Merge branch 'master' into localizedfloatfield

2025-08-25 14:44:47 +03:00 · 2017-03-03 10:13:00 +01:00 · 2017-03-03 10:13:00 +01:00 · 878a0a577f
commit 878a0a577f
parent 38b306426c 35bccaab90
5 changed files with 27 additions and 3 deletions
--- a/docs/index.md
+++ b/docs/index.md
@ -95,7 +95,7 @@ The following packages are optional:

 * [coreapi][coreapi] (1.32.0+) - Schema generation support.
 * [Markdown][markdown] (2.1.0+) - Markdown support for the browsable API.
-* [django-filter][django-filter] (0.9.2+) - Filtering support.
+* [django-filter][django-filter] (1.0.1+) - Filtering support.
 * [django-crispy-forms][django-crispy-forms] - Improved HTML display for filtering.
 * [django-guardian][django-guardian] (1.1.1+) - Object level permissions support.

--- a/docs/topics/documenting-your-api.md
+++ b/docs/topics/documenting-your-api.md
@ -148,4 +148,4 @@ To implement a hypermedia API you'll need to decide on an appropriate media type
 [image-django-rest-swagger]: ../img/django-rest-swagger.png
 [image-apiary]: ../img/apiary.png
 [image-self-describing-api]: ../img/self-describing.png
-[schemas-examples]: api-guide/schemas/#examples
+[schemas-examples]: ../api-guide/schemas/#examples
--- a/docs/topics/tutorials-and-resources.md
+++ b/docs/topics/tutorials-and-resources.md
@ -64,7 +64,7 @@ There are a wide range of resources available for learning and using Django REST
 * [Classy Django REST Framework][cdrf.co]
 * [DRF-schema-adapter][drf-schema]

-Want your Django REST Framework talk/tutorial/article to be added to our website? Or know of a resource that's not yet included here? Please [submit a pull request][submit-pr] or [email us][mailto:anna@django-rest-framework.org]!
+Want your Django REST Framework talk/tutorial/article to be added to our website? Or know of a resource that's not yet included here? Please [submit a pull request][submit-pr] or [email us][anna-email]!


 [beginners-guide-to-the-django-rest-framework]: http://code.tutsplus.com/tutorials/beginners-guide-to-the-django-rest-framework--cms-19786
@ -107,3 +107,4 @@ Want your Django REST Framework talk/tutorial/article to be added to our website
 [drf-tutorial]: https://tests4geeks.com/django-rest-framework-tutorial/
 [building-a-restful-api-with-drf]: http://agiliq.com/blog/2014/12/building-a-restful-api-with-django-rest-framework/
 [submit-pr]: https://github.com/tomchristie/django-rest-framework
+[anna-email]: mailto:anna@django-rest-framework.org
--- a/rest_framework/permissions.py
+++ b/rest_framework/permissions.py
@ -5,6 +5,7 @@ from __future__ import unicode_literals

 from django.http import Http404

+from rest_framework import exceptions
 from rest_framework.compat import is_authenticated


@ -108,6 +109,10 @@ class DjangoModelPermissions(BasePermission):
            'app_label': model_cls._meta.app_label,
            'model_name': model_cls._meta.model_name
        }
+
+        if method not in self.perms_map:
+            raise exceptions.MethodNotAllowed(method)
+
        return [perm % kwargs for perm in self.perms_map[method]]

    def has_permission(self, request, view):
@ -169,6 +174,10 @@ class DjangoObjectPermissions(DjangoModelPermissions):
            'app_label': model_cls._meta.app_label,
            'model_name': model_cls._meta.model_name
        }
+
+        if method not in self.perms_map:
+            raise exceptions.MethodNotAllowed(method)
+
        return [perm % kwargs for perm in self.perms_map[method]]

    def has_object_permission(self, request, view, obj):
--- a/tests/test_permissions.py
+++ b/tests/test_permissions.py
@ -200,6 +200,15 @@ class ModelPermissionsIntegrationTests(TestCase):
        response = empty_list_view(request, pk=1)
        self.assertEqual(response.status_code, status.HTTP_200_OK)

+    def test_calling_method_not_allowed(self):
+        request = factory.generic('METHOD_NOT_ALLOWED', '/')
+        response = root_view(request)
+        self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
+
+        request = factory.generic('METHOD_NOT_ALLOWED', '/1')
+        response = instance_view(request, pk='1')
+        self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
+

 class BasicPermModel(models.Model):
    text = models.CharField(max_length=100)
@ -384,6 +393,11 @@ class ObjectPermissionsIntegrationTests(TestCase):
        self.assertEqual(response.status_code, status.HTTP_200_OK)
        self.assertListEqual(response.data, [])

+    def test_cannot_method_not_allowed(self):
+        request = factory.generic('METHOD_NOT_ALLOWED', '/')
+        response = object_permissions_list_view(request)
+        self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
+

 class BasicPerm(permissions.BasePermission):
    def has_permission(self, request, view):