td><td>create</td></tr>
|
||||||
|
<tr><td>{prefix}/{methodname}/[.format]</td><td>GET, or as specified by `methods` argument</td><td>`@list_route` decorated method</td><td>{basename}-{methodname}</td></tr>
|
||||||
<tr><td rowspan=4>{prefix}/{lookup}/[.format]</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
|
<tr><td rowspan=4>{prefix}/{lookup}/[.format]</td><td>GET</td><td>retrieve</td><td rowspan=4>{basename}-detail</td></tr></tr>
|
||||||
<tr><td>PUT</td><td>update</td></tr>
|
<tr><td>PUT</td><td>update</td></tr>
|
||||||
<tr><td>PATCH</td><td>partial_update</td></tr>
|
<tr><td>PATCH</td><td>partial_update</td></tr>
|
||||||
<tr><td>DELETE</td><td>destroy</td></tr>
|
<tr><td>DELETE</td><td>destroy</td></tr>
|
||||||
<tr><td rowspan=2>{prefix}/{lookup}/{methodname}/[.format]</td><td>GET</td><td>@link decorated method</td><td rowspan=2>{basename}-{methodname}</td></tr>
|
<tr><td>{prefix}/{lookup}/{methodname}/[.format]</td><td>GET, or as specified by `methods` argument</td><td>`@detail_route` decorated method</td><td>{basename}-{methodname}</td></tr>
|
||||||
<tr><td>POST</td><td>@action decorated method</td></tr>
|
|
||||||
</table>
|
</table>
|
||||||
|
|
||||||
As with `SimpleRouter` the trailing slashes on the URL routes can be removed by setting the `trailing_slash` argument to `False` when instantiating the router.
|
As with `SimpleRouter` the trailing slashes on the URL routes can be removed by setting the `trailing_slash` argument to `False` when instantiating the router.
|
||||||
|
@ -133,28 +144,87 @@ The arguments to the `Route` named tuple are:
|
||||||
|
|
||||||
**initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view. Note that the `suffix` argument is reserved for identifying the viewset type, used when generating the view name and breadcrumb links.
|
**initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view. Note that the `suffix` argument is reserved for identifying the viewset type, used when generating the view name and breadcrumb links.
|
||||||
|
|
||||||
|
## Customizing dynamic routes
|
||||||
|
|
||||||
|
You can also customize how the `@list_route` and `@detail_route` decorators are routed.
|
||||||
|
To route either or both of these decorators, include a `DynamicListRoute` and/or `DynamicDetailRoute` named tuple in the `.routes` list.
|
||||||
|
|
||||||
|
The arguments to `DynamicListRoute` and `DynamicDetailRoute` are:
|
||||||
|
|
||||||
|
**url**: A string representing the URL to be routed. May include the same format strings as `Route`, and additionally accepts the `{methodname}` and `{methodnamehyphen}` format strings.
|
||||||
|
|
||||||
|
**name**: The name of the URL as used in `reverse` calls. May include the following format strings: `{basename}`, `{methodname}` and `{methodnamehyphen}`.
|
||||||
|
|
||||||
|
**initkwargs**: A dictionary of any additional arguments that should be passed when instantiating the view.
|
||||||
|
|
||||||
## Example
|
## Example
|
||||||
|
|
||||||
The following example will only route to the `list` and `retrieve` actions, and does not use the trailing slash convention.
|
The following example will only route to the `list` and `retrieve` actions, and does not use the trailing slash convention.
|
||||||
|
|
||||||
from rest_framework.routers import Route, SimpleRouter
|
from rest_framework.routers import Route, DynamicDetailRoute, SimpleRouter
|
||||||
|
|
||||||
class ReadOnlyRouter(SimpleRouter):
|
class CustomReadOnlyRouter(SimpleRouter):
|
||||||
"""
|
"""
|
||||||
A router for read-only APIs, which doesn't use trailing slashes.
|
A router for read-only APIs, which doesn't use trailing slashes.
|
||||||
"""
|
"""
|
||||||
routes = [
|
routes = [
|
||||||
Route(url=r'^{prefix}$',
|
Route(
|
||||||
|
url=r'^{prefix}$',
|
||||||
mapping={'get': 'list'},
|
mapping={'get': 'list'},
|
||||||
name='{basename}-list',
|
name='{basename}-list',
|
||||||
initkwargs={'suffix': 'List'}),
|
initkwargs={'suffix': 'List'}
|
||||||
Route(url=r'^{prefix}/{lookup}$',
|
),
|
||||||
|
Route(
|
||||||
|
url=r'^{prefix}/{lookup}$',
|
||||||
mapping={'get': 'retrieve'},
|
mapping={'get': 'retrieve'},
|
||||||
name='{basename}-detail',
|
name='{basename}-detail',
|
||||||
initkwargs={'suffix': 'Detail'})
|
initkwargs={'suffix': 'Detail'}
|
||||||
|
),
|
||||||
|
DynamicDetailRoute(
|
||||||
|
url=r'^{prefix}/{lookup}/{methodnamehyphen}$',
|
||||||
|
name='{basename}-{methodnamehyphen}',
|
||||||
|
initkwargs={}
|
||||||
|
)
|
||||||
]
|
]
|
||||||
|
|
||||||
The `SimpleRouter` class provides another example of setting the `.routes` attribute.
|
Let's take a look at the routes our `CustomReadOnlyRouter` would generate for a simple viewset.
|
||||||
|
|
||||||
|
`views.py`:
|
||||||
|
|
||||||
|
class UserViewSet(viewsets.ReadOnlyModelViewSet):
|
||||||
|
"""
|
||||||
|
A viewset that provides the standard actions
|
||||||
|
"""
|
||||||
|
queryset = User.objects.all()
|
||||||
|
serializer_class = UserSerializer
|
||||||
|
lookup_field = 'username'
|
||||||
|
|
||||||
|
@detail_route()
|
||||||
|
def group_names(self, request):
|
||||||
|
"""
|
||||||
|
Returns a list of all the group names that the given
|
||||||
|
user belongs to.
|
||||||
|
"""
|
||||||
|
user = self.get_object()
|
||||||
|
groups = user.groups.all()
|
||||||
|
return Response([group.name for group in groups])
|
||||||
|
|
||||||
|
`urls.py`:
|
||||||
|
|
||||||
|
router = CustomReadOnlyRouter()
|
||||||
|
router.register('users', UserViewSet)
|
||||||
|
urlpatterns = router.urls
|
||||||
|
|
||||||
|
The following mappings would be generated...
|
||||||
|
|
||||||
|
<table border=1>
|
||||||
|
<tr><th>URL</th><th>HTTP Method</th><th>Action</th><th>URL Name</th></tr>
|
||||||
|
<tr><td>/users</td><td>GET</td><td>list</td><td>user-list</td></tr>
|
||||||
|
<tr><td>/users/{username}</td><td>GET</td><td>retrieve</td><td>user-detail</td></tr>
|
||||||
|
<tr><td>/users/{username}/group-names</td><td>GET</td><td>group_names</td><td>user-group-names</td></tr>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
For another example of setting the `.routes` attribute, see the source code for the `SimpleRouter` class.
|
||||||
|
|
||||||
## Advanced custom routers
|
## Advanced custom routers
|
||||||
|
|
||||||
|
@ -180,6 +250,7 @@ The [wq.db package][wq.db] provides an advanced [Router][wq.db-router] class (an
|
||||||
app.router.register_model(MyModel)
|
app.router.register_model(MyModel)
|
||||||
|
|
||||||
[cite]: http://guides.rubyonrails.org/routing.html
|
[cite]: http://guides.rubyonrails.org/routing.html
|
||||||
|
[route-decorators]: viewsets.html#marking-extra-actions-for-routing
|
||||||
[drf-nested-routers]: https://github.com/alanjds/drf-nested-routers
|
[drf-nested-routers]: https://github.com/alanjds/drf-nested-routers
|
||||||
[wq.db]: http://wq.io/wq.db
|
[wq.db]: http://wq.io/wq.db
|
||||||
[wq.db-router]: http://wq.io/docs/app.py
|
[wq.db-router]: http://wq.io/docs/app.py
|
||||||
|
|
|
@ -377,5 +377,11 @@ The name of a parameter in the URL conf that may be used to provide a format suf
|
||||||
|
|
||||||
Default: `'format'`
|
Default: `'format'`
|
||||||
|
|
||||||
|
#### NUM_PROXIES
|
||||||
|
|
||||||
|
An integer of 0 or more, that may be used to specify the number of application proxies that the API runs behind. This allows throttling to more accurately identify client IP addresses. If set to `None` then less strict IP matching will be used by the throttle classes.
|
||||||
|
|
||||||
|
Default: `None`
|
||||||
|
|
||||||
[cite]: http://www.python.org/dev/peps/pep-0020/
|
[cite]: http://www.python.org/dev/peps/pep-0020/
|
||||||
[strftime]: http://docs.python.org/2/library/time.html#time.strftime
|
[strftime]: http://docs.python.org/2/library/time.html#time.strftime
|
||||||
|
|
|
@ -66,6 +66,16 @@ Or, if you're using the `@api_view` decorator with function based views.
|
||||||
}
|
}
|
||||||
return Response(content)
|
return Response(content)
|
||||||
|
|
||||||
|
## How clients are identified
|
||||||
|
|
||||||
|
The `X-Forwarded-For` and `Remote-Addr` HTTP headers are used to uniquely identify client IP addresses for throttling. If the `X-Forwarded-For` header is present then it will be used, otherwise the value of the `Remote-Addr` header will be used.
|
||||||
|
|
||||||
|
If you need to strictly identify unique client IP addresses, you'll need to first configure the number of application proxies that the API runs behind by setting the `NUM_PROXIES` setting. This setting should be an integer of zero or more. If set to non-zero then the client IP will be identified as being the last IP address in the `X-Forwarded-For` header, once any application proxy IP addresses have first been excluded. If set to zero, then the `Remote-Addr` header will always be used as the identifying IP address.
|
||||||
|
|
||||||
|
It is important to understand that if you configure the `NUM_PROXIES` setting, then all clients behind a unique [NAT'd](http://en.wikipedia.org/wiki/Network_address_translation) gateway will be treated as a single client.
|
||||||
|
|
||||||
|
Further context on how the `X-Forwarded-For` header works, and identifing a remote client IP can be [found here][identifing-clients].
|
||||||
|
|
||||||
## Setting up the cache
|
## Setting up the cache
|
||||||
|
|
||||||
The throttle classes provided by REST framework use Django's cache backend. You should make sure that you've set appropriate [cache settings][cache-setting]. The default value of `LocMemCache` backend should be okay for simple setups. See Django's [cache documentation][cache-docs] for more details.
|
The throttle classes provided by REST framework use Django's cache backend. You should make sure that you've set appropriate [cache settings][cache-setting]. The default value of `LocMemCache` backend should be okay for simple setups. See Django's [cache documentation][cache-docs] for more details.
|
||||||
|
@ -178,5 +188,6 @@ The following is an example of a rate throttle, that will randomly throttle 1 in
|
||||||
|
|
||||||
[cite]: https://dev.twitter.com/docs/error-codes-responses
|
[cite]: https://dev.twitter.com/docs/error-codes-responses
|
||||||
[permissions]: permissions.md
|
[permissions]: permissions.md
|
||||||
|
[identifing-clients]: http://oxpedia.org/wiki/index.php?title=AppSuite:Grizzly#Multiple_Proxies_in_front_of_the_cluster
|
||||||
[cache-setting]: https://docs.djangoproject.com/en/dev/ref/settings/#caches
|
[cache-setting]: https://docs.djangoproject.com/en/dev/ref/settings/#caches
|
||||||
[cache-docs]: https://docs.djangoproject.com/en/dev/topics/cache/#setting-up-the-cache
|
[cache-docs]: https://docs.djangoproject.com/en/dev/topics/cache/#setting-up-the-cache
|
||||||
|
|
|
@ -70,7 +70,7 @@ There are two main advantages of using a `ViewSet` class over using a `View` cla
|
||||||
|
|
||||||
Both of these come with a trade-off. Using regular views and URL confs is more explicit and gives you more control. ViewSets are helpful if you want to get up and running quickly, or when you have a large API and you want to enforce a consistent URL configuration throughout.
|
Both of these come with a trade-off. Using regular views and URL confs is more explicit and gives you more control. ViewSets are helpful if you want to get up and running quickly, or when you have a large API and you want to enforce a consistent URL configuration throughout.
|
||||||
|
|
||||||
## Marking extra methods for routing
|
## Marking extra actions for routing
|
||||||
|
|
||||||
The default routers included with REST framework will provide routes for a standard set of create/retrieve/update/destroy style operations, as shown below:
|
The default routers included with REST framework will provide routes for a standard set of create/retrieve/update/destroy style operations, as shown below:
|
||||||
|
|
||||||
|
@ -101,14 +101,16 @@ The default routers included with REST framework will provide routes for a stand
|
||||||
def destroy(self, request, pk=None):
|
def destroy(self, request, pk=None):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@link` or `@action` decorators. The `@link` decorator will route `GET` requests, and the `@action` decorator will route `POST` requests.
|
If you have ad-hoc methods that you need to be routed to, you can mark them as requiring routing using the `@detail_route` or `@list_route` decorators.
|
||||||
|
|
||||||
|
The `@detail_route` decorator contains `pk` in its URL pattern and is intended for methods which require a single instance. The `@list_route` decorator is intended for methods which operate on a list of objects.
|
||||||
|
|
||||||
For example:
|
For example:
|
||||||
|
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from rest_framework import viewsets
|
|
||||||
from rest_framework import status
|
from rest_framework import status
|
||||||
from rest_framework.decorators import action
|
from rest_framework import viewsets
|
||||||
|
from rest_framework.decorators import detail_route, list_route
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from myapp.serializers import UserSerializer, PasswordSerializer
|
from myapp.serializers import UserSerializer, PasswordSerializer
|
||||||
|
|
||||||
|
@ -119,7 +121,7 @@ For example:
|
||||||
queryset = User.objects.all()
|
queryset = User.objects.all()
|
||||||
serializer_class = UserSerializer
|
serializer_class = UserSerializer
|
||||||
|
|
||||||
@action()
|
@detail_route(methods=['post'])
|
||||||
def set_password(self, request, pk=None):
|
def set_password(self, request, pk=None):
|
||||||
user = self.get_object()
|
user = self.get_object()
|
||||||
serializer = PasswordSerializer(data=request.DATA)
|
serializer = PasswordSerializer(data=request.DATA)
|
||||||
|
@ -131,21 +133,27 @@ For example:
|
||||||
return Response(serializer.errors,
|
return Response(serializer.errors,
|
||||||
status=status.HTTP_400_BAD_REQUEST)
|
status=status.HTTP_400_BAD_REQUEST)
|
||||||
|
|
||||||
The `@action` and `@link` decorators can additionally take extra arguments that will be set for the routed view only. For example...
|
@list_route()
|
||||||
|
def recent_users(self, request):
|
||||||
|
recent_users = User.objects.all().order('-last_login')
|
||||||
|
page = self.paginate_queryset(recent_users)
|
||||||
|
serializer = self.get_pagination_serializer(page)
|
||||||
|
return Response(serializer.data)
|
||||||
|
|
||||||
@action(permission_classes=[IsAdminOrIsSelf])
|
The decorators can additionally take extra arguments that will be set for the routed view only. For example...
|
||||||
|
|
||||||
|
@detail_route(methods=['post'], permission_classes=[IsAdminOrIsSelf])
|
||||||
def set_password(self, request, pk=None):
|
def set_password(self, request, pk=None):
|
||||||
...
|
...
|
||||||
|
|
||||||
The `@action` decorator will route `POST` requests by default, but may also accept other HTTP methods, by using the `method` argument. For example:
|
By default, the decorators will route `GET` requests, but may also accept other HTTP methods, by using the `methods` argument. For example:
|
||||||
|
|
||||||
@action(methods=['POST', 'DELETE'])
|
@detail_route(methods=['post', 'delete'])
|
||||||
def unset_password(self, request, pk=None):
|
def unset_password(self, request, pk=None):
|
||||||
...
|
...
|
||||||
|
|
||||||
The two new actions will then be available at the urls `^users/{pk}/set_password/$` and `^users/{pk}/unset_password/$`
|
The two new actions will then be available at the urls `^users/{pk}/set_password/$` and `^users/{pk}/unset_password/$`
|
||||||
|
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
# API Reference
|
# API Reference
|
||||||
|
|
5
docs/topics/2.4-accouncement.md
Normal file
5
docs/topics/2.4-accouncement.md
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
* Writable nested serializers.
|
||||||
|
* List/detail routes.
|
||||||
|
* 1.3 Support dropped, install six for <=1.4.?.
|
||||||
|
* `allow_none` for char fields
|
||||||
|
* `trailing_slash = True` --> `[^/]`, `trailing_slash = False` --> `[^/.]`, becomes simply `[^/]` and `lookup_value_regex` is added.
|
|
@ -38,6 +38,17 @@ You can determine your currently installed version using `pip freeze`:
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
### 2.4.0
|
||||||
|
|
||||||
|
* `@detail_route` and `@list_route` decorators replace `@action` and `@link`.
|
||||||
|
* `six` no longer bundled. For Django <= 1.4.1, install `six` package.
|
||||||
|
* Support customizable view name and description functions, using the `VIEW_NAME_FUNCTION` and `VIEW_DESCRIPTION_FUNCTION` settings.
|
||||||
|
* Added `NUM_PROXIES` setting for smarter client IP identification.
|
||||||
|
* Added `MAX_PAGINATE_BY` setting and `max_paginate_by` generic view attribute.
|
||||||
|
* Added `cache` attribute to throttles to allow overriding of default cache.
|
||||||
|
* Bugfix: `?page_size=0` query parameter now falls back to default page size for view, instead of always turning pagination off.
|
||||||
|
|
||||||
|
|
||||||
## 2.3.x series
|
## 2.3.x series
|
||||||
|
|
||||||
### 2.3.x
|
### 2.3.x
|
||||||
|
@ -60,6 +71,8 @@ You can determine your currently installed version using `pip freeze`:
|
||||||
* Fix `Request`'s `QueryDict` encoding
|
* Fix `Request`'s `QueryDict` encoding
|
||||||
|
|
||||||
### 2.3.13
|
### 2.3.13
|
||||||
|
## 2.3.x series
|
||||||
|
|
||||||
|
|
||||||
**Date**: 6th March 2014
|
**Date**: 6th March 2014
|
||||||
|
|
||||||
|
|
|
@ -25,7 +25,7 @@ Here we've used `ReadOnlyModelViewSet` class to automatically provide the defaul
|
||||||
|
|
||||||
Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighlight` view classes. We can remove the three views, and again replace them with a single class.
|
Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighlight` view classes. We can remove the three views, and again replace them with a single class.
|
||||||
|
|
||||||
from rest_framework.decorators import link
|
from rest_framework.decorators import detail_route
|
||||||
|
|
||||||
class SnippetViewSet(viewsets.ModelViewSet):
|
class SnippetViewSet(viewsets.ModelViewSet):
|
||||||
"""
|
"""
|
||||||
|
@ -39,7 +39,7 @@ Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighl
|
||||||
permission_classes = (permissions.IsAuthenticatedOrReadOnly,
|
permission_classes = (permissions.IsAuthenticatedOrReadOnly,
|
||||||
IsOwnerOrReadOnly,)
|
IsOwnerOrReadOnly,)
|
||||||
|
|
||||||
@link(renderer_classes=[renderers.StaticHTMLRenderer])
|
@detail_route(renderer_classes=[renderers.StaticHTMLRenderer])
|
||||||
def highlight(self, request, *args, **kwargs):
|
def highlight(self, request, *args, **kwargs):
|
||||||
snippet = self.get_object()
|
snippet = self.get_object()
|
||||||
return Response(snippet.highlighted)
|
return Response(snippet.highlighted)
|
||||||
|
@ -49,9 +49,9 @@ Next we're going to replace the `SnippetList`, `SnippetDetail` and `SnippetHighl
|
||||||
|
|
||||||
This time we've used the `ModelViewSet` class in order to get the complete set of default read and write operations.
|
This time we've used the `ModelViewSet` class in order to get the complete set of default read and write operations.
|
||||||
|
|
||||||
Notice that we've also used the `@link` decorator to create a custom action, named `highlight`. This decorator can be used to add any custom endpoints that don't fit into the standard `create`/`update`/`delete` style.
|
Notice that we've also used the `@detail_route` decorator to create a custom action, named `highlight`. This decorator can be used to add any custom endpoints that don't fit into the standard `create`/`update`/`delete` style.
|
||||||
|
|
||||||
Custom actions which use the `@link` decorator will respond to `GET` requests. We could have instead used the `@action` decorator if we wanted an action that responded to `POST` requests.
|
Custom actions which use the `@detail_route` decorator will respond to `GET` requests. We can use the `methods` argument if we wanted an action that responded to `POST` requests.
|
||||||
|
|
||||||
## Binding ViewSets to URLs explicitly
|
## Binding ViewSets to URLs explicitly
|
||||||
|
|
||||||
|
|
|
@ -6,9 +6,9 @@ import base64
|
||||||
|
|
||||||
from django.contrib.auth import authenticate
|
from django.contrib.auth import authenticate
|
||||||
from django.core.exceptions import ImproperlyConfigured
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
|
from django.middleware.csrf import CsrfViewMiddleware
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from rest_framework import exceptions, HTTP_HEADER_ENCODING
|
from rest_framework import exceptions, HTTP_HEADER_ENCODING
|
||||||
from rest_framework.compat import CsrfViewMiddleware
|
|
||||||
from rest_framework.compat import oauth, oauth_provider, oauth_provider_store
|
from rest_framework.compat import oauth, oauth_provider, oauth_provider_store
|
||||||
from rest_framework.compat import oauth2_provider, provider_now, check_nonce
|
from rest_framework.compat import oauth2_provider, provider_now, check_nonce
|
||||||
from rest_framework.authtoken.models import Token
|
from rest_framework.authtoken.models import Token
|
||||||
|
|
|
@ -5,25 +5,19 @@ versions of django/python, and compatibility wrappers around optional packages.
|
||||||
|
|
||||||
# flake8: noqa
|
# flake8: noqa
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
import django
|
import django
|
||||||
import inspect
|
import inspect
|
||||||
from django.core.exceptions import ImproperlyConfigured
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
|
|
||||||
# Try to import six from Django, fallback to included `six`.
|
|
||||||
|
# Try to import six from Django, fallback to external `six` package.
|
||||||
try:
|
try:
|
||||||
from django.utils import six
|
from django.utils import six
|
||||||
except ImportError:
|
except ImportError:
|
||||||
from rest_framework import six
|
import six
|
||||||
|
|
||||||
# location of patterns, url, include changes in 1.4 onwards
|
# Handle django.utils.encoding rename in 1.5 onwards.
|
||||||
try:
|
|
||||||
from django.conf.urls import patterns, url, include
|
|
||||||
except ImportError:
|
|
||||||
from django.conf.urls.defaults import patterns, url, include
|
|
||||||
|
|
||||||
# Handle django.utils.encoding rename:
|
|
||||||
# smart_unicode -> smart_text
|
# smart_unicode -> smart_text
|
||||||
# force_unicode -> force_text
|
# force_unicode -> force_text
|
||||||
try:
|
try:
|
||||||
|
@ -42,13 +36,15 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
from django.http import HttpResponse as HttpResponseBase
|
from django.http import HttpResponse as HttpResponseBase
|
||||||
|
|
||||||
|
|
||||||
# django-filter is optional
|
# django-filter is optional
|
||||||
try:
|
try:
|
||||||
import django_filters
|
import django_filters
|
||||||
except ImportError:
|
except ImportError:
|
||||||
django_filters = None
|
django_filters = None
|
||||||
|
|
||||||
# guardian is optional
|
|
||||||
|
# django-guardian is optional
|
||||||
try:
|
try:
|
||||||
import guardian
|
import guardian
|
||||||
except ImportError:
|
except ImportError:
|
||||||
|
@ -104,46 +100,13 @@ def get_concrete_model(model_cls):
|
||||||
return model_cls
|
return model_cls
|
||||||
|
|
||||||
|
|
||||||
|
# View._allowed_methods only present from 1.5 onwards
|
||||||
if django.VERSION >= (1, 5):
|
if django.VERSION >= (1, 5):
|
||||||
from django.views.generic import View
|
from django.views.generic import View
|
||||||
else:
|
else:
|
||||||
from django.views.generic import View as _View
|
from django.views.generic import View as DjangoView
|
||||||
from django.utils.decorators import classonlymethod
|
|
||||||
from django.utils.functional import update_wrapper
|
|
||||||
|
|
||||||
class View(_View):
|
class View(DjangoView):
|
||||||
# 1.3 does not include head method in base View class
|
|
||||||
# See: https://code.djangoproject.com/ticket/15668
|
|
||||||
@classonlymethod
|
|
||||||
def as_view(cls, **initkwargs):
|
|
||||||
"""
|
|
||||||
Main entry point for a request-response process.
|
|
||||||
"""
|
|
||||||
# sanitize keyword arguments
|
|
||||||
for key in initkwargs:
|
|
||||||
if key in cls.http_method_names:
|
|
||||||
raise TypeError("You tried to pass in the %s method name as a "
|
|
||||||
"keyword argument to %s(). Don't do that."
|
|
||||||
% (key, cls.__name__))
|
|
||||||
if not hasattr(cls, key):
|
|
||||||
raise TypeError("%s() received an invalid keyword %r" % (
|
|
||||||
cls.__name__, key))
|
|
||||||
|
|
||||||
def view(request, *args, **kwargs):
|
|
||||||
self = cls(**initkwargs)
|
|
||||||
if hasattr(self, 'get') and not hasattr(self, 'head'):
|
|
||||||
self.head = self.get
|
|
||||||
return self.dispatch(request, *args, **kwargs)
|
|
||||||
|
|
||||||
# take name and docstring from class
|
|
||||||
update_wrapper(view, cls, updated=())
|
|
||||||
|
|
||||||
# and possible attributes set by decorators
|
|
||||||
# like csrf_exempt from dispatch
|
|
||||||
update_wrapper(view, cls.dispatch, assigned=())
|
|
||||||
return view
|
|
||||||
|
|
||||||
# _allowed_methods only present from 1.5 onwards
|
|
||||||
def _allowed_methods(self):
|
def _allowed_methods(self):
|
||||||
return [m.upper() for m in self.http_method_names if hasattr(self, m)]
|
return [m.upper() for m in self.http_method_names if hasattr(self, m)]
|
||||||
|
|
||||||
|
@ -153,316 +116,16 @@ if 'patch' not in View.http_method_names:
|
||||||
View.http_method_names = View.http_method_names + ['patch']
|
View.http_method_names = View.http_method_names + ['patch']
|
||||||
|
|
||||||
|
|
||||||
# PUT, DELETE do not require CSRF until 1.4. They should. Make it better.
|
# RequestFactory only provides `generic` from 1.5 onwards
|
||||||
if django.VERSION >= (1, 4):
|
|
||||||
from django.middleware.csrf import CsrfViewMiddleware
|
|
||||||
else:
|
|
||||||
import hashlib
|
|
||||||
import re
|
|
||||||
import random
|
|
||||||
import logging
|
|
||||||
|
|
||||||
from django.conf import settings
|
|
||||||
from django.core.urlresolvers import get_callable
|
|
||||||
|
|
||||||
try:
|
|
||||||
from logging import NullHandler
|
|
||||||
except ImportError:
|
|
||||||
class NullHandler(logging.Handler):
|
|
||||||
def emit(self, record):
|
|
||||||
pass
|
|
||||||
|
|
||||||
logger = logging.getLogger('django.request')
|
|
||||||
|
|
||||||
if not logger.handlers:
|
|
||||||
logger.addHandler(NullHandler())
|
|
||||||
|
|
||||||
def same_origin(url1, url2):
|
|
||||||
"""
|
|
||||||
Checks if two URLs are 'same-origin'
|
|
||||||
"""
|
|
||||||
p1, p2 = urlparse.urlparse(url1), urlparse.urlparse(url2)
|
|
||||||
return p1[0:2] == p2[0:2]
|
|
||||||
|
|
||||||
def constant_time_compare(val1, val2):
|
|
||||||
"""
|
|
||||||
Returns True if the two strings are equal, False otherwise.
|
|
||||||
|
|
||||||
The time taken is independent of the number of characters that match.
|
|
||||||
"""
|
|
||||||
if len(val1) != len(val2):
|
|
||||||
return False
|
|
||||||
result = 0
|
|
||||||
for x, y in zip(val1, val2):
|
|
||||||
result |= ord(x) ^ ord(y)
|
|
||||||
return result == 0
|
|
||||||
|
|
||||||
# Use the system (hardware-based) random number generator if it exists.
|
|
||||||
if hasattr(random, 'SystemRandom'):
|
|
||||||
randrange = random.SystemRandom().randrange
|
|
||||||
else:
|
|
||||||
randrange = random.randrange
|
|
||||||
|
|
||||||
_MAX_CSRF_KEY = 18446744073709551616 # 2 << 63
|
|
||||||
|
|
||||||
REASON_NO_REFERER = "Referer checking failed - no Referer."
|
|
||||||
REASON_BAD_REFERER = "Referer checking failed - %s does not match %s."
|
|
||||||
REASON_NO_CSRF_COOKIE = "CSRF cookie not set."
|
|
||||||
REASON_BAD_TOKEN = "CSRF token missing or incorrect."
|
|
||||||
|
|
||||||
def _get_failure_view():
|
|
||||||
"""
|
|
||||||
Returns the view to be used for CSRF rejections
|
|
||||||
"""
|
|
||||||
return get_callable(settings.CSRF_FAILURE_VIEW)
|
|
||||||
|
|
||||||
def _get_new_csrf_key():
|
|
||||||
return hashlib.md5("%s%s" % (randrange(0, _MAX_CSRF_KEY), settings.SECRET_KEY)).hexdigest()
|
|
||||||
|
|
||||||
def get_token(request):
|
|
||||||
"""
|
|
||||||
Returns the the CSRF token required for a POST form. The token is an
|
|
||||||
alphanumeric value.
|
|
||||||
|
|
||||||
A side effect of calling this function is to make the the csrf_protect
|
|
||||||
decorator and the CsrfViewMiddleware add a CSRF cookie and a 'Vary: Cookie'
|
|
||||||
header to the outgoing response. For this reason, you may need to use this
|
|
||||||
function lazily, as is done by the csrf context processor.
|
|
||||||
"""
|
|
||||||
request.META["CSRF_COOKIE_USED"] = True
|
|
||||||
return request.META.get("CSRF_COOKIE", None)
|
|
||||||
|
|
||||||
def _sanitize_token(token):
|
|
||||||
# Allow only alphanum, and ensure we return a 'str' for the sake of the post
|
|
||||||
# processing middleware.
|
|
||||||
token = re.sub('[^a-zA-Z0-9]', '', str(token.decode('ascii', 'ignore')))
|
|
||||||
if token == "":
|
|
||||||
# In case the cookie has been truncated to nothing at some point.
|
|
||||||
return _get_new_csrf_key()
|
|
||||||
else:
|
|
||||||
return token
|
|
||||||
|
|
||||||
class CsrfViewMiddleware(object):
|
|
||||||
"""
|
|
||||||
Middleware that requires a present and correct csrfmiddlewaretoken
|
|
||||||
for POST requests that have a CSRF cookie, and sets an outgoing
|
|
||||||
CSRF cookie.
|
|
||||||
|
|
||||||
This middleware should be used in conjunction with the csrf_token template
|
|
||||||
tag.
|
|
||||||
"""
|
|
||||||
# The _accept and _reject methods currently only exist for the sake of the
|
|
||||||
# requires_csrf_token decorator.
|
|
||||||
def _accept(self, request):
|
|
||||||
# Avoid checking the request twice by adding a custom attribute to
|
|
||||||
# request. This will be relevant when both decorator and middleware
|
|
||||||
# are used.
|
|
||||||
request.csrf_processing_done = True
|
|
||||||
return None
|
|
||||||
|
|
||||||
def _reject(self, request, reason):
|
|
||||||
return _get_failure_view()(request, reason=reason)
|
|
||||||
|
|
||||||
def process_view(self, request, callback, callback_args, callback_kwargs):
|
|
||||||
|
|
||||||
if getattr(request, 'csrf_processing_done', False):
|
|
||||||
return None
|
|
||||||
|
|
||||||
try:
|
|
||||||
csrf_token = _sanitize_token(request.COOKIES[settings.CSRF_COOKIE_NAME])
|
|
||||||
# Use same token next time
|
|
||||||
request.META['CSRF_COOKIE'] = csrf_token
|
|
||||||
except KeyError:
|
|
||||||
csrf_token = None
|
|
||||||
# Generate token and store it in the request, so it's available to the view.
|
|
||||||
request.META["CSRF_COOKIE"] = _get_new_csrf_key()
|
|
||||||
|
|
||||||
# Wait until request.META["CSRF_COOKIE"] has been manipulated before
|
|
||||||
# bailing out, so that get_token still works
|
|
||||||
if getattr(callback, 'csrf_exempt', False):
|
|
||||||
return None
|
|
||||||
|
|
||||||
# Assume that anything not defined as 'safe' by RC2616 needs protection.
|
|
||||||
if request.method not in ('GET', 'HEAD', 'OPTIONS', 'TRACE'):
|
|
||||||
if getattr(request, '_dont_enforce_csrf_checks', False):
|
|
||||||
# Mechanism to turn off CSRF checks for test suite. It comes after
|
|
||||||
# the creation of CSRF cookies, so that everything else continues to
|
|
||||||
# work exactly the same (e.g. cookies are sent etc), but before the
|
|
||||||
# any branches that call reject()
|
|
||||||
return self._accept(request)
|
|
||||||
|
|
||||||
if request.is_secure():
|
|
||||||
# Suppose user visits http://example.com/
|
|
||||||
# An active network attacker,(man-in-the-middle, MITM) sends a
|
|
||||||
# POST form which targets https://example.com/detonate-bomb/ and
|
|
||||||
# submits it via javascript.
|
|
||||||
#
|
|
||||||
# The attacker will need to provide a CSRF cookie and token, but
|
|
||||||
# that is no problem for a MITM and the session independent
|
|
||||||
# nonce we are using. So the MITM can circumvent the CSRF
|
|
||||||
# protection. This is true for any HTTP connection, but anyone
|
|
||||||
# using HTTPS expects better! For this reason, for
|
|
||||||
# https://example.com/ we need additional protection that treats
|
|
||||||
# http://example.com/ as completely untrusted. Under HTTPS,
|
|
||||||
# Barth et al. found that the Referer header is missing for
|
|
||||||
# same-domain requests in only about 0.2% of cases or less, so
|
|
||||||
# we can use strict Referer checking.
|
|
||||||
referer = request.META.get('HTTP_REFERER')
|
|
||||||
if referer is None:
|
|
||||||
logger.warning('Forbidden (%s): %s' % (REASON_NO_REFERER, request.path),
|
|
||||||
extra={
|
|
||||||
'status_code': 403,
|
|
||||||
'request': request,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
return self._reject(request, REASON_NO_REFERER)
|
|
||||||
|
|
||||||
# Note that request.get_host() includes the port
|
|
||||||
good_referer = 'https://%s/' % request.get_host()
|
|
||||||
if not same_origin(referer, good_referer):
|
|
||||||
reason = REASON_BAD_REFERER % (referer, good_referer)
|
|
||||||
logger.warning('Forbidden (%s): %s' % (reason, request.path),
|
|
||||||
extra={
|
|
||||||
'status_code': 403,
|
|
||||||
'request': request,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
return self._reject(request, reason)
|
|
||||||
|
|
||||||
if csrf_token is None:
|
|
||||||
# No CSRF cookie. For POST requests, we insist on a CSRF cookie,
|
|
||||||
# and in this way we can avoid all CSRF attacks, including login
|
|
||||||
# CSRF.
|
|
||||||
logger.warning('Forbidden (%s): %s' % (REASON_NO_CSRF_COOKIE, request.path),
|
|
||||||
extra={
|
|
||||||
'status_code': 403,
|
|
||||||
'request': request,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
return self._reject(request, REASON_NO_CSRF_COOKIE)
|
|
||||||
|
|
||||||
# check non-cookie token for match
|
|
||||||
request_csrf_token = ""
|
|
||||||
if request.method == "POST":
|
|
||||||
request_csrf_token = request.POST.get('csrfmiddlewaretoken', '')
|
|
||||||
|
|
||||||
if request_csrf_token == "":
|
|
||||||
# Fall back to X-CSRFToken, to make things easier for AJAX,
|
|
||||||
# and possible for PUT/DELETE
|
|
||||||
request_csrf_token = request.META.get('HTTP_X_CSRFTOKEN', '')
|
|
||||||
|
|
||||||
if not constant_time_compare(request_csrf_token, csrf_token):
|
|
||||||
logger.warning('Forbidden (%s): %s' % (REASON_BAD_TOKEN, request.path),
|
|
||||||
extra={
|
|
||||||
'status_code': 403,
|
|
||||||
'request': request,
|
|
||||||
}
|
|
||||||
)
|
|
||||||
return self._reject(request, REASON_BAD_TOKEN)
|
|
||||||
|
|
||||||
return self._accept(request)
|
|
||||||
|
|
||||||
# timezone support is new in Django 1.4
|
|
||||||
try:
|
|
||||||
from django.utils import timezone
|
|
||||||
except ImportError:
|
|
||||||
timezone = None
|
|
||||||
|
|
||||||
# dateparse is ALSO new in Django 1.4
|
|
||||||
try:
|
|
||||||
from django.utils.dateparse import parse_date, parse_datetime, parse_time
|
|
||||||
except ImportError:
|
|
||||||
import datetime
|
|
||||||
import re
|
|
||||||
|
|
||||||
date_re = re.compile(
|
|
||||||
r'(?P<year>\d{4})-(?P<month>\d{1,2})-(?P<day>\d{1,2})$'
|
|
||||||
)
|
|
||||||
|
|
||||||
datetime_re = re.compile(
|
|
||||||
r'(?P<year>\d{4})-(?P<month>\d{1,2})-(?P<day>\d{1,2})'
|
|
||||||
r'[T ](?P<hour>\d{1,2}):(?P<minute>\d{1,2})'
|
|
||||||
r'(?::(?P<second>\d{1,2})(?:\.(?P<microsecond>\d{1,6})\d{0,6})?)?'
|
|
||||||
r'(?P<tzinfo>Z|[+-]\d{1,2}:\d{1,2})?$'
|
|
||||||
)
|
|
||||||
|
|
||||||
time_re = re.compile(
|
|
||||||
r'(?P<hour>\d{1,2}):(?P<minute>\d{1,2})'
|
|
||||||
r'(?::(?P<second>\d{1,2})(?:\.(?P<microsecond>\d{1,6})\d{0,6})?)?'
|
|
||||||
)
|
|
||||||
|
|
||||||
def parse_date(value):
|
|
||||||
match = date_re.match(value)
|
|
||||||
if match:
|
|
||||||
kw = dict((k, int(v)) for k, v in match.groupdict().iteritems())
|
|
||||||
return datetime.date(**kw)
|
|
||||||
|
|
||||||
def parse_time(value):
|
|
||||||
match = time_re.match(value)
|
|
||||||
if match:
|
|
||||||
kw = match.groupdict()
|
|
||||||
if kw['microsecond']:
|
|
||||||
kw['microsecond'] = kw['microsecond'].ljust(6, '0')
|
|
||||||
kw = dict((k, int(v)) for k, v in kw.iteritems() if v is not None)
|
|
||||||
return datetime.time(**kw)
|
|
||||||
|
|
||||||
def parse_datetime(value):
|
|
||||||
"""Parse datetime, but w/o the timezone awareness in 1.4"""
|
|
||||||
match = datetime_re.match(value)
|
|
||||||
if match:
|
|
||||||
kw = match.groupdict()
|
|
||||||
if kw['microsecond']:
|
|
||||||
kw['microsecond'] = kw['microsecond'].ljust(6, '0')
|
|
||||||
kw = dict((k, int(v)) for k, v in kw.iteritems() if v is not None)
|
|
||||||
return datetime.datetime(**kw)
|
|
||||||
|
|
||||||
|
|
||||||
# smart_urlquote is new on Django 1.4
|
|
||||||
try:
|
|
||||||
from django.utils.html import smart_urlquote
|
|
||||||
except ImportError:
|
|
||||||
import re
|
|
||||||
from django.utils.encoding import smart_str
|
|
||||||
try:
|
|
||||||
from urllib.parse import quote, urlsplit, urlunsplit
|
|
||||||
except ImportError: # Python 2
|
|
||||||
from urllib import quote
|
|
||||||
from urlparse import urlsplit, urlunsplit
|
|
||||||
|
|
||||||
unquoted_percents_re = re.compile(r'%(?![0-9A-Fa-f]{2})')
|
|
||||||
|
|
||||||
def smart_urlquote(url):
|
|
||||||
"Quotes a URL if it isn't already quoted."
|
|
||||||
# Handle IDN before quoting.
|
|
||||||
scheme, netloc, path, query, fragment = urlsplit(url)
|
|
||||||
try:
|
|
||||||
netloc = netloc.encode('idna').decode('ascii') # IDN -> ACE
|
|
||||||
except UnicodeError: # invalid domain part
|
|
||||||
pass
|
|
||||||
else:
|
|
||||||
url = urlunsplit((scheme, netloc, path, query, fragment))
|
|
||||||
|
|
||||||
# An URL is considered unquoted if it contains no % characters or
|
|
||||||
# contains a % not followed by two hexadecimal digits. See #9655.
|
|
||||||
if '%' not in url or unquoted_percents_re.search(url):
|
|
||||||
# See http://bugs.python.org/issue2637
|
|
||||||
url = quote(smart_str(url), safe=b'!*\'();:@&=+$,/?#[]~')
|
|
||||||
|
|
||||||
return force_text(url)
|
|
||||||
|
|
||||||
|
|
||||||
# RequestFactory only provide `generic` from 1.5 onwards
|
|
||||||
|
|
||||||
from django.test.client import RequestFactory as DjangoRequestFactory
|
from django.test.client import RequestFactory as DjangoRequestFactory
|
||||||
from django.test.client import FakePayload
|
from django.test.client import FakePayload
|
||||||
try:
|
try:
|
||||||
# In 1.5 the test client uses force_bytes
|
# In 1.5 the test client uses force_bytes
|
||||||
from django.utils.encoding import force_bytes as force_bytes_or_smart_bytes
|
from django.utils.encoding import force_bytes as force_bytes_or_smart_bytes
|
||||||
except ImportError:
|
except ImportError:
|
||||||
# In 1.3 and 1.4 the test client just uses smart_str
|
# In 1.4 the test client just uses smart_str
|
||||||
from django.utils.encoding import smart_str as force_bytes_or_smart_bytes
|
from django.utils.encoding import smart_str as force_bytes_or_smart_bytes
|
||||||
|
|
||||||
|
|
||||||
class RequestFactory(DjangoRequestFactory):
|
class RequestFactory(DjangoRequestFactory):
|
||||||
def generic(self, method, path,
|
def generic(self, method, path,
|
||||||
data='', content_type='application/octet-stream', **extra):
|
data='', content_type='application/octet-stream', **extra):
|
||||||
|
@ -487,6 +150,7 @@ class RequestFactory(DjangoRequestFactory):
|
||||||
r.update(extra)
|
r.update(extra)
|
||||||
return self.request(**r)
|
return self.request(**r)
|
||||||
|
|
||||||
|
|
||||||
# Markdown is optional
|
# Markdown is optional
|
||||||
try:
|
try:
|
||||||
import markdown
|
import markdown
|
||||||
|
@ -501,7 +165,6 @@ try:
|
||||||
safe_mode = False
|
safe_mode = False
|
||||||
md = markdown.Markdown(extensions=extensions, safe_mode=safe_mode)
|
md = markdown.Markdown(extensions=extensions, safe_mode=safe_mode)
|
||||||
return md.convert(text)
|
return md.convert(text)
|
||||||
|
|
||||||
except ImportError:
|
except ImportError:
|
||||||
apply_markdown = None
|
apply_markdown = None
|
||||||
|
|
||||||
|
@ -519,14 +182,16 @@ try:
|
||||||
except ImportError:
|
except ImportError:
|
||||||
etree = None
|
etree = None
|
||||||
|
|
||||||
# OAuth is optional
|
|
||||||
|
# OAuth2 is optional
|
||||||
try:
|
try:
|
||||||
# Note: The `oauth2` package actually provides oauth1.0a support. Urg.
|
# Note: The `oauth2` package actually provides oauth1.0a support. Urg.
|
||||||
import oauth2 as oauth
|
import oauth2 as oauth
|
||||||
except ImportError:
|
except ImportError:
|
||||||
oauth = None
|
oauth = None
|
||||||
|
|
||||||
# OAuth is optional
|
|
||||||
|
# OAuthProvider is optional
|
||||||
try:
|
try:
|
||||||
import oauth_provider
|
import oauth_provider
|
||||||
from oauth_provider.store import store as oauth_provider_store
|
from oauth_provider.store import store as oauth_provider_store
|
||||||
|
@ -548,6 +213,7 @@ except (ImportError, ImproperlyConfigured):
|
||||||
oauth_provider_store = None
|
oauth_provider_store = None
|
||||||
check_nonce = None
|
check_nonce = None
|
||||||
|
|
||||||
|
|
||||||
# OAuth 2 support is optional
|
# OAuth 2 support is optional
|
||||||
try:
|
try:
|
||||||
import provider as oauth2_provider
|
import provider as oauth2_provider
|
||||||
|
@ -567,7 +233,8 @@ except ImportError:
|
||||||
oauth2_constants = None
|
oauth2_constants = None
|
||||||
provider_now = None
|
provider_now = None
|
||||||
|
|
||||||
# Handle lazy strings
|
|
||||||
|
# Handle lazy strings across Py2/Py3
|
||||||
from django.utils.functional import Promise
|
from django.utils.functional import Promise
|
||||||
|
|
||||||
if six.PY3:
|
if six.PY3:
|
||||||
|
|
|
@ -3,13 +3,14 @@ The most important decorator in this module is `@api_view`, which is used
|
||||||
for writing function-based views with REST framework.
|
for writing function-based views with REST framework.
|
||||||
|
|
||||||
There are also various decorators for setting the API policies on function
|
There are also various decorators for setting the API policies on function
|
||||||
based views, as well as the `@action` and `@link` decorators, which are
|
based views, as well as the `@detail_route` and `@list_route` decorators, which are
|
||||||
used to annotate methods on viewsets that should be included by routers.
|
used to annotate methods on viewsets that should be included by routers.
|
||||||
"""
|
"""
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
from rest_framework.compat import six
|
from rest_framework.compat import six
|
||||||
from rest_framework.views import APIView
|
from rest_framework.views import APIView
|
||||||
import types
|
import types
|
||||||
|
import warnings
|
||||||
|
|
||||||
|
|
||||||
def api_view(http_method_names):
|
def api_view(http_method_names):
|
||||||
|
@ -107,12 +108,40 @@ def permission_classes(permission_classes):
|
||||||
return decorator
|
return decorator
|
||||||
|
|
||||||
|
|
||||||
def link(**kwargs):
|
def detail_route(methods=['get'], **kwargs):
|
||||||
"""
|
"""
|
||||||
Used to mark a method on a ViewSet that should be routed for GET requests.
|
Used to mark a method on a ViewSet that should be routed for detail requests.
|
||||||
"""
|
"""
|
||||||
|
def decorator(func):
|
||||||
|
func.bind_to_methods = methods
|
||||||
|
func.detail = True
|
||||||
|
func.kwargs = kwargs
|
||||||
|
return func
|
||||||
|
return decorator
|
||||||
|
|
||||||
|
|
||||||
|
def list_route(methods=['get'], **kwargs):
|
||||||
|
"""
|
||||||
|
Used to mark a method on a ViewSet that should be routed for list requests.
|
||||||
|
"""
|
||||||
|
def decorator(func):
|
||||||
|
func.bind_to_methods = methods
|
||||||
|
func.detail = False
|
||||||
|
func.kwargs = kwargs
|
||||||
|
return func
|
||||||
|
return decorator
|
||||||
|
|
||||||
|
# These are now pending deprecation, in favor of `detail_route` and `list_route`.
|
||||||
|
|
||||||
|
def link(**kwargs):
|
||||||
|
"""
|
||||||
|
Used to mark a method on a ViewSet that should be routed for detail GET requests.
|
||||||
|
"""
|
||||||
|
msg = 'link is pending deprecation. Use detail_route instead.'
|
||||||
|
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
||||||
def decorator(func):
|
def decorator(func):
|
||||||
func.bind_to_methods = ['get']
|
func.bind_to_methods = ['get']
|
||||||
|
func.detail = True
|
||||||
func.kwargs = kwargs
|
func.kwargs = kwargs
|
||||||
return func
|
return func
|
||||||
return decorator
|
return decorator
|
||||||
|
@ -120,10 +149,13 @@ def link(**kwargs):
|
||||||
|
|
||||||
def action(methods=['post'], **kwargs):
|
def action(methods=['post'], **kwargs):
|
||||||
"""
|
"""
|
||||||
Used to mark a method on a ViewSet that should be routed for POST requests.
|
Used to mark a method on a ViewSet that should be routed for detail POST requests.
|
||||||
"""
|
"""
|
||||||
|
msg = 'action is pending deprecation. Use detail_route instead.'
|
||||||
|
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
||||||
def decorator(func):
|
def decorator(func):
|
||||||
func.bind_to_methods = methods
|
func.bind_to_methods = methods
|
||||||
|
func.detail = True
|
||||||
func.kwargs = kwargs
|
func.kwargs = kwargs
|
||||||
return func
|
return func
|
||||||
return decorator
|
return decorator
|
|
@ -18,12 +18,14 @@ from django.conf import settings
|
||||||
from django.db.models.fields import BLANK_CHOICE_DASH
|
from django.db.models.fields import BLANK_CHOICE_DASH
|
||||||
from django.http import QueryDict
|
from django.http import QueryDict
|
||||||
from django.forms import widgets
|
from django.forms import widgets
|
||||||
|
from django.utils import timezone
|
||||||
from django.utils.encoding import is_protected_type
|
from django.utils.encoding import is_protected_type
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
from django.utils.datastructures import SortedDict
|
from django.utils.datastructures import SortedDict
|
||||||
|
from django.utils.dateparse import parse_date, parse_datetime, parse_time
|
||||||
from rest_framework import ISO_8601
|
from rest_framework import ISO_8601
|
||||||
from rest_framework.compat import (
|
from rest_framework.compat import (
|
||||||
timezone, parse_date, parse_datetime, parse_time, BytesIO, six, smart_text,
|
BytesIO, six, smart_text,
|
||||||
force_text, is_non_str_iterable
|
force_text, is_non_str_iterable
|
||||||
)
|
)
|
||||||
from rest_framework.settings import api_settings
|
from rest_framework.settings import api_settings
|
||||||
|
@ -260,13 +262,6 @@ class WritableField(Field):
|
||||||
validators=[], error_messages=None, widget=None,
|
validators=[], error_messages=None, widget=None,
|
||||||
default=None, blank=None):
|
default=None, blank=None):
|
||||||
|
|
||||||
# 'blank' is to be deprecated in favor of 'required'
|
|
||||||
if blank is not None:
|
|
||||||
warnings.warn('The `blank` keyword argument is deprecated. '
|
|
||||||
'Use the `required` keyword argument instead.',
|
|
||||||
DeprecationWarning, stacklevel=2)
|
|
||||||
required = not(blank)
|
|
||||||
|
|
||||||
super(WritableField, self).__init__(source=source, label=label, help_text=help_text)
|
super(WritableField, self).__init__(source=source, label=label, help_text=help_text)
|
||||||
|
|
||||||
self.read_only = read_only
|
self.read_only = read_only
|
||||||
|
@ -460,8 +455,9 @@ class CharField(WritableField):
|
||||||
type_label = 'string'
|
type_label = 'string'
|
||||||
form_field_class = forms.CharField
|
form_field_class = forms.CharField
|
||||||
|
|
||||||
def __init__(self, max_length=None, min_length=None, *args, **kwargs):
|
def __init__(self, max_length=None, min_length=None, allow_none=False, *args, **kwargs):
|
||||||
self.max_length, self.min_length = max_length, min_length
|
self.max_length, self.min_length = max_length, min_length
|
||||||
|
self.allow_none = allow_none
|
||||||
super(CharField, self).__init__(*args, **kwargs)
|
super(CharField, self).__init__(*args, **kwargs)
|
||||||
if min_length is not None:
|
if min_length is not None:
|
||||||
self.validators.append(validators.MinLengthValidator(min_length))
|
self.validators.append(validators.MinLengthValidator(min_length))
|
||||||
|
@ -469,7 +465,9 @@ class CharField(WritableField):
|
||||||
self.validators.append(validators.MaxLengthValidator(max_length))
|
self.validators.append(validators.MaxLengthValidator(max_length))
|
||||||
|
|
||||||
def from_native(self, value):
|
def from_native(self, value):
|
||||||
if isinstance(value, six.string_types) or value is None:
|
if value is None and not self.allow_none:
|
||||||
|
return ''
|
||||||
|
if isinstance(value, six.string_types):
|
||||||
return value
|
return value
|
||||||
return smart_text(value)
|
return smart_text(value)
|
||||||
|
|
||||||
|
|
|
@ -121,11 +121,11 @@ class GenericAPIView(views.APIView):
|
||||||
deprecated_style = False
|
deprecated_style = False
|
||||||
if page_size is not None:
|
if page_size is not None:
|
||||||
warnings.warn('The `page_size` parameter to `paginate_queryset()` '
|
warnings.warn('The `page_size` parameter to `paginate_queryset()` '
|
||||||
'is due to be deprecated. '
|
'is deprecated. '
|
||||||
'Note that the return style of this method is also '
|
'Note that the return style of this method is also '
|
||||||
'changed, and will simply return a page object '
|
'changed, and will simply return a page object '
|
||||||
'when called without a `page_size` argument.',
|
'when called without a `page_size` argument.',
|
||||||
PendingDeprecationWarning, stacklevel=2)
|
DeprecationWarning, stacklevel=2)
|
||||||
deprecated_style = True
|
deprecated_style = True
|
||||||
else:
|
else:
|
||||||
# Determine the required page size.
|
# Determine the required page size.
|
||||||
|
@ -136,10 +136,10 @@ class GenericAPIView(views.APIView):
|
||||||
|
|
||||||
if not self.allow_empty:
|
if not self.allow_empty:
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'The `allow_empty` parameter is due to be deprecated. '
|
'The `allow_empty` parameter is deprecated. '
|
||||||
'To use `allow_empty=False` style behavior, You should override '
|
'To use `allow_empty=False` style behavior, You should override '
|
||||||
'`get_queryset()` and explicitly raise a 404 on empty querysets.',
|
'`get_queryset()` and explicitly raise a 404 on empty querysets.',
|
||||||
PendingDeprecationWarning, stacklevel=2
|
DeprecationWarning, stacklevel=2
|
||||||
)
|
)
|
||||||
|
|
||||||
paginator = self.paginator_class(queryset, page_size,
|
paginator = self.paginator_class(queryset, page_size,
|
||||||
|
@ -187,10 +187,10 @@ class GenericAPIView(views.APIView):
|
||||||
if not filter_backends and self.filter_backend:
|
if not filter_backends and self.filter_backend:
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'The `filter_backend` attribute and `FILTER_BACKEND` setting '
|
'The `filter_backend` attribute and `FILTER_BACKEND` setting '
|
||||||
'are due to be deprecated in favor of a `filter_backends` '
|
'are deprecated in favor of a `filter_backends` '
|
||||||
'attribute and `DEFAULT_FILTER_BACKENDS` setting, that take '
|
'attribute and `DEFAULT_FILTER_BACKENDS` setting, that take '
|
||||||
'a *list* of filter backend classes.',
|
'a *list* of filter backend classes.',
|
||||||
PendingDeprecationWarning, stacklevel=2
|
DeprecationWarning, stacklevel=2
|
||||||
)
|
)
|
||||||
filter_backends = [self.filter_backend]
|
filter_backends = [self.filter_backend]
|
||||||
return filter_backends
|
return filter_backends
|
||||||
|
@ -211,8 +211,8 @@ class GenericAPIView(views.APIView):
|
||||||
"""
|
"""
|
||||||
if queryset is not None:
|
if queryset is not None:
|
||||||
warnings.warn('The `queryset` parameter to `get_paginate_by()` '
|
warnings.warn('The `queryset` parameter to `get_paginate_by()` '
|
||||||
'is due to be deprecated.',
|
'is deprecated.',
|
||||||
PendingDeprecationWarning, stacklevel=2)
|
DeprecationWarning, stacklevel=2)
|
||||||
|
|
||||||
if self.paginate_by_param:
|
if self.paginate_by_param:
|
||||||
try:
|
try:
|
||||||
|
@ -295,16 +295,16 @@ class GenericAPIView(views.APIView):
|
||||||
filter_kwargs = {self.lookup_field: lookup}
|
filter_kwargs = {self.lookup_field: lookup}
|
||||||
elif pk is not None and self.lookup_field == 'pk':
|
elif pk is not None and self.lookup_field == 'pk':
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'The `pk_url_kwarg` attribute is due to be deprecated. '
|
'The `pk_url_kwarg` attribute is deprecated. '
|
||||||
'Use the `lookup_field` attribute instead',
|
'Use the `lookup_field` attribute instead',
|
||||||
PendingDeprecationWarning
|
DeprecationWarning
|
||||||
)
|
)
|
||||||
filter_kwargs = {'pk': pk}
|
filter_kwargs = {'pk': pk}
|
||||||
elif slug is not None and self.lookup_field == 'pk':
|
elif slug is not None and self.lookup_field == 'pk':
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'The `slug_url_kwarg` attribute is due to be deprecated. '
|
'The `slug_url_kwarg` attribute is deprecated. '
|
||||||
'Use the `lookup_field` attribute instead',
|
'Use the `lookup_field` attribute instead',
|
||||||
PendingDeprecationWarning
|
DeprecationWarning
|
||||||
)
|
)
|
||||||
filter_kwargs = {self.slug_field: slug}
|
filter_kwargs = {self.slug_field: slug}
|
||||||
else:
|
else:
|
||||||
|
@ -524,9 +524,9 @@ class RetrieveUpdateDestroyAPIView(mixins.RetrieveModelMixin,
|
||||||
class MultipleObjectAPIView(GenericAPIView):
|
class MultipleObjectAPIView(GenericAPIView):
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'Subclassing `MultipleObjectAPIView` is due to be deprecated. '
|
'Subclassing `MultipleObjectAPIView` is deprecated. '
|
||||||
'You should simply subclass `GenericAPIView` instead.',
|
'You should simply subclass `GenericAPIView` instead.',
|
||||||
PendingDeprecationWarning, stacklevel=2
|
DeprecationWarning, stacklevel=2
|
||||||
)
|
)
|
||||||
super(MultipleObjectAPIView, self).__init__(*args, **kwargs)
|
super(MultipleObjectAPIView, self).__init__(*args, **kwargs)
|
||||||
|
|
||||||
|
@ -534,8 +534,8 @@ class MultipleObjectAPIView(GenericAPIView):
|
||||||
class SingleObjectAPIView(GenericAPIView):
|
class SingleObjectAPIView(GenericAPIView):
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'Subclassing `SingleObjectAPIView` is due to be deprecated. '
|
'Subclassing `SingleObjectAPIView` is deprecated. '
|
||||||
'You should simply subclass `GenericAPIView` instead.',
|
'You should simply subclass `GenericAPIView` instead.',
|
||||||
PendingDeprecationWarning, stacklevel=2
|
DeprecationWarning, stacklevel=2
|
||||||
)
|
)
|
||||||
super(SingleObjectAPIView, self).__init__(*args, **kwargs)
|
super(SingleObjectAPIView, self).__init__(*args, **kwargs)
|
||||||
|
|
|
@ -26,14 +26,14 @@ def _get_validation_exclusions(obj, pk=None, slug_field=None, lookup_field=None)
|
||||||
include = []
|
include = []
|
||||||
|
|
||||||
if pk:
|
if pk:
|
||||||
# Pending deprecation
|
# Deprecated
|
||||||
pk_field = obj._meta.pk
|
pk_field = obj._meta.pk
|
||||||
while pk_field.rel:
|
while pk_field.rel:
|
||||||
pk_field = pk_field.rel.to._meta.pk
|
pk_field = pk_field.rel.to._meta.pk
|
||||||
include.append(pk_field.name)
|
include.append(pk_field.name)
|
||||||
|
|
||||||
if slug_field:
|
if slug_field:
|
||||||
# Pending deprecation
|
# Deprecated
|
||||||
include.append(slug_field)
|
include.append(slug_field)
|
||||||
|
|
||||||
if lookup_field and lookup_field != 'pk':
|
if lookup_field and lookup_field != 'pk':
|
||||||
|
@ -79,10 +79,10 @@ class ListModelMixin(object):
|
||||||
# `.allow_empty = False`, to raise 404 errors on empty querysets.
|
# `.allow_empty = False`, to raise 404 errors on empty querysets.
|
||||||
if not self.allow_empty and not self.object_list:
|
if not self.allow_empty and not self.object_list:
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'The `allow_empty` parameter is due to be deprecated. '
|
'The `allow_empty` parameter is deprecated. '
|
||||||
'To use `allow_empty=False` style behavior, You should override '
|
'To use `allow_empty=False` style behavior, You should override '
|
||||||
'`get_queryset()` and explicitly raise a 404 on empty querysets.',
|
'`get_queryset()` and explicitly raise a 404 on empty querysets.',
|
||||||
PendingDeprecationWarning
|
DeprecationWarning
|
||||||
)
|
)
|
||||||
class_name = self.__class__.__name__
|
class_name = self.__class__.__name__
|
||||||
error_msg = self.empty_error % {'class_name': class_name}
|
error_msg = self.empty_error % {'class_name': class_name}
|
||||||
|
|
|
@ -2,15 +2,12 @@
|
||||||
Provides a set of pluggable permission policies.
|
Provides a set of pluggable permission policies.
|
||||||
"""
|
"""
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
import inspect
|
|
||||||
import warnings
|
|
||||||
|
|
||||||
SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
|
|
||||||
|
|
||||||
from django.http import Http404
|
from django.http import Http404
|
||||||
from rest_framework.compat import (get_model_name, oauth2_provider_scope,
|
from rest_framework.compat import (get_model_name, oauth2_provider_scope,
|
||||||
oauth2_constants)
|
oauth2_constants)
|
||||||
|
|
||||||
|
SAFE_METHODS = ['GET', 'HEAD', 'OPTIONS']
|
||||||
|
|
||||||
|
|
||||||
class BasePermission(object):
|
class BasePermission(object):
|
||||||
"""
|
"""
|
||||||
|
@ -27,13 +24,6 @@ class BasePermission(object):
|
||||||
"""
|
"""
|
||||||
Return `True` if permission is granted, `False` otherwise.
|
Return `True` if permission is granted, `False` otherwise.
|
||||||
"""
|
"""
|
||||||
if len(inspect.getargspec(self.has_permission).args) == 4:
|
|
||||||
warnings.warn(
|
|
||||||
'The `obj` argument in `has_permission` is deprecated. '
|
|
||||||
'Use `has_object_permission()` instead for object permissions.',
|
|
||||||
DeprecationWarning, stacklevel=2
|
|
||||||
)
|
|
||||||
return self.has_permission(request, view, obj)
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -41,14 +41,6 @@ class RelatedField(WritableField):
|
||||||
many = False
|
many = False
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
|
|
||||||
# 'null' is to be deprecated in favor of 'required'
|
|
||||||
if 'null' in kwargs:
|
|
||||||
warnings.warn('The `null` keyword argument is deprecated. '
|
|
||||||
'Use the `required` keyword argument instead.',
|
|
||||||
DeprecationWarning, stacklevel=2)
|
|
||||||
kwargs['required'] = not kwargs.pop('null')
|
|
||||||
|
|
||||||
queryset = kwargs.pop('queryset', None)
|
queryset = kwargs.pop('queryset', None)
|
||||||
self.many = kwargs.pop('many', self.many)
|
self.many = kwargs.pop('many', self.many)
|
||||||
if self.many:
|
if self.many:
|
||||||
|
@ -330,7 +322,7 @@ class HyperlinkedRelatedField(RelatedField):
|
||||||
'incorrect_type': _('Incorrect type. Expected url string, received %s.'),
|
'incorrect_type': _('Incorrect type. Expected url string, received %s.'),
|
||||||
}
|
}
|
||||||
|
|
||||||
# These are all pending deprecation
|
# These are all deprecated
|
||||||
pk_url_kwarg = 'pk'
|
pk_url_kwarg = 'pk'
|
||||||
slug_field = 'slug'
|
slug_field = 'slug'
|
||||||
slug_url_kwarg = None # Defaults to same as `slug_field` unless overridden
|
slug_url_kwarg = None # Defaults to same as `slug_field` unless overridden
|
||||||
|
@ -344,16 +336,16 @@ class HyperlinkedRelatedField(RelatedField):
|
||||||
self.lookup_field = kwargs.pop('lookup_field', self.lookup_field)
|
self.lookup_field = kwargs.pop('lookup_field', self.lookup_field)
|
||||||
self.format = kwargs.pop('format', None)
|
self.format = kwargs.pop('format', None)
|
||||||
|
|
||||||
# These are pending deprecation
|
# These are deprecated
|
||||||
if 'pk_url_kwarg' in kwargs:
|
if 'pk_url_kwarg' in kwargs:
|
||||||
msg = 'pk_url_kwarg is pending deprecation. Use lookup_field instead.'
|
msg = 'pk_url_kwarg is deprecated. Use lookup_field instead.'
|
||||||
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
warnings.warn(msg, DeprecationWarning, stacklevel=2)
|
||||||
if 'slug_url_kwarg' in kwargs:
|
if 'slug_url_kwarg' in kwargs:
|
||||||
msg = 'slug_url_kwarg is pending deprecation. Use lookup_field instead.'
|
msg = 'slug_url_kwarg is deprecated. Use lookup_field instead.'
|
||||||
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
warnings.warn(msg, DeprecationWarning, stacklevel=2)
|
||||||
if 'slug_field' in kwargs:
|
if 'slug_field' in kwargs:
|
||||||
msg = 'slug_field is pending deprecation. Use lookup_field instead.'
|
msg = 'slug_field is deprecated. Use lookup_field instead.'
|
||||||
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
warnings.warn(msg, DeprecationWarning, stacklevel=2)
|
||||||
|
|
||||||
self.pk_url_kwarg = kwargs.pop('pk_url_kwarg', self.pk_url_kwarg)
|
self.pk_url_kwarg = kwargs.pop('pk_url_kwarg', self.pk_url_kwarg)
|
||||||
self.slug_field = kwargs.pop('slug_field', self.slug_field)
|
self.slug_field = kwargs.pop('slug_field', self.slug_field)
|
||||||
|
@ -396,9 +388,9 @@ class HyperlinkedRelatedField(RelatedField):
|
||||||
# If the lookup succeeds using the default slug params,
|
# If the lookup succeeds using the default slug params,
|
||||||
# then `slug_field` is being used implicitly, and we
|
# then `slug_field` is being used implicitly, and we
|
||||||
# we need to warn about the pending deprecation.
|
# we need to warn about the pending deprecation.
|
||||||
msg = 'Implicit slug field hyperlinked fields are pending deprecation.' \
|
msg = 'Implicit slug field hyperlinked fields are deprecated.' \
|
||||||
'You should set `lookup_field=slug` on the HyperlinkedRelatedField.'
|
'You should set `lookup_field=slug` on the HyperlinkedRelatedField.'
|
||||||
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
warnings.warn(msg, DeprecationWarning, stacklevel=2)
|
||||||
return ret
|
return ret
|
||||||
except NoReverseMatch:
|
except NoReverseMatch:
|
||||||
pass
|
pass
|
||||||
|
@ -432,14 +424,11 @@ class HyperlinkedRelatedField(RelatedField):
|
||||||
request = self.context.get('request', None)
|
request = self.context.get('request', None)
|
||||||
format = self.format or self.context.get('format', None)
|
format = self.format or self.context.get('format', None)
|
||||||
|
|
||||||
if request is None:
|
assert request is not None, (
|
||||||
msg = (
|
"`HyperlinkedRelatedField` requires the request in the serializer "
|
||||||
"Using `HyperlinkedRelatedField` without including the request "
|
"context. Add `context={'request': request}` when instantiating "
|
||||||
"in the serializer context is deprecated. "
|
|
||||||
"Add `context={'request': request}` when instantiating "
|
|
||||||
"the serializer."
|
"the serializer."
|
||||||
)
|
)
|
||||||
warnings.warn(msg, DeprecationWarning, stacklevel=4)
|
|
||||||
|
|
||||||
# If the object has not yet been saved then we cannot hyperlink to it.
|
# If the object has not yet been saved then we cannot hyperlink to it.
|
||||||
if getattr(obj, 'pk', None) is None:
|
if getattr(obj, 'pk', None) is None:
|
||||||
|
@ -499,7 +488,7 @@ class HyperlinkedIdentityField(Field):
|
||||||
lookup_field = 'pk'
|
lookup_field = 'pk'
|
||||||
read_only = True
|
read_only = True
|
||||||
|
|
||||||
# These are all pending deprecation
|
# These are all deprecated
|
||||||
pk_url_kwarg = 'pk'
|
pk_url_kwarg = 'pk'
|
||||||
slug_field = 'slug'
|
slug_field = 'slug'
|
||||||
slug_url_kwarg = None # Defaults to same as `slug_field` unless overridden
|
slug_url_kwarg = None # Defaults to same as `slug_field` unless overridden
|
||||||
|
@ -515,16 +504,16 @@ class HyperlinkedIdentityField(Field):
|
||||||
lookup_field = kwargs.pop('lookup_field', None)
|
lookup_field = kwargs.pop('lookup_field', None)
|
||||||
self.lookup_field = lookup_field or self.lookup_field
|
self.lookup_field = lookup_field or self.lookup_field
|
||||||
|
|
||||||
# These are pending deprecation
|
# These are deprecated
|
||||||
if 'pk_url_kwarg' in kwargs:
|
if 'pk_url_kwarg' in kwargs:
|
||||||
msg = 'pk_url_kwarg is pending deprecation. Use lookup_field instead.'
|
msg = 'pk_url_kwarg is deprecated. Use lookup_field instead.'
|
||||||
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
warnings.warn(msg, DeprecationWarning, stacklevel=2)
|
||||||
if 'slug_url_kwarg' in kwargs:
|
if 'slug_url_kwarg' in kwargs:
|
||||||
msg = 'slug_url_kwarg is pending deprecation. Use lookup_field instead.'
|
msg = 'slug_url_kwarg is deprecated. Use lookup_field instead.'
|
||||||
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
warnings.warn(msg, DeprecationWarning, stacklevel=2)
|
||||||
if 'slug_field' in kwargs:
|
if 'slug_field' in kwargs:
|
||||||
msg = 'slug_field is pending deprecation. Use lookup_field instead.'
|
msg = 'slug_field is deprecated. Use lookup_field instead.'
|
||||||
warnings.warn(msg, PendingDeprecationWarning, stacklevel=2)
|
warnings.warn(msg, DeprecationWarning, stacklevel=2)
|
||||||
|
|
||||||
self.slug_field = kwargs.pop('slug_field', self.slug_field)
|
self.slug_field = kwargs.pop('slug_field', self.slug_field)
|
||||||
default_slug_kwarg = self.slug_url_kwarg or self.slug_field
|
default_slug_kwarg = self.slug_url_kwarg or self.slug_field
|
||||||
|
@ -538,11 +527,11 @@ class HyperlinkedIdentityField(Field):
|
||||||
format = self.context.get('format', None)
|
format = self.context.get('format', None)
|
||||||
view_name = self.view_name
|
view_name = self.view_name
|
||||||
|
|
||||||
if request is None:
|
assert request is not None, (
|
||||||
warnings.warn("Using `HyperlinkedIdentityField` without including the "
|
"`HyperlinkedIdentityField` requires the request in the serializer"
|
||||||
"request in the serializer context is deprecated. "
|
" context. Add `context={'request': request}` when instantiating "
|
||||||
"Add `context={'request': request}` when instantiating the serializer.",
|
"the serializer."
|
||||||
DeprecationWarning, stacklevel=4)
|
)
|
||||||
|
|
||||||
# By default use whatever format is given for the current context
|
# By default use whatever format is given for the current context
|
||||||
# unless the target is a different type to the source.
|
# unless the target is a different type to the source.
|
||||||
|
@ -606,41 +595,3 @@ class HyperlinkedIdentityField(Field):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
raise NoReverseMatch()
|
raise NoReverseMatch()
|
||||||
|
|
||||||
|
|
||||||
### Old-style many classes for backwards compat
|
|
||||||
|
|
||||||
class ManyRelatedField(RelatedField):
|
|
||||||
def __init__(self, *args, **kwargs):
|
|
||||||
warnings.warn('`ManyRelatedField()` is deprecated. '
|
|
||||||
'Use `RelatedField(many=True)` instead.',
|
|
||||||
DeprecationWarning, stacklevel=2)
|
|
||||||
kwargs['many'] = True
|
|
||||||
super(ManyRelatedField, self).__init__(*args, **kwargs)
|
|
||||||
|
|
||||||
|
|
||||||
class ManyPrimaryKeyRelatedField(PrimaryKeyRelatedField):
|
|
||||||
def __init__(self, *args, **kwargs):
|
|
||||||
warnings.warn('`ManyPrimaryKeyRelatedField()` is deprecated. '
|
|
||||||
'Use `PrimaryKeyRelatedField(many=True)` instead.',
|
|
||||||
DeprecationWarning, stacklevel=2)
|
|
||||||
kwargs['many'] = True
|
|
||||||
super(ManyPrimaryKeyRelatedField, self).__init__(*args, **kwargs)
|
|
||||||
|
|
||||||
|
|
||||||
class ManySlugRelatedField(SlugRelatedField):
|
|
||||||
def __init__(self, *args, **kwargs):
|
|
||||||
warnings.warn('`ManySlugRelatedField()` is deprecated. '
|
|
||||||
'Use `SlugRelatedField(many=True)` instead.',
|
|
||||||
DeprecationWarning, stacklevel=2)
|
|
||||||
kwargs['many'] = True
|
|
||||||
super(ManySlugRelatedField, self).__init__(*args, **kwargs)
|
|
||||||
|
|
||||||
|
|
||||||
class ManyHyperlinkedRelatedField(HyperlinkedRelatedField):
|
|
||||||
def __init__(self, *args, **kwargs):
|
|
||||||
warnings.warn('`ManyHyperlinkedRelatedField()` is deprecated. '
|
|
||||||
'Use `HyperlinkedRelatedField(many=True)` instead.',
|
|
||||||
DeprecationWarning, stacklevel=2)
|
|
||||||
kwargs['many'] = True
|
|
||||||
super(ManyHyperlinkedRelatedField, self).__init__(*args, **kwargs)
|
|
||||||
|
|
|
@ -17,15 +17,17 @@ from __future__ import unicode_literals
|
||||||
|
|
||||||
import itertools
|
import itertools
|
||||||
from collections import namedtuple
|
from collections import namedtuple
|
||||||
|
from django.conf.urls import patterns, url
|
||||||
from django.core.exceptions import ImproperlyConfigured
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
from rest_framework import views
|
from rest_framework import views
|
||||||
from rest_framework.compat import patterns, url
|
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.reverse import reverse
|
from rest_framework.reverse import reverse
|
||||||
from rest_framework.urlpatterns import format_suffix_patterns
|
from rest_framework.urlpatterns import format_suffix_patterns
|
||||||
|
|
||||||
|
|
||||||
Route = namedtuple('Route', ['url', 'mapping', 'name', 'initkwargs'])
|
Route = namedtuple('Route', ['url', 'mapping', 'name', 'initkwargs'])
|
||||||
|
DynamicDetailRoute = namedtuple('DynamicDetailRoute', ['url', 'name', 'initkwargs'])
|
||||||
|
DynamicListRoute = namedtuple('DynamicListRoute', ['url', 'name', 'initkwargs'])
|
||||||
|
|
||||||
|
|
||||||
def replace_methodname(format_string, methodname):
|
def replace_methodname(format_string, methodname):
|
||||||
|
@ -88,6 +90,14 @@ class SimpleRouter(BaseRouter):
|
||||||
name='{basename}-list',
|
name='{basename}-list',
|
||||||
initkwargs={'suffix': 'List'}
|
initkwargs={'suffix': 'List'}
|
||||||
),
|
),
|
||||||
|
# Dynamically generated list routes.
|
||||||
|
# Generated using @list_route decorator
|
||||||
|
# on methods of the viewset.
|
||||||
|
DynamicListRoute(
|
||||||
|
url=r'^{prefix}/{methodname}{trailing_slash}$',
|
||||||
|
name='{basename}-{methodnamehyphen}',
|
||||||
|
initkwargs={}
|
||||||
|
),
|
||||||
# Detail route.
|
# Detail route.
|
||||||
Route(
|
Route(
|
||||||
url=r'^{prefix}/{lookup}{trailing_slash}$',
|
url=r'^{prefix}/{lookup}{trailing_slash}$',
|
||||||
|
@ -100,13 +110,10 @@ class SimpleRouter(BaseRouter):
|
||||||
name='{basename}-detail',
|
name='{basename}-detail',
|
||||||
initkwargs={'suffix': 'Instance'}
|
initkwargs={'suffix': 'Instance'}
|
||||||
),
|
),
|
||||||
# Dynamically generated routes.
|
# Dynamically generated detail routes.
|
||||||
# Generated using @action or @link decorators on methods of the viewset.
|
# Generated using @detail_route decorator on methods of the viewset.
|
||||||
Route(
|
DynamicDetailRoute(
|
||||||
url=r'^{prefix}/{lookup}/{methodname}{trailing_slash}$',
|
url=r'^{prefix}/{lookup}/{methodname}{trailing_slash}$',
|
||||||
mapping={
|
|
||||||
'{httpmethod}': '{methodname}',
|
|
||||||
},
|
|
||||||
name='{basename}-{methodnamehyphen}',
|
name='{basename}-{methodnamehyphen}',
|
||||||
initkwargs={}
|
initkwargs={}
|
||||||
),
|
),
|
||||||
|
@ -139,25 +146,42 @@ class SimpleRouter(BaseRouter):
|
||||||
Returns a list of the Route namedtuple.
|
Returns a list of the Route namedtuple.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
known_actions = flatten([route.mapping.values() for route in self.routes])
|
known_actions = flatten([route.mapping.values() for route in self.routes if isinstance(route, Route)])
|
||||||
|
|
||||||
# Determine any `@action` or `@link` decorated methods on the viewset
|
# Determine any `@detail_route` or `@list_route` decorated methods on the viewset
|
||||||
dynamic_routes = []
|
detail_routes = []
|
||||||
|
list_routes = []
|
||||||
for methodname in dir(viewset):
|
for methodname in dir(viewset):
|
||||||
attr = getattr(viewset, methodname)
|
attr = getattr(viewset, methodname)
|
||||||
httpmethods = getattr(attr, 'bind_to_methods', None)
|
httpmethods = getattr(attr, 'bind_to_methods', None)
|
||||||
|
detail = getattr(attr, 'detail', True)
|
||||||
if httpmethods:
|
if httpmethods:
|
||||||
if methodname in known_actions:
|
if methodname in known_actions:
|
||||||
raise ImproperlyConfigured('Cannot use @action or @link decorator on '
|
raise ImproperlyConfigured('Cannot use @detail_route or @list_route '
|
||||||
'method "%s" as it is an existing route' % methodname)
|
'decorators on method "%s" '
|
||||||
|
'as it is an existing route' % methodname)
|
||||||
httpmethods = [method.lower() for method in httpmethods]
|
httpmethods = [method.lower() for method in httpmethods]
|
||||||
dynamic_routes.append((httpmethods, methodname))
|
if detail:
|
||||||
|
detail_routes.append((httpmethods, methodname))
|
||||||
|
else:
|
||||||
|
list_routes.append((httpmethods, methodname))
|
||||||
|
|
||||||
ret = []
|
ret = []
|
||||||
for route in self.routes:
|
for route in self.routes:
|
||||||
if route.mapping == {'{httpmethod}': '{methodname}'}:
|
if isinstance(route, DynamicDetailRoute):
|
||||||
# Dynamic routes (@link or @action decorator)
|
# Dynamic detail routes (@detail_route decorator)
|
||||||
for httpmethods, methodname in dynamic_routes:
|
for httpmethods, methodname in detail_routes:
|
||||||
|
initkwargs = route.initkwargs.copy()
|
||||||
|
initkwargs.update(getattr(viewset, methodname).kwargs)
|
||||||
|
ret.append(Route(
|
||||||
|
url=replace_methodname(route.url, methodname),
|
||||||
|
mapping=dict((httpmethod, methodname) for httpmethod in httpmethods),
|
||||||
|
name=replace_methodname(route.name, methodname),
|
||||||
|
initkwargs=initkwargs,
|
||||||
|
))
|
||||||
|
elif isinstance(route, DynamicListRoute):
|
||||||
|
# Dynamic list routes (@list_route decorator)
|
||||||
|
for httpmethods, methodname in list_routes:
|
||||||
initkwargs = route.initkwargs.copy()
|
initkwargs = route.initkwargs.copy()
|
||||||
initkwargs.update(getattr(viewset, methodname).kwargs)
|
initkwargs.update(getattr(viewset, methodname).kwargs)
|
||||||
ret.append(Route(
|
ret.append(Route(
|
||||||
|
@ -195,13 +219,16 @@ class SimpleRouter(BaseRouter):
|
||||||
|
|
||||||
https://github.com/alanjds/drf-nested-routers
|
https://github.com/alanjds/drf-nested-routers
|
||||||
"""
|
"""
|
||||||
if self.trailing_slash:
|
base_regex = '(?P<{lookup_prefix}{lookup_field}>{lookup_value})'
|
||||||
base_regex = '(?P<{lookup_prefix}{lookup_field}>[^/]+)'
|
# Use `pk` as default field, unset set. Default regex should not
|
||||||
else:
|
# consume `.json` style suffixes and should break at '/' boundaries.
|
||||||
# Don't consume `.json` style suffixes
|
|
||||||
base_regex = '(?P<{lookup_prefix}{lookup_field}>[^/.]+)'
|
|
||||||
lookup_field = getattr(viewset, 'lookup_field', 'pk')
|
lookup_field = getattr(viewset, 'lookup_field', 'pk')
|
||||||
return base_regex.format(lookup_field=lookup_field, lookup_prefix=lookup_prefix)
|
lookup_value = getattr(viewset, 'lookup_value_regex', '[^/.]+')
|
||||||
|
return base_regex.format(
|
||||||
|
lookup_prefix=lookup_prefix,
|
||||||
|
lookup_field=lookup_field,
|
||||||
|
lookup_value=lookup_value
|
||||||
|
)
|
||||||
|
|
||||||
def get_urls(self):
|
def get_urls(self):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -21,7 +21,7 @@ from django.core.paginator import Page
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.forms import widgets
|
from django.forms import widgets
|
||||||
from django.utils.datastructures import SortedDict
|
from django.utils.datastructures import SortedDict
|
||||||
from rest_framework.compat import get_concrete_model, six
|
from rest_framework.compat import six
|
||||||
from rest_framework.settings import api_settings
|
from rest_framework.settings import api_settings
|
||||||
|
|
||||||
|
|
||||||
|
@ -181,7 +181,7 @@ class BaseSerializer(WritableField):
|
||||||
_dict_class = SortedDictWithMetadata
|
_dict_class = SortedDictWithMetadata
|
||||||
|
|
||||||
def __init__(self, instance=None, data=None, files=None,
|
def __init__(self, instance=None, data=None, files=None,
|
||||||
context=None, partial=False, many=None,
|
context=None, partial=False, many=False,
|
||||||
allow_add_remove=False, **kwargs):
|
allow_add_remove=False, **kwargs):
|
||||||
super(BaseSerializer, self).__init__(**kwargs)
|
super(BaseSerializer, self).__init__(**kwargs)
|
||||||
self.opts = self._options_class(self.Meta)
|
self.opts = self._options_class(self.Meta)
|
||||||
|
@ -411,12 +411,7 @@ class BaseSerializer(WritableField):
|
||||||
if value is None:
|
if value is None:
|
||||||
return None
|
return None
|
||||||
|
|
||||||
if self.many is not None:
|
if self.many:
|
||||||
many = self.many
|
|
||||||
else:
|
|
||||||
many = hasattr(value, '__iter__') and not isinstance(value, (Page, dict, six.text_type))
|
|
||||||
|
|
||||||
if many:
|
|
||||||
return [self.to_native(item) for item in value]
|
return [self.to_native(item) for item in value]
|
||||||
return self.to_native(value)
|
return self.to_native(value)
|
||||||
|
|
||||||
|
@ -662,7 +657,7 @@ class ModelSerializer(Serializer):
|
||||||
cls = self.opts.model
|
cls = self.opts.model
|
||||||
assert cls is not None, \
|
assert cls is not None, \
|
||||||
"Serializer class '%s' is missing 'model' Meta option" % self.__class__.__name__
|
"Serializer class '%s' is missing 'model' Meta option" % self.__class__.__name__
|
||||||
opts = get_concrete_model(cls)._meta
|
opts = cls._meta.concrete_model._meta
|
||||||
ret = SortedDict()
|
ret = SortedDict()
|
||||||
nested = bool(self.opts.depth)
|
nested = bool(self.opts.depth)
|
||||||
|
|
||||||
|
@ -695,10 +690,10 @@ class ModelSerializer(Serializer):
|
||||||
if len(inspect.getargspec(self.get_nested_field).args) == 2:
|
if len(inspect.getargspec(self.get_nested_field).args) == 2:
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'The `get_nested_field(model_field)` call signature '
|
'The `get_nested_field(model_field)` call signature '
|
||||||
'is due to be deprecated. '
|
'is deprecated. '
|
||||||
'Use `get_nested_field(model_field, related_model, '
|
'Use `get_nested_field(model_field, related_model, '
|
||||||
'to_many) instead',
|
'to_many) instead',
|
||||||
PendingDeprecationWarning
|
DeprecationWarning
|
||||||
)
|
)
|
||||||
field = self.get_nested_field(model_field)
|
field = self.get_nested_field(model_field)
|
||||||
else:
|
else:
|
||||||
|
@ -707,10 +702,10 @@ class ModelSerializer(Serializer):
|
||||||
if len(inspect.getargspec(self.get_nested_field).args) == 3:
|
if len(inspect.getargspec(self.get_nested_field).args) == 3:
|
||||||
warnings.warn(
|
warnings.warn(
|
||||||
'The `get_related_field(model_field, to_many)` call '
|
'The `get_related_field(model_field, to_many)` call '
|
||||||
'signature is due to be deprecated. '
|
'signature is deprecated. '
|
||||||
'Use `get_related_field(model_field, related_model, '
|
'Use `get_related_field(model_field, related_model, '
|
||||||
'to_many) instead',
|
'to_many) instead',
|
||||||
PendingDeprecationWarning
|
DeprecationWarning
|
||||||
)
|
)
|
||||||
field = self.get_related_field(model_field, to_many=to_many)
|
field = self.get_related_field(model_field, to_many=to_many)
|
||||||
else:
|
else:
|
||||||
|
@ -871,6 +866,10 @@ class ModelSerializer(Serializer):
|
||||||
issubclass(model_field.__class__, models.PositiveSmallIntegerField):
|
issubclass(model_field.__class__, models.PositiveSmallIntegerField):
|
||||||
kwargs['min_value'] = 0
|
kwargs['min_value'] = 0
|
||||||
|
|
||||||
|
if model_field.null and \
|
||||||
|
issubclass(model_field.__class__, (models.CharField, models.TextField)):
|
||||||
|
kwargs['allow_none'] = True
|
||||||
|
|
||||||
attribute_dict = {
|
attribute_dict = {
|
||||||
models.CharField: ['max_length'],
|
models.CharField: ['max_length'],
|
||||||
models.CommaSeparatedIntegerField: ['max_length'],
|
models.CommaSeparatedIntegerField: ['max_length'],
|
||||||
|
@ -897,7 +896,7 @@ class ModelSerializer(Serializer):
|
||||||
Return a list of field names to exclude from model validation.
|
Return a list of field names to exclude from model validation.
|
||||||
"""
|
"""
|
||||||
cls = self.opts.model
|
cls = self.opts.model
|
||||||
opts = get_concrete_model(cls)._meta
|
opts = cls._meta.concrete_model._meta
|
||||||
exclusions = [field.name for field in opts.fields + opts.many_to_many]
|
exclusions = [field.name for field in opts.fields + opts.many_to_many]
|
||||||
|
|
||||||
for field_name, field in self.fields.items():
|
for field_name, field in self.fields.items():
|
||||||
|
|
|
@ -63,6 +63,7 @@ DEFAULTS = {
|
||||||
'user': None,
|
'user': None,
|
||||||
'anon': None,
|
'anon': None,
|
||||||
},
|
},
|
||||||
|
'NUM_PROXIES': None,
|
||||||
|
|
||||||
# Pagination
|
# Pagination
|
||||||
'PAGINATE_BY': None,
|
'PAGINATE_BY': None,
|
||||||
|
|
|
@ -1,389 +0,0 @@
|
||||||
"""Utilities for writing code that runs on Python 2 and 3"""
|
|
||||||
|
|
||||||
import operator
|
|
||||||
import sys
|
|
||||||
import types
|
|
||||||
|
|
||||||
__author__ = "Benjamin Peterson <benjamin@python.org>"
|
|
||||||
__version__ = "1.2.0"
|
|
||||||
|
|
||||||
|
|
||||||
# True if we are running on Python 3.
|
|
||||||
PY3 = sys.version_info[0] == 3
|
|
||||||
|
|
||||||
if PY3:
|
|
||||||
string_types = str,
|
|
||||||
integer_types = int,
|
|
||||||
class_types = type,
|
|
||||||
text_type = str
|
|
||||||
binary_type = bytes
|
|
||||||
|
|
||||||
MAXSIZE = sys.maxsize
|
|
||||||
else:
|
|
||||||
string_types = basestring,
|
|
||||||
integer_types = (int, long)
|
|
||||||
class_types = (type, types.ClassType)
|
|
||||||
text_type = unicode
|
|
||||||
binary_type = str
|
|
||||||
|
|
||||||
if sys.platform == "java":
|
|
||||||
# Jython always uses 32 bits.
|
|
||||||
MAXSIZE = int((1 << 31) - 1)
|
|
||||||
else:
|
|
||||||
# It's possible to have sizeof(long) != sizeof(Py_ssize_t).
|
|
||||||
class X(object):
|
|
||||||
def __len__(self):
|
|
||||||
return 1 << 31
|
|
||||||
try:
|
|
||||||
len(X())
|
|
||||||
except OverflowError:
|
|
||||||
# 32-bit
|
|
||||||
MAXSIZE = int((1 << 31) - 1)
|
|
||||||
else:
|
|
||||||
# 64-bit
|
|
||||||
MAXSIZE = int((1 << 63) - 1)
|
|
||||||
del X
|
|
||||||
|
|
||||||
|
|
||||||
def _add_doc(func, doc):
|
|
||||||
"""Add documentation to a function."""
|
|
||||||
func.__doc__ = doc
|
|
||||||
|
|
||||||
|
|
||||||
def _import_module(name):
|
|
||||||
"""Import module, returning the module after the last dot."""
|
|
||||||
__import__(name)
|
|
||||||
return sys.modules[name]
|
|
||||||
|
|
||||||
|
|
||||||
class _LazyDescr(object):
|
|
||||||
|
|
||||||
def __init__(self, name):
|
|
||||||
self.name = name
|
|
||||||
|
|
||||||
def __get__(self, obj, tp):
|
|
||||||
result = self._resolve()
|
|
||||||
setattr(obj, self.name, result)
|
|
||||||
# This is a bit ugly, but it avoids running this again.
|
|
||||||
delattr(tp, self.name)
|
|
||||||
return result
|
|
||||||
|
|
||||||
|
|
||||||
class MovedModule(_LazyDescr):
|
|
||||||
|
|
||||||
def __init__(self, name, old, new=None):
|
|
||||||
super(MovedModule, self).__init__(name)
|
|
||||||
if PY3:
|
|
||||||
if new is None:
|
|
||||||
new = name
|
|
||||||
self.mod = new
|
|
||||||
else:
|
|
||||||
self.mod = old
|
|
||||||
|
|
||||||
def _resolve(self):
|
|
||||||
return _import_module(self.mod)
|
|
||||||
|
|
||||||
|
|
||||||
class MovedAttribute(_LazyDescr):
|
|
||||||
|
|
||||||
def __init__(self, name, old_mod, new_mod, old_attr=None, new_attr=None):
|
|
||||||
super(MovedAttribute, self).__init__(name)
|
|
||||||
if PY3:
|
|
||||||
if new_mod is None:
|
|
||||||
new_mod = name
|
|
||||||
self.mod = new_mod
|
|
||||||
if new_attr is None:
|
|
||||||
if old_attr is None:
|
|
||||||
new_attr = name
|
|
||||||
else:
|
|
||||||
new_attr = old_attr
|
|
||||||
self.attr = new_attr
|
|
||||||
else:
|
|
||||||
self.mod = old_mod
|
|
||||||
if old_attr is None:
|
|
||||||
old_attr = name
|
|
||||||
self.attr = old_attr
|
|
||||||
|
|
||||||
def _resolve(self):
|
|
||||||
module = _import_module(self.mod)
|
|
||||||
return getattr(module, self.attr)
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class _MovedItems(types.ModuleType):
|
|
||||||
"""Lazy loading of moved objects"""
|
|
||||||
|
|
||||||
|
|
||||||
_moved_attributes = [
|
|
||||||
MovedAttribute("cStringIO", "cStringIO", "io", "StringIO"),
|
|
||||||
MovedAttribute("filter", "itertools", "builtins", "ifilter", "filter"),
|
|
||||||
MovedAttribute("input", "__builtin__", "builtins", "raw_input", "input"),
|
|
||||||
MovedAttribute("map", "itertools", "builtins", "imap", "map"),
|
|
||||||
MovedAttribute("reload_module", "__builtin__", "imp", "reload"),
|
|
||||||
MovedAttribute("reduce", "__builtin__", "functools"),
|
|
||||||
MovedAttribute("StringIO", "StringIO", "io"),
|
|
||||||
MovedAttribute("xrange", "__builtin__", "builtins", "xrange", "range"),
|
|
||||||
MovedAttribute("zip", "itertools", "builtins", "izip", "zip"),
|
|
||||||
|
|
||||||
MovedModule("builtins", "__builtin__"),
|
|
||||||
MovedModule("configparser", "ConfigParser"),
|
|
||||||
MovedModule("copyreg", "copy_reg"),
|
|
||||||
MovedModule("http_cookiejar", "cookielib", "http.cookiejar"),
|
|
||||||
MovedModule("http_cookies", "Cookie", "http.cookies"),
|
|
||||||
MovedModule("html_entities", "htmlentitydefs", "html.entities"),
|
|
||||||
MovedModule("html_parser", "HTMLParser", "html.parser"),
|
|
||||||
MovedModule("http_client", "httplib", "http.client"),
|
|
||||||
MovedModule("BaseHTTPServer", "BaseHTTPServer", "http.server"),
|
|
||||||
MovedModule("CGIHTTPServer", "CGIHTTPServer", "http.server"),
|
|
||||||
MovedModule("SimpleHTTPServer", "SimpleHTTPServer", "http.server"),
|
|
||||||
MovedModule("cPickle", "cPickle", "pickle"),
|
|
||||||
MovedModule("queue", "Queue"),
|
|
||||||
MovedModule("reprlib", "repr"),
|
|
||||||
MovedModule("socketserver", "SocketServer"),
|
|
||||||
MovedModule("tkinter", "Tkinter"),
|
|
||||||
MovedModule("tkinter_dialog", "Dialog", "tkinter.dialog"),
|
|
||||||
MovedModule("tkinter_filedialog", "FileDialog", "tkinter.filedialog"),
|
|
||||||
MovedModule("tkinter_scrolledtext", "ScrolledText", "tkinter.scrolledtext"),
|
|
||||||
MovedModule("tkinter_simpledialog", "SimpleDialog", "tkinter.simpledialog"),
|
|
||||||
MovedModule("tkinter_tix", "Tix", "tkinter.tix"),
|
|
||||||
MovedModule("tkinter_constants", "Tkconstants", "tkinter.constants"),
|
|
||||||
MovedModule("tkinter_dnd", "Tkdnd", "tkinter.dnd"),
|
|
||||||
MovedModule("tkinter_colorchooser", "tkColorChooser",
|
|
||||||
"tkinter.colorchooser"),
|
|
||||||
MovedModule("tkinter_commondialog", "tkCommonDialog",
|
|
||||||
"tkinter.commondialog"),
|
|
||||||
MovedModule("tkinter_tkfiledialog", "tkFileDialog", "tkinter.filedialog"),
|
|
||||||
MovedModule("tkinter_font", "tkFont", "tkinter.font"),
|
|
||||||
MovedModule("tkinter_messagebox", "tkMessageBox", "tkinter.messagebox"),
|
|
||||||
MovedModule("tkinter_tksimpledialog", "tkSimpleDialog",
|
|
||||||
"tkinter.simpledialog"),
|
|
||||||
MovedModule("urllib_robotparser", "robotparser", "urllib.robotparser"),
|
|
||||||
MovedModule("winreg", "_winreg"),
|
|
||||||
]
|
|
||||||
for attr in _moved_attributes:
|
|
||||||
setattr(_MovedItems, attr.name, attr)
|
|
||||||
del attr
|
|
||||||
|
|
||||||
moves = sys.modules["django.utils.six.moves"] = _MovedItems("moves")
|
|
||||||
|
|
||||||
|
|
||||||
def add_move(move):
|
|
||||||
"""Add an item to six.moves."""
|
|
||||||
setattr(_MovedItems, move.name, move)
|
|
||||||
|
|
||||||
|
|
||||||
def remove_move(name):
|
|
||||||
"""Remove item from six.moves."""
|
|
||||||
try:
|
|
||||||
delattr(_MovedItems, name)
|
|
||||||
except AttributeError:
|
|
||||||
try:
|
|
||||||
del moves.__dict__[name]
|
|
||||||
except KeyError:
|
|
||||||
raise AttributeError("no such move, %r" % (name,))
|
|
||||||
|
|
||||||
|
|
||||||
if PY3:
|
|
||||||
_meth_func = "__func__"
|
|
||||||
_meth_self = "__self__"
|
|
||||||
|
|
||||||
_func_code = "__code__"
|
|
||||||
_func_defaults = "__defaults__"
|
|
||||||
|
|
||||||
_iterkeys = "keys"
|
|
||||||
_itervalues = "values"
|
|
||||||
_iteritems = "items"
|
|
||||||
else:
|
|
||||||
_meth_func = "im_func"
|
|
||||||
_meth_self = "im_self"
|
|
||||||
|
|
||||||
_func_code = "func_code"
|
|
||||||
_func_defaults = "func_defaults"
|
|
||||||
|
|
||||||
_iterkeys = "iterkeys"
|
|
||||||
_itervalues = "itervalues"
|
|
||||||
_iteritems = "iteritems"
|
|
||||||
|
|
||||||
|
|
||||||
try:
|
|
||||||
advance_iterator = next
|
|
||||||
except NameError:
|
|
||||||
def advance_iterator(it):
|
|
||||||
return it.next()
|
|
||||||
next = advance_iterator
|
|
||||||
|
|
||||||
|
|
||||||
if PY3:
|
|
||||||
def get_unbound_function(unbound):
|
|
||||||
return unbound
|
|
||||||
|
|
||||||
Iterator = object
|
|
||||||
|
|
||||||
def callable(obj):
|
|
||||||
return any("__call__" in klass.__dict__ for klass in type(obj).__mro__)
|
|
||||||
else:
|
|
||||||
def get_unbound_function(unbound):
|
|
||||||
return unbound.im_func
|
|
||||||
|
|
||||||
class Iterator(object):
|
|
||||||
|
|
||||||
def next(self):
|
|
||||||
return type(self).__next__(self)
|
|
||||||
|
|
||||||
callable = callable
|
|
||||||
_add_doc(get_unbound_function,
|
|
||||||
"""Get the function out of a possibly unbound function""")
|
|
||||||
|
|
||||||
|
|
||||||
get_method_function = operator.attrgetter(_meth_func)
|
|
||||||
get_method_self = operator.attrgetter(_meth_self)
|
|
||||||
get_function_code = operator.attrgetter(_func_code)
|
|
||||||
get_function_defaults = operator.attrgetter(_func_defaults)
|
|
||||||
|
|
||||||
|
|
||||||
def iterkeys(d):
|
|
||||||
"""Return an iterator over the keys of a dictionary."""
|
|
||||||
return iter(getattr(d, _iterkeys)())
|
|
||||||
|
|
||||||
def itervalues(d):
|
|
||||||
"""Return an iterator over the values of a dictionary."""
|
|
||||||
return iter(getattr(d, _itervalues)())
|
|
||||||
|
|
||||||
def iteritems(d):
|
|
||||||
"""Return an iterator over the (key, value) pairs of a dictionary."""
|
|
||||||
return iter(getattr(d, _iteritems)())
|
|
||||||
|
|
||||||
|
|
||||||
if PY3:
|
|
||||||
def b(s):
|
|
||||||
return s.encode("latin-1")
|
|
||||||
def u(s):
|
|
||||||
return s
|
|
||||||
if sys.version_info[1] <= 1:
|
|
||||||
def int2byte(i):
|
|
||||||
return bytes((i,))
|
|
||||||
else:
|
|
||||||
# This is about 2x faster than the implementation above on 3.2+
|
|
||||||
int2byte = operator.methodcaller("to_bytes", 1, "big")
|
|
||||||
import io
|
|
||||||
StringIO = io.StringIO
|
|
||||||
BytesIO = io.BytesIO
|
|
||||||
else:
|
|
||||||
def b(s):
|
|
||||||
return s
|
|
||||||
def u(s):
|
|
||||||
return unicode(s, "unicode_escape")
|
|
||||||
int2byte = chr
|
|
||||||
import StringIO
|
|
||||||
StringIO = BytesIO = StringIO.StringIO
|
|
||||||
_add_doc(b, """Byte literal""")
|
|
||||||
_add_doc(u, """Text literal""")
|
|
||||||
|
|
||||||
|
|
||||||
if PY3:
|
|
||||||
import builtins
|
|
||||||
exec_ = getattr(builtins, "exec")
|
|
||||||
|
|
||||||
|
|
||||||
def reraise(tp, value, tb=None):
|
|
||||||
if value.__traceback__ is not tb:
|
|
||||||
raise value.with_traceback(tb)
|
|
||||||
raise value
|
|
||||||
|
|
||||||
|
|
||||||
print_ = getattr(builtins, "print")
|
|
||||||
del builtins
|
|
||||||
|
|
||||||
else:
|
|
||||||
def exec_(code, globs=None, locs=None):
|
|
||||||
"""Execute code in a namespace."""
|
|
||||||
if globs is None:
|
|
||||||
frame = sys._getframe(1)
|
|
||||||
globs = frame.f_globals
|
|
||||||
if locs is None:
|
|
||||||
locs = frame.f_locals
|
|
||||||
del frame
|
|
||||||
elif locs is None:
|
|
||||||
locs = globs
|
|
||||||
exec("""exec code in globs, locs""")
|
|
||||||
|
|
||||||
|
|
||||||
exec_("""def reraise(tp, value, tb=None):
|
|
||||||
raise tp, value, tb
|
|
||||||
""")
|
|
||||||
|
|
||||||
|
|
||||||
def print_(*args, **kwargs):
|
|
||||||
"""The new-style print function."""
|
|
||||||
fp = kwargs.pop("file", sys.stdout)
|
|
||||||
if fp is None:
|
|
||||||
return
|
|
||||||
def write(data):
|
|
||||||
if not isinstance(data, basestring):
|
|
||||||
data = str(data)
|
|
||||||
fp.write(data)
|
|
||||||
want_unicode = False
|
|
||||||
sep = kwargs.pop("sep", None)
|
|
||||||
if sep is not None:
|
|
||||||
if isinstance(sep, unicode):
|
|
||||||
want_unicode = True
|
|
||||||
elif not isinstance(sep, str):
|
|
||||||
raise TypeError("sep must be None or a string")
|
|
||||||
end = kwargs.pop("end", None)
|
|
||||||
if end is not None:
|
|
||||||
if isinstance(end, unicode):
|
|
||||||
want_unicode = True
|
|
||||||
elif not isinstance(end, str):
|
|
||||||
raise TypeError("end must be None or a string")
|
|
||||||
if kwargs:
|
|
||||||
raise TypeError("invalid keyword arguments to print()")
|
|
||||||
if not want_unicode:
|
|
||||||
for arg in args:
|
|
||||||
if isinstance(arg, unicode):
|
|
||||||
want_unicode = True
|
|
||||||
break
|
|
||||||
if want_unicode:
|
|
||||||
newline = unicode("\n")
|
|
||||||
space = unicode(" ")
|
|
||||||
else:
|
|
||||||
newline = "\n"
|
|
||||||
space = " "
|
|
||||||
if sep is None:
|
|
||||||
sep = space
|
|
||||||
if end is None:
|
|
||||||
end = newline
|
|
||||||
for i, arg in enumerate(args):
|
|
||||||
if i:
|
|
||||||
write(sep)
|
|
||||||
write(arg)
|
|
||||||
write(end)
|
|
||||||
|
|
||||||
_add_doc(reraise, """Reraise an exception.""")
|
|
||||||
|
|
||||||
|
|
||||||
def with_metaclass(meta, base=object):
|
|
||||||
"""Create a base class with a metaclass."""
|
|
||||||
return meta("NewBase", (base,), {})
|
|
||||||
|
|
||||||
|
|
||||||
### Additional customizations for Django ###
|
|
||||||
|
|
||||||
if PY3:
|
|
||||||
_iterlists = "lists"
|
|
||||||
_assertRaisesRegex = "assertRaisesRegex"
|
|
||||||
else:
|
|
||||||
_iterlists = "iterlists"
|
|
||||||
_assertRaisesRegex = "assertRaisesRegexp"
|
|
||||||
|
|
||||||
|
|
||||||
def iterlists(d):
|
|
||||||
"""Return an iterator over the values of a MultiValueDict."""
|
|
||||||
return getattr(d, _iterlists)()
|
|
||||||
|
|
||||||
|
|
||||||
def assertRaisesRegex(self, *args, **kwargs):
|
|
||||||
return getattr(self, _assertRaisesRegex)(*args, **kwargs)
|
|
||||||
|
|
||||||
|
|
||||||
add_move(MovedModule("_dummy_thread", "dummy_thread"))
|
|
||||||
add_move(MovedModule("_thread", "thread"))
|
|
|
@ -1,4 +1,5 @@
|
||||||
{% load url from future %}
|
{% load url from future %}
|
||||||
|
{% load staticfiles %}
|
||||||
{% load rest_framework %}
|
{% load rest_framework %}
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html>
|
<html>
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
{% load url from future %}
|
{% load url from future %}
|
||||||
|
{% load staticfiles %}
|
||||||
{% load rest_framework %}
|
{% load rest_framework %}
|
||||||
<html>
|
<html>
|
||||||
|
|
||||||
|
|
|
@ -5,95 +5,13 @@ from django.http import QueryDict
|
||||||
from django.utils.encoding import iri_to_uri
|
from django.utils.encoding import iri_to_uri
|
||||||
from django.utils.html import escape
|
from django.utils.html import escape
|
||||||
from django.utils.safestring import SafeData, mark_safe
|
from django.utils.safestring import SafeData, mark_safe
|
||||||
from rest_framework.compat import urlparse, force_text, six, smart_urlquote
|
from rest_framework.compat import urlparse, force_text, six
|
||||||
|
from django.utils.html import smart_urlquote
|
||||||
import re
|
import re
|
||||||
|
|
||||||
register = template.Library()
|
register = template.Library()
|
||||||
|
|
||||||
|
|
||||||
# Note we don't use 'load staticfiles', because we need a 1.3 compatible
|
|
||||||
# version, so instead we include the `static` template tag ourselves.
|
|
||||||
|
|
||||||
# When 1.3 becomes unsupported by REST framework, we can instead start to
|
|
||||||
# use the {% load staticfiles %} tag, remove the following code,
|
|
||||||
# and add a dependency that `django.contrib.staticfiles` must be installed.
|
|
||||||
|
|
||||||
# Note: We can't put this into the `compat` module because the compat import
|
|
||||||
# from rest_framework.compat import ...
|
|
||||||
# conflicts with this rest_framework template tag module.
|
|
||||||
|
|
||||||
try: # Django 1.5+
|
|
||||||
from django.contrib.staticfiles.templatetags.staticfiles import StaticFilesNode
|
|
||||||
|
|
||||||
@register.tag('static')
|
|
||||||
def do_static(parser, token):
|
|
||||||
return StaticFilesNode.handle_token(parser, token)
|
|
||||||
|
|
||||||
except ImportError:
|
|
||||||
try: # Django 1.4
|
|
||||||
from django.contrib.staticfiles.storage import staticfiles_storage
|
|
||||||
|
|
||||||
@register.simple_tag
|
|
||||||
def static(path):
|
|
||||||
"""
|
|
||||||
A template tag that returns the URL to a file
|
|
||||||
using staticfiles' storage backend
|
|
||||||
"""
|
|
||||||
return staticfiles_storage.url(path)
|
|
||||||
|
|
||||||
except ImportError: # Django 1.3
|
|
||||||
from urlparse import urljoin
|
|
||||||
from django import template
|
|
||||||
from django.templatetags.static import PrefixNode
|
|
||||||
|
|
||||||
class StaticNode(template.Node):
|
|
||||||
def __init__(self, varname=None, path=None):
|
|
||||||
if path is None:
|
|
||||||
raise template.TemplateSyntaxError(
|
|
||||||
"Static template nodes must be given a path to return.")
|
|
||||||
self.path = path
|
|
||||||
self.varname = varname
|
|
||||||
|
|
||||||
def url(self, context):
|
|
||||||
path = self.path.resolve(context)
|
|
||||||
return self.handle_simple(path)
|
|
||||||
|
|
||||||
def render(self, context):
|
|
||||||
url = self.url(context)
|
|
||||||
if self.varname is None:
|
|
||||||
return url
|
|
||||||
context[self.varname] = url
|
|
||||||
return ''
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def handle_simple(cls, path):
|
|
||||||
return urljoin(PrefixNode.handle_simple("STATIC_URL"), path)
|
|
||||||
|
|
||||||
@classmethod
|
|
||||||
def handle_token(cls, parser, token):
|
|
||||||
"""
|
|
||||||
Class method to parse prefix node and return a Node.
|
|
||||||
"""
|
|
||||||
bits = token.split_contents()
|
|
||||||
|
|
||||||
if len(bits) < 2:
|
|
||||||
raise template.TemplateSyntaxError(
|
|
||||||
"'%s' takes at least one argument (path to file)" % bits[0])
|
|
||||||
|
|
||||||
path = parser.compile_filter(bits[1])
|
|
||||||
|
|
||||||
if len(bits) >= 2 and bits[-2] == 'as':
|
|
||||||
varname = bits[3]
|
|
||||||
else:
|
|
||||||
varname = None
|
|
||||||
|
|
||||||
return cls(varname, path)
|
|
||||||
|
|
||||||
@register.tag('static')
|
|
||||||
def do_static_13(parser, token):
|
|
||||||
return StaticNode.handle_token(parser, token)
|
|
||||||
|
|
||||||
|
|
||||||
def replace_query_param(url, key, val):
|
def replace_query_param(url, key, val):
|
||||||
"""
|
"""
|
||||||
Given a URL and a key/val pair, set or replace an item in the query
|
Given a URL and a key/val pair, set or replace an item in the query
|
||||||
|
|
|
@ -18,6 +18,25 @@ class BaseThrottle(object):
|
||||||
"""
|
"""
|
||||||
raise NotImplementedError('.allow_request() must be overridden')
|
raise NotImplementedError('.allow_request() must be overridden')
|
||||||
|
|
||||||
|
def get_ident(self, request):
|
||||||
|
"""
|
||||||
|
Identify the machine making the request by parsing HTTP_X_FORWARDED_FOR
|
||||||
|
if present and number of proxies is > 0. If not use all of
|
||||||
|
HTTP_X_FORWARDED_FOR if it is available, if not use REMOTE_ADDR.
|
||||||
|
"""
|
||||||
|
xff = request.META.get('HTTP_X_FORWARDED_FOR')
|
||||||
|
remote_addr = request.META.get('REMOTE_ADDR')
|
||||||
|
num_proxies = api_settings.NUM_PROXIES
|
||||||
|
|
||||||
|
if num_proxies is not None:
|
||||||
|
if num_proxies == 0 or xff is None:
|
||||||
|
return remote_addr
|
||||||
|
addrs = xff.split(',')
|
||||||
|
client_addr = addrs[-min(num_proxies, len(xff))]
|
||||||
|
return client_addr.strip()
|
||||||
|
|
||||||
|
return xff if xff else remote_addr
|
||||||
|
|
||||||
def wait(self):
|
def wait(self):
|
||||||
"""
|
"""
|
||||||
Optionally, return a recommended number of seconds to wait before
|
Optionally, return a recommended number of seconds to wait before
|
||||||
|
@ -154,13 +173,9 @@ class AnonRateThrottle(SimpleRateThrottle):
|
||||||
if request.user.is_authenticated():
|
if request.user.is_authenticated():
|
||||||
return None # Only throttle unauthenticated requests.
|
return None # Only throttle unauthenticated requests.
|
||||||
|
|
||||||
ident = request.META.get('HTTP_X_FORWARDED_FOR')
|
|
||||||
if ident is None:
|
|
||||||
ident = request.META.get('REMOTE_ADDR')
|
|
||||||
|
|
||||||
return self.cache_format % {
|
return self.cache_format % {
|
||||||
'scope': self.scope,
|
'scope': self.scope,
|
||||||
'ident': ident
|
'ident': self.get_ident(request)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -178,7 +193,7 @@ class UserRateThrottle(SimpleRateThrottle):
|
||||||
if request.user.is_authenticated():
|
if request.user.is_authenticated():
|
||||||
ident = request.user.id
|
ident = request.user.id
|
||||||
else:
|
else:
|
||||||
ident = request.META.get('REMOTE_ADDR', None)
|
ident = self.get_ident(request)
|
||||||
|
|
||||||
return self.cache_format % {
|
return self.cache_format % {
|
||||||
'scope': self.scope,
|
'scope': self.scope,
|
||||||
|
@ -226,7 +241,7 @@ class ScopedRateThrottle(SimpleRateThrottle):
|
||||||
if request.user.is_authenticated():
|
if request.user.is_authenticated():
|
||||||
ident = request.user.id
|
ident = request.user.id
|
||||||
else:
|
else:
|
||||||
ident = request.META.get('REMOTE_ADDR', None)
|
ident = self.get_ident(request)
|
||||||
|
|
||||||
return self.cache_format % {
|
return self.cache_format % {
|
||||||
'scope': self.scope,
|
'scope': self.scope,
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import url, include
|
||||||
from django.core.urlresolvers import RegexURLResolver
|
from django.core.urlresolvers import RegexURLResolver
|
||||||
from rest_framework.compat import url, include
|
|
||||||
from rest_framework.settings import api_settings
|
from rest_framework.settings import api_settings
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ your authentication settings include `SessionAuthentication`.
|
||||||
)
|
)
|
||||||
"""
|
"""
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
from rest_framework.compat import patterns, url
|
from django.conf.urls import patterns, url
|
||||||
|
|
||||||
|
|
||||||
template_name = {'template_name': 'rest_framework/login.html'}
|
template_name = {'template_name': 'rest_framework/login.html'}
|
||||||
|
|
|
@ -2,10 +2,11 @@
|
||||||
Helper classes for parsers.
|
Helper classes for parsers.
|
||||||
"""
|
"""
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.utils import timezone
|
||||||
from django.db.models.query import QuerySet
|
from django.db.models.query import QuerySet
|
||||||
from django.utils.datastructures import SortedDict
|
from django.utils.datastructures import SortedDict
|
||||||
from django.utils.functional import Promise
|
from django.utils.functional import Promise
|
||||||
from rest_framework.compat import timezone, force_text
|
from rest_framework.compat import force_text
|
||||||
from rest_framework.serializers import DictWithMetadata, SortedDictWithMetadata
|
from rest_framework.serializers import DictWithMetadata, SortedDictWithMetadata
|
||||||
import datetime
|
import datetime
|
||||||
import decimal
|
import decimal
|
||||||
|
|
|
@ -93,10 +93,7 @@ INSTALLED_APPS = (
|
||||||
'django.contrib.sessions',
|
'django.contrib.sessions',
|
||||||
'django.contrib.sites',
|
'django.contrib.sites',
|
||||||
'django.contrib.messages',
|
'django.contrib.messages',
|
||||||
# Uncomment the next line to enable the admin:
|
'django.contrib.staticfiles',
|
||||||
# 'django.contrib.admin',
|
|
||||||
# Uncomment the next line to enable admin documentation:
|
|
||||||
# 'django.contrib.admindocs',
|
|
||||||
'rest_framework',
|
'rest_framework',
|
||||||
'rest_framework.authtoken',
|
'rest_framework.authtoken',
|
||||||
'tests',
|
'tests',
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import patterns, url, include
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.http import HttpResponse
|
from django.http import HttpResponse
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
|
@ -19,7 +20,7 @@ from rest_framework.authentication import (
|
||||||
OAuth2Authentication
|
OAuth2Authentication
|
||||||
)
|
)
|
||||||
from rest_framework.authtoken.models import Token
|
from rest_framework.authtoken.models import Token
|
||||||
from rest_framework.compat import patterns, url, include, six
|
from rest_framework.compat import six
|
||||||
from rest_framework.compat import oauth2_provider, oauth2_provider_scope
|
from rest_framework.compat import oauth2_provider, oauth2_provider_scope
|
||||||
from rest_framework.compat import oauth, oauth_provider
|
from rest_framework.compat import oauth, oauth_provider
|
||||||
from rest_framework.test import APIRequestFactory, APIClient
|
from rest_framework.test import APIRequestFactory, APIClient
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import patterns, url
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from rest_framework.compat import patterns, url
|
|
||||||
from rest_framework.utils.breadcrumbs import get_breadcrumbs
|
from rest_framework.utils.breadcrumbs import get_breadcrumbs
|
||||||
from rest_framework.views import APIView
|
from rest_framework.views import APIView
|
||||||
|
|
||||||
|
|
|
@ -5,9 +5,9 @@ from django.db import models
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.utils import unittest
|
from django.utils import unittest
|
||||||
|
from django.conf.urls import patterns, url
|
||||||
from rest_framework import generics, serializers, status, filters
|
from rest_framework import generics, serializers, status, filters
|
||||||
from rest_framework.compat import django_filters, patterns, url
|
from rest_framework.compat import django_filters
|
||||||
from rest_framework.settings import api_settings
|
|
||||||
from rest_framework.test import APIRequestFactory
|
from rest_framework.test import APIRequestFactory
|
||||||
from .models import FilterableItem, BasicModel
|
from .models import FilterableItem, BasicModel
|
||||||
from .utils import temporary_setting
|
from .utils import temporary_setting
|
||||||
|
|
|
@ -84,7 +84,7 @@ class TestGenericRelations(TestCase):
|
||||||
exclude = ('content_type', 'object_id')
|
exclude = ('content_type', 'object_id')
|
||||||
|
|
||||||
class BookmarkSerializer(serializers.ModelSerializer):
|
class BookmarkSerializer(serializers.ModelSerializer):
|
||||||
tags = TagSerializer()
|
tags = TagSerializer(many=True)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = Bookmark
|
model = Bookmark
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
from django.core.exceptions import PermissionDenied
|
from django.core.exceptions import PermissionDenied
|
||||||
|
from django.conf.urls import patterns, url
|
||||||
from django.http import Http404
|
from django.http import Http404
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.template import TemplateDoesNotExist, Template
|
from django.template import TemplateDoesNotExist, Template
|
||||||
import django.template.loader
|
import django.template.loader
|
||||||
from rest_framework import status
|
from rest_framework import status
|
||||||
from rest_framework.compat import patterns, url
|
|
||||||
from rest_framework.decorators import api_view, renderer_classes
|
from rest_framework.decorators import api_view, renderer_classes
|
||||||
from rest_framework.renderers import TemplateHTMLRenderer
|
from rest_framework.renderers import TemplateHTMLRenderer
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
|
|
|
@ -2,7 +2,7 @@ from __future__ import unicode_literals
|
||||||
import json
|
import json
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from rest_framework import generics, status, serializers
|
from rest_framework import generics, status, serializers
|
||||||
from rest_framework.compat import patterns, url
|
from django.conf.urls import patterns, url
|
||||||
from rest_framework.settings import api_settings
|
from rest_framework.settings import api_settings
|
||||||
from rest_framework.test import APIRequestFactory
|
from rest_framework.test import APIRequestFactory
|
||||||
from tests.models import (
|
from tests.models import (
|
||||||
|
@ -25,7 +25,7 @@ class BlogPostCommentSerializer(serializers.ModelSerializer):
|
||||||
|
|
||||||
class PhotoSerializer(serializers.Serializer):
|
class PhotoSerializer(serializers.Serializer):
|
||||||
description = serializers.CharField()
|
description = serializers.CharField()
|
||||||
album_url = serializers.HyperlinkedRelatedField(source='album', view_name='album-detail', queryset=Album.objects.all(), lookup_field='title', slug_url_kwarg='title')
|
album_url = serializers.HyperlinkedRelatedField(source='album', view_name='album-detail', queryset=Album.objects.all(), lookup_field='title')
|
||||||
|
|
||||||
def restore_object(self, attrs, instance=None):
|
def restore_object(self, attrs, instance=None):
|
||||||
return Photo(**attrs)
|
return Photo(**attrs)
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
|
|
||||||
from rest_framework.compat import patterns, url
|
from django.conf.urls import patterns, url
|
||||||
from rest_framework.test import APITestCase
|
from rest_framework.test import APITestCase
|
||||||
from tests.models import NullableForeignKeySource
|
from tests.models import NullableForeignKeySource
|
||||||
from tests.serializers import NullableFKSourceSerializer
|
from tests.serializers import NullableFKSourceSerializer
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import patterns, url
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from rest_framework import serializers
|
from rest_framework import serializers
|
||||||
from rest_framework.compat import patterns, url
|
|
||||||
from rest_framework.test import APIRequestFactory
|
from rest_framework.test import APIRequestFactory
|
||||||
from tests.models import (
|
from tests.models import (
|
||||||
BlogPost,
|
BlogPost,
|
||||||
|
|
|
@ -2,13 +2,14 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
from decimal import Decimal
|
from decimal import Decimal
|
||||||
|
from django.conf.urls import patterns, url, include
|
||||||
from django.core.cache import cache
|
from django.core.cache import cache
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.utils import unittest
|
from django.utils import unittest
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
from rest_framework import status, permissions
|
from rest_framework import status, permissions
|
||||||
from rest_framework.compat import yaml, etree, patterns, url, include, six, StringIO
|
from rest_framework.compat import yaml, etree, six, StringIO
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.views import APIView
|
from rest_framework.views import APIView
|
||||||
from rest_framework.renderers import BaseRenderer, JSONRenderer, YAMLRenderer, \
|
from rest_framework.renderers import BaseRenderer, JSONRenderer, YAMLRenderer, \
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
Tests for content parsing, and form-overloaded content parsing.
|
Tests for content parsing, and form-overloaded content parsing.
|
||||||
"""
|
"""
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import patterns
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.contrib.auth import authenticate, login, logout
|
from django.contrib.auth import authenticate, login, logout
|
||||||
from django.contrib.sessions.middleware import SessionMiddleware
|
from django.contrib.sessions.middleware import SessionMiddleware
|
||||||
|
@ -9,7 +10,6 @@ from django.core.handlers.wsgi import WSGIRequest
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from rest_framework import status
|
from rest_framework import status
|
||||||
from rest_framework.authentication import SessionAuthentication
|
from rest_framework.authentication import SessionAuthentication
|
||||||
from rest_framework.compat import patterns
|
|
||||||
from rest_framework.parsers import (
|
from rest_framework.parsers import (
|
||||||
BaseParser,
|
BaseParser,
|
||||||
FormParser,
|
FormParser,
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import patterns, url, include
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from tests.models import BasicModel, BasicModelSerializer
|
from tests.models import BasicModel, BasicModelSerializer
|
||||||
from rest_framework.compat import patterns, url, include
|
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.views import APIView
|
from rest_framework.views import APIView
|
||||||
from rest_framework import generics
|
from rest_framework import generics
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import patterns, url
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from rest_framework.compat import patterns, url
|
|
||||||
from rest_framework.reverse import reverse
|
from rest_framework.reverse import reverse
|
||||||
from rest_framework.test import APIRequestFactory
|
from rest_framework.test import APIRequestFactory
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import patterns, url, include
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.core.exceptions import ImproperlyConfigured
|
from django.core.exceptions import ImproperlyConfigured
|
||||||
from rest_framework import serializers, viewsets, permissions
|
from rest_framework import serializers, viewsets, permissions
|
||||||
from rest_framework.compat import include, patterns, url
|
from rest_framework.decorators import detail_route, list_route
|
||||||
from rest_framework.decorators import link, action
|
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.routers import SimpleRouter, DefaultRouter
|
from rest_framework.routers import SimpleRouter, DefaultRouter
|
||||||
from rest_framework.test import APIRequestFactory
|
from rest_framework.test import APIRequestFactory
|
||||||
|
@ -18,23 +18,23 @@ class BasicViewSet(viewsets.ViewSet):
|
||||||
def list(self, request, *args, **kwargs):
|
def list(self, request, *args, **kwargs):
|
||||||
return Response({'method': 'list'})
|
return Response({'method': 'list'})
|
||||||
|
|
||||||
@action()
|
@detail_route(methods=['post'])
|
||||||
def action1(self, request, *args, **kwargs):
|
def action1(self, request, *args, **kwargs):
|
||||||
return Response({'method': 'action1'})
|
return Response({'method': 'action1'})
|
||||||
|
|
||||||
@action()
|
@detail_route(methods=['post'])
|
||||||
def action2(self, request, *args, **kwargs):
|
def action2(self, request, *args, **kwargs):
|
||||||
return Response({'method': 'action2'})
|
return Response({'method': 'action2'})
|
||||||
|
|
||||||
@action(methods=['post', 'delete'])
|
@detail_route(methods=['post', 'delete'])
|
||||||
def action3(self, request, *args, **kwargs):
|
def action3(self, request, *args, **kwargs):
|
||||||
return Response({'method': 'action2'})
|
return Response({'method': 'action2'})
|
||||||
|
|
||||||
@link()
|
@detail_route()
|
||||||
def link1(self, request, *args, **kwargs):
|
def link1(self, request, *args, **kwargs):
|
||||||
return Response({'method': 'link1'})
|
return Response({'method': 'link1'})
|
||||||
|
|
||||||
@link()
|
@detail_route()
|
||||||
def link2(self, request, *args, **kwargs):
|
def link2(self, request, *args, **kwargs):
|
||||||
return Response({'method': 'link2'})
|
return Response({'method': 'link2'})
|
||||||
|
|
||||||
|
@ -121,6 +121,27 @@ class TestCustomLookupFields(TestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
||||||
|
class TestLookupValueRegex(TestCase):
|
||||||
|
"""
|
||||||
|
Ensure the router honors lookup_value_regex when applied
|
||||||
|
to the viewset.
|
||||||
|
"""
|
||||||
|
def setUp(self):
|
||||||
|
class NoteViewSet(viewsets.ModelViewSet):
|
||||||
|
queryset = RouterTestModel.objects.all()
|
||||||
|
lookup_field = 'uuid'
|
||||||
|
lookup_value_regex = '[0-9a-f]{32}'
|
||||||
|
|
||||||
|
self.router = SimpleRouter()
|
||||||
|
self.router.register(r'notes', NoteViewSet)
|
||||||
|
self.urls = self.router.urls
|
||||||
|
|
||||||
|
def test_urls_limited_by_lookup_value_regex(self):
|
||||||
|
expected = ['^notes/$', '^notes/(?P<uuid>[0-9a-f]{32})/$']
|
||||||
|
for idx in range(len(expected)):
|
||||||
|
self.assertEqual(expected[idx], self.urls[idx].regex.pattern)
|
||||||
|
|
||||||
|
|
||||||
class TestTrailingSlashIncluded(TestCase):
|
class TestTrailingSlashIncluded(TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
class NoteViewSet(viewsets.ModelViewSet):
|
class NoteViewSet(viewsets.ModelViewSet):
|
||||||
|
@ -131,7 +152,7 @@ class TestTrailingSlashIncluded(TestCase):
|
||||||
self.urls = self.router.urls
|
self.urls = self.router.urls
|
||||||
|
|
||||||
def test_urls_have_trailing_slash_by_default(self):
|
def test_urls_have_trailing_slash_by_default(self):
|
||||||
expected = ['^notes/$', '^notes/(?P<pk>[^/]+)/$']
|
expected = ['^notes/$', '^notes/(?P<pk>[^/.]+)/$']
|
||||||
for idx in range(len(expected)):
|
for idx in range(len(expected)):
|
||||||
self.assertEqual(expected[idx], self.urls[idx].regex.pattern)
|
self.assertEqual(expected[idx], self.urls[idx].regex.pattern)
|
||||||
|
|
||||||
|
@ -175,7 +196,7 @@ class TestActionKeywordArgs(TestCase):
|
||||||
class TestViewSet(viewsets.ModelViewSet):
|
class TestViewSet(viewsets.ModelViewSet):
|
||||||
permission_classes = []
|
permission_classes = []
|
||||||
|
|
||||||
@action(permission_classes=[permissions.AllowAny])
|
@detail_route(methods=['post'], permission_classes=[permissions.AllowAny])
|
||||||
def custom(self, request, *args, **kwargs):
|
def custom(self, request, *args, **kwargs):
|
||||||
return Response({
|
return Response({
|
||||||
'permission_classes': self.permission_classes
|
'permission_classes': self.permission_classes
|
||||||
|
@ -196,14 +217,14 @@ class TestActionKeywordArgs(TestCase):
|
||||||
|
|
||||||
class TestActionAppliedToExistingRoute(TestCase):
|
class TestActionAppliedToExistingRoute(TestCase):
|
||||||
"""
|
"""
|
||||||
Ensure `@action` decorator raises an except when applied
|
Ensure `@detail_route` decorator raises an except when applied
|
||||||
to an existing route
|
to an existing route
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def test_exception_raised_when_action_applied_to_existing_route(self):
|
def test_exception_raised_when_action_applied_to_existing_route(self):
|
||||||
class TestViewSet(viewsets.ModelViewSet):
|
class TestViewSet(viewsets.ModelViewSet):
|
||||||
|
|
||||||
@action()
|
@detail_route(methods=['post'])
|
||||||
def retrieve(self, request, *args, **kwargs):
|
def retrieve(self, request, *args, **kwargs):
|
||||||
return Response({
|
return Response({
|
||||||
'hello': 'world'
|
'hello': 'world'
|
||||||
|
@ -214,3 +235,49 @@ class TestActionAppliedToExistingRoute(TestCase):
|
||||||
|
|
||||||
with self.assertRaises(ImproperlyConfigured):
|
with self.assertRaises(ImproperlyConfigured):
|
||||||
self.router.urls
|
self.router.urls
|
||||||
|
|
||||||
|
|
||||||
|
class DynamicListAndDetailViewSet(viewsets.ViewSet):
|
||||||
|
def list(self, request, *args, **kwargs):
|
||||||
|
return Response({'method': 'list'})
|
||||||
|
|
||||||
|
@list_route(methods=['post'])
|
||||||
|
def list_route_post(self, request, *args, **kwargs):
|
||||||
|
return Response({'method': 'action1'})
|
||||||
|
|
||||||
|
@detail_route(methods=['post'])
|
||||||
|
def detail_route_post(self, request, *args, **kwargs):
|
||||||
|
return Response({'method': 'action2'})
|
||||||
|
|
||||||
|
@list_route()
|
||||||
|
def list_route_get(self, request, *args, **kwargs):
|
||||||
|
return Response({'method': 'link1'})
|
||||||
|
|
||||||
|
@detail_route()
|
||||||
|
def detail_route_get(self, request, *args, **kwargs):
|
||||||
|
return Response({'method': 'link2'})
|
||||||
|
|
||||||
|
|
||||||
|
class TestDynamicListAndDetailRouter(TestCase):
|
||||||
|
def setUp(self):
|
||||||
|
self.router = SimpleRouter()
|
||||||
|
|
||||||
|
def test_list_and_detail_route_decorators(self):
|
||||||
|
routes = self.router.get_routes(DynamicListAndDetailViewSet)
|
||||||
|
decorator_routes = [r for r in routes if not (r.name.endswith('-list') or r.name.endswith('-detail'))]
|
||||||
|
# Make sure all these endpoints exist and none have been clobbered
|
||||||
|
for i, endpoint in enumerate(['list_route_get', 'list_route_post', 'detail_route_get', 'detail_route_post']):
|
||||||
|
route = decorator_routes[i]
|
||||||
|
# check url listing
|
||||||
|
if endpoint.startswith('list_'):
|
||||||
|
self.assertEqual(route.url,
|
||||||
|
'^{{prefix}}/{0}{{trailing_slash}}$'.format(endpoint))
|
||||||
|
else:
|
||||||
|
self.assertEqual(route.url,
|
||||||
|
'^{{prefix}}/{{lookup}}/{0}{{trailing_slash}}$'.format(endpoint))
|
||||||
|
# check method to function mapping
|
||||||
|
if endpoint.endswith('_post'):
|
||||||
|
method_map = 'post'
|
||||||
|
else:
|
||||||
|
method_map = 'get'
|
||||||
|
self.assertEqual(route.mapping[method_map], endpoint)
|
||||||
|
|
|
@ -30,6 +30,7 @@ if PIL is not None:
|
||||||
image_field = models.ImageField(upload_to='test', max_length=1024, blank=True)
|
image_field = models.ImageField(upload_to='test', max_length=1024, blank=True)
|
||||||
slug_field = models.SlugField(max_length=1024, blank=True)
|
slug_field = models.SlugField(max_length=1024, blank=True)
|
||||||
url_field = models.URLField(max_length=1024, blank=True)
|
url_field = models.URLField(max_length=1024, blank=True)
|
||||||
|
nullable_char_field = models.CharField(max_length=1024, blank=True, null=True)
|
||||||
|
|
||||||
class DVOAFModel(RESTFrameworkModel):
|
class DVOAFModel(RESTFrameworkModel):
|
||||||
positive_integer_field = models.PositiveIntegerField(blank=True)
|
positive_integer_field = models.PositiveIntegerField(blank=True)
|
||||||
|
@ -660,7 +661,7 @@ class ModelValidationTests(TestCase):
|
||||||
second_serializer = AlbumsSerializer(data={'title': 'a'})
|
second_serializer = AlbumsSerializer(data={'title': 'a'})
|
||||||
self.assertFalse(second_serializer.is_valid())
|
self.assertFalse(second_serializer.is_valid())
|
||||||
self.assertEqual(second_serializer.errors, {'title': ['Album with this Title already exists.'],})
|
self.assertEqual(second_serializer.errors, {'title': ['Album with this Title already exists.'],})
|
||||||
third_serializer = AlbumsSerializer(data=[{'title': 'b', 'ref': '1'}, {'title': 'c'}])
|
third_serializer = AlbumsSerializer(data=[{'title': 'b', 'ref': '1'}, {'title': 'c'}], many=True)
|
||||||
self.assertFalse(third_serializer.is_valid())
|
self.assertFalse(third_serializer.is_valid())
|
||||||
self.assertEqual(third_serializer.errors, [{'ref': ['Album with this Ref already exists.']}, {}])
|
self.assertEqual(third_serializer.errors, [{'ref': ['Album with this Ref already exists.']}, {}])
|
||||||
|
|
||||||
|
@ -1257,6 +1258,20 @@ class BlankFieldTests(TestCase):
|
||||||
serializer = self.model_serializer_class(data={})
|
serializer = self.model_serializer_class(data={})
|
||||||
self.assertEqual(serializer.is_valid(), True)
|
self.assertEqual(serializer.is_valid(), True)
|
||||||
|
|
||||||
|
def test_create_model_null_field_save(self):
|
||||||
|
"""
|
||||||
|
Regression test for #1330.
|
||||||
|
|
||||||
|
https://github.com/tomchristie/django-rest-framework/pull/1330
|
||||||
|
"""
|
||||||
|
serializer = self.model_serializer_class(data={'title': None})
|
||||||
|
self.assertEqual(serializer.is_valid(), True)
|
||||||
|
|
||||||
|
try:
|
||||||
|
serializer.save()
|
||||||
|
except Exception:
|
||||||
|
self.fail('Exception raised on save() after validation passes')
|
||||||
|
|
||||||
|
|
||||||
#test for issue #460
|
#test for issue #460
|
||||||
class SerializerPickleTests(TestCase):
|
class SerializerPickleTests(TestCase):
|
||||||
|
@ -1491,7 +1506,7 @@ class NestedSerializerContextTests(TestCase):
|
||||||
model = Album
|
model = Album
|
||||||
fields = ("photo_set", "callable")
|
fields = ("photo_set", "callable")
|
||||||
|
|
||||||
photo_set = PhotoSerializer(source="photo_set")
|
photo_set = PhotoSerializer(source="photo_set", many=True)
|
||||||
callable = serializers.SerializerMethodField("_callable")
|
callable = serializers.SerializerMethodField("_callable")
|
||||||
|
|
||||||
def _callable(self, instance):
|
def _callable(self, instance):
|
||||||
|
@ -1503,7 +1518,7 @@ class NestedSerializerContextTests(TestCase):
|
||||||
albums = None
|
albums = None
|
||||||
|
|
||||||
class AlbumCollectionSerializer(serializers.Serializer):
|
class AlbumCollectionSerializer(serializers.Serializer):
|
||||||
albums = AlbumSerializer(source="albums")
|
albums = AlbumSerializer(source="albums", many=True)
|
||||||
|
|
||||||
album1 = Album.objects.create(title="album 1")
|
album1 = Album.objects.create(title="album 1")
|
||||||
album2 = Album.objects.create(title="album 2")
|
album2 = Album.objects.create(title="album 2")
|
||||||
|
@ -1660,6 +1675,10 @@ class AttributeMappingOnAutogeneratedFieldsTests(TestCase):
|
||||||
'url_field': [
|
'url_field': [
|
||||||
('max_length', 1024),
|
('max_length', 1024),
|
||||||
],
|
],
|
||||||
|
'nullable_char_field': [
|
||||||
|
('max_length', 1024),
|
||||||
|
('allow_none', True),
|
||||||
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
def field_test(self, field):
|
def field_test(self, field):
|
||||||
|
@ -1696,6 +1715,9 @@ class AttributeMappingOnAutogeneratedFieldsTests(TestCase):
|
||||||
def test_url_field(self):
|
def test_url_field(self):
|
||||||
self.field_test('url_field')
|
self.field_test('url_field')
|
||||||
|
|
||||||
|
def test_nullable_char_field(self):
|
||||||
|
self.field_test('nullable_char_field')
|
||||||
|
|
||||||
|
|
||||||
@unittest.skipUnless(PIL is not None, 'PIL is not installed')
|
@unittest.skipUnless(PIL is not None, 'PIL is not installed')
|
||||||
class DefaultValuesOnAutogeneratedFieldsTests(TestCase):
|
class DefaultValuesOnAutogeneratedFieldsTests(TestCase):
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
# -- coding: utf-8 --
|
# -- coding: utf-8 --
|
||||||
|
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
from django.conf.urls import patterns, url
|
||||||
from io import BytesIO
|
from io import BytesIO
|
||||||
|
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from rest_framework.compat import patterns, url
|
|
||||||
from rest_framework.decorators import api_view
|
from rest_framework.decorators import api_view
|
||||||
from rest_framework.response import Response
|
from rest_framework.response import Response
|
||||||
from rest_framework.test import APIClient, APIRequestFactory, force_authenticate
|
from rest_framework.test import APIClient, APIRequestFactory, force_authenticate
|
||||||
|
|
|
@ -5,6 +5,7 @@ from __future__ import unicode_literals
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.core.cache import cache
|
from django.core.cache import cache
|
||||||
|
from rest_framework.settings import api_settings
|
||||||
from rest_framework.test import APIRequestFactory
|
from rest_framework.test import APIRequestFactory
|
||||||
from rest_framework.views import APIView
|
from rest_framework.views import APIView
|
||||||
from rest_framework.throttling import BaseThrottle, UserRateThrottle, ScopedRateThrottle
|
from rest_framework.throttling import BaseThrottle, UserRateThrottle, ScopedRateThrottle
|
||||||
|
@ -275,3 +276,68 @@ class ScopedRateThrottleTests(TestCase):
|
||||||
self.increment_timer()
|
self.increment_timer()
|
||||||
response = self.unscoped_view(request)
|
response = self.unscoped_view(request)
|
||||||
self.assertEqual(200, response.status_code)
|
self.assertEqual(200, response.status_code)
|
||||||
|
|
||||||
|
|
||||||
|
class XffTestingBase(TestCase):
|
||||||
|
def setUp(self):
|
||||||
|
|
||||||
|
class Throttle(ScopedRateThrottle):
|
||||||
|
THROTTLE_RATES = {'test_limit': '1/day'}
|
||||||
|
TIMER_SECONDS = 0
|
||||||
|
timer = lambda self: self.TIMER_SECONDS
|
||||||
|
|
||||||
|
class View(APIView):
|
||||||
|
throttle_classes = (Throttle,)
|
||||||
|
throttle_scope = 'test_limit'
|
||||||
|
|
||||||
|
def get(self, request):
|
||||||
|
return Response('test_limit')
|
||||||
|
|
||||||
|
cache.clear()
|
||||||
|
self.throttle = Throttle()
|
||||||
|
self.view = View.as_view()
|
||||||
|
self.request = APIRequestFactory().get('/some_uri')
|
||||||
|
self.request.META['REMOTE_ADDR'] = '3.3.3.3'
|
||||||
|
self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 1.1.1.1, 2.2.2.2'
|
||||||
|
|
||||||
|
def config_proxy(self, num_proxies):
|
||||||
|
setattr(api_settings, 'NUM_PROXIES', num_proxies)
|
||||||
|
|
||||||
|
|
||||||
|
class IdWithXffBasicTests(XffTestingBase):
|
||||||
|
def test_accepts_request_under_limit(self):
|
||||||
|
self.config_proxy(0)
|
||||||
|
self.assertEqual(200, self.view(self.request).status_code)
|
||||||
|
|
||||||
|
def test_denies_request_over_limit(self):
|
||||||
|
self.config_proxy(0)
|
||||||
|
self.view(self.request)
|
||||||
|
self.assertEqual(429, self.view(self.request).status_code)
|
||||||
|
|
||||||
|
|
||||||
|
class XffSpoofingTests(XffTestingBase):
|
||||||
|
def test_xff_spoofing_doesnt_change_machine_id_with_one_app_proxy(self):
|
||||||
|
self.config_proxy(1)
|
||||||
|
self.view(self.request)
|
||||||
|
self.request.META['HTTP_X_FORWARDED_FOR'] = '4.4.4.4, 5.5.5.5, 2.2.2.2'
|
||||||
|
self.assertEqual(429, self.view(self.request).status_code)
|
||||||
|
|
||||||
|
def test_xff_spoofing_doesnt_change_machine_id_with_two_app_proxies(self):
|
||||||
|
self.config_proxy(2)
|
||||||
|
self.view(self.request)
|
||||||
|
self.request.META['HTTP_X_FORWARDED_FOR'] = '4.4.4.4, 1.1.1.1, 2.2.2.2'
|
||||||
|
self.assertEqual(429, self.view(self.request).status_code)
|
||||||
|
|
||||||
|
|
||||||
|
class XffUniqueMachinesTest(XffTestingBase):
|
||||||
|
def test_unique_clients_are_counted_independently_with_one_proxy(self):
|
||||||
|
self.config_proxy(1)
|
||||||
|
self.view(self.request)
|
||||||
|
self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 1.1.1.1, 7.7.7.7'
|
||||||
|
self.assertEqual(200, self.view(self.request).status_code)
|
||||||
|
|
||||||
|
def test_unique_clients_are_counted_independently_with_two_proxies(self):
|
||||||
|
self.config_proxy(2)
|
||||||
|
self.view(self.request)
|
||||||
|
self.request.META['HTTP_X_FORWARDED_FOR'] = '0.0.0.0, 7.7.7.7, 2.2.2.2'
|
||||||
|
self.assertEqual(200, self.view(self.request).status_code)
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
from collections import namedtuple
|
from collections import namedtuple
|
||||||
|
from django.conf.urls import patterns, url, include
|
||||||
from django.core import urlresolvers
|
from django.core import urlresolvers
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
from rest_framework.test import APIRequestFactory
|
from rest_framework.test import APIRequestFactory
|
||||||
from rest_framework.compat import patterns, url, include
|
|
||||||
from rest_framework.urlpatterns import format_suffix_patterns
|
from rest_framework.urlpatterns import format_suffix_patterns
|
||||||
|
|
||||||
|
|
||||||
|
|
26
tox.ini
26
tox.ini
|
@ -1,6 +1,6 @@
|
||||||
[tox]
|
[tox]
|
||||||
downloadcache = {toxworkdir}/cache/
|
downloadcache = {toxworkdir}/cache/
|
||||||
envlist = py3.3-django1.7,py3.2-django1.7,py2.7-django1.7,py3.3-django1.6,py3.2-django1.6,py2.7-django1.6,py2.6-django1.6,py3.3-django1.5,py3.2-django1.5,py2.7-django1.5,py2.6-django1.5,py2.7-django1.4,py2.6-django1.4,py2.7-django1.3,py2.6-django1.3
|
envlist = py3.3-django1.7,py3.2-django1.7,py2.7-django1.7,py3.3-django1.6,py3.2-django1.6,py2.7-django1.6,py2.6-django1.6,py3.3-django1.5,py3.2-django1.5,py2.7-django1.5,py2.6-django1.5,py2.7-django1.4,py2.6-django1.4
|
||||||
|
|
||||||
[testenv]
|
[testenv]
|
||||||
commands = py.test -q
|
commands = py.test -q
|
||||||
|
@ -136,27 +136,3 @@ deps = django==1.4.11
|
||||||
django-guardian==1.1.1
|
django-guardian==1.1.1
|
||||||
Pillow==2.3.0
|
Pillow==2.3.0
|
||||||
pytest-django==2.6.1
|
pytest-django==2.6.1
|
||||||
|
|
||||||
[testenv:py2.7-django1.3]
|
|
||||||
basepython = python2.7
|
|
||||||
deps = django==1.3.5
|
|
||||||
django-filter==0.5.4
|
|
||||||
defusedxml==0.3
|
|
||||||
django-oauth-plus==2.2.1
|
|
||||||
oauth2==1.5.211
|
|
||||||
django-oauth2-provider==0.2.3
|
|
||||||
django-guardian==1.1.1
|
|
||||||
Pillow==2.3.0
|
|
||||||
pytest-django==2.6.1
|
|
||||||
|
|
||||||
[testenv:py2.6-django1.3]
|
|
||||||
basepython = python2.6
|
|
||||||
deps = django==1.3.5
|
|
||||||
django-filter==0.5.4
|
|
||||||
defusedxml==0.3
|
|
||||||
django-oauth-plus==2.2.1
|
|
||||||
oauth2==1.5.211
|
|
||||||
django-oauth2-provider==0.2.3
|
|
||||||
django-guardian==1.1.1
|
|
||||||
Pillow==2.3.0
|
|
||||||
pytest-django==2.6.1
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user