From c30ccac38ebc8ae4a990b7405bdbd924bc6b4377 Mon Sep 17 00:00:00 2001 From: tdruez Date: Mon, 27 Feb 2017 20:39:47 +0100 Subject: [PATCH 1/6] Added a failing test for #4927 --- tests/test_permissions.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/test_permissions.py b/tests/test_permissions.py index f8561e61d..ec8acc464 100644 --- a/tests/test_permissions.py +++ b/tests/test_permissions.py @@ -200,6 +200,11 @@ class ModelPermissionsIntegrationTests(TestCase): response = empty_list_view(request, pk=1) self.assertEqual(response.status_code, status.HTTP_200_OK) + def test_calling_method_not_allowed(self): + request = factory.generic('METHOD_NOT_ALLOWED', '/') + response = object_permissions_list_view(request) + self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) + class BasicPermModel(models.Model): text = models.CharField(max_length=100) From 06a1e12fd8d869607dc198a938464910763800d5 Mon Sep 17 00:00:00 2001 From: tdruez Date: Tue, 28 Feb 2017 17:51:32 +0100 Subject: [PATCH 2/6] Fixed Permissions.get_required_object_permissions for #4927 --- rest_framework/permissions.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index dd2d35ccd..11013fcca 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -5,6 +5,7 @@ from __future__ import unicode_literals from django.http import Http404 +from rest_framework import exceptions from rest_framework.compat import is_authenticated @@ -108,6 +109,10 @@ class DjangoModelPermissions(BasePermission): 'app_label': model_cls._meta.app_label, 'model_name': model_cls._meta.model_name } + + if method not in self.perms_map: + raise exceptions.MethodNotAllowed(method) + return [perm % kwargs for perm in self.perms_map[method]] def has_permission(self, request, view): @@ -169,6 +174,10 @@ class DjangoObjectPermissions(DjangoModelPermissions): 'app_label': model_cls._meta.app_label, 'model_name': model_cls._meta.model_name } + + if method not in self.perms_map: + raise exceptions.MethodNotAllowed(method) + return [perm % kwargs for perm in self.perms_map[method]] def has_object_permission(self, request, view, obj): From d58c89adc1ff2e3adb6e6c0eabe341abb1b75ce6 Mon Sep 17 00:00:00 2001 From: Binoj David Date: Tue, 28 Feb 2017 22:45:17 +0530 Subject: [PATCH 3/6] Fix Schemas Example URL --- docs/topics/documenting-your-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/topics/documenting-your-api.md b/docs/topics/documenting-your-api.md index ef4d2b4a8..76e53158c 100644 --- a/docs/topics/documenting-your-api.md +++ b/docs/topics/documenting-your-api.md @@ -148,4 +148,4 @@ To implement a hypermedia API you'll need to decide on an appropriate media type [image-django-rest-swagger]: ../img/django-rest-swagger.png [image-apiary]: ../img/apiary.png [image-self-describing-api]: ../img/self-describing.png -[schemas-examples]: api-guide/schemas/#examples +[schemas-examples]: ../api-guide/schemas/#examples From d616c1591f84ef864aa7adea2487bfbcef06ed09 Mon Sep 17 00:00:00 2001 From: tdruez Date: Wed, 1 Mar 2017 09:50:21 +0100 Subject: [PATCH 4/6] Added a test to cover the DjangoModelPermissions #4927 issue `DjangoObjectPermissions` and `DjangoModelPermissions` are now properly cover for the `METHOD_NOT_ALLOWED` issue --- tests/test_permissions.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/test_permissions.py b/tests/test_permissions.py index ec8acc464..cabf66883 100644 --- a/tests/test_permissions.py +++ b/tests/test_permissions.py @@ -202,7 +202,11 @@ class ModelPermissionsIntegrationTests(TestCase): def test_calling_method_not_allowed(self): request = factory.generic('METHOD_NOT_ALLOWED', '/') - response = object_permissions_list_view(request) + response = root_view(request) + self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) + + request = factory.generic('METHOD_NOT_ALLOWED', '/1') + response = instance_view(request, pk='1') self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) @@ -389,6 +393,11 @@ class ObjectPermissionsIntegrationTests(TestCase): self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertListEqual(response.data, []) + def test_cannot_method_not_allowed(self): + request = factory.generic('METHOD_NOT_ALLOWED', '/') + response = object_permissions_list_view(request) + self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) + class BasicPerm(permissions.BasePermission): def has_permission(self, request, view): From dfea596b0fa2aa9de131bf25fcaaecc4d5a72f68 Mon Sep 17 00:00:00 2001 From: Peter JJ MacDonald Date: Wed, 1 Mar 2017 16:27:23 -0500 Subject: [PATCH 5/6] Update django-filter requirement (#4933) --- docs/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 4abfba587..87ef0e9e3 100644 --- a/docs/index.md +++ b/docs/index.md @@ -95,7 +95,7 @@ The following packages are optional: * [coreapi][coreapi] (1.32.0+) - Schema generation support. * [Markdown][markdown] (2.1.0+) - Markdown support for the browsable API. -* [django-filter][django-filter] (0.9.2+) - Filtering support. +* [django-filter][django-filter] (1.0.1+) - Filtering support. * [django-crispy-forms][django-crispy-forms] - Improved HTML display for filtering. * [django-guardian][django-guardian] (1.1.1+) - Object level permissions support. From ff4f2520033954cc12d6ef4b176602d69da56a60 Mon Sep 17 00:00:00 2001 From: Anna Date: Fri, 3 Mar 2017 00:40:57 +0100 Subject: [PATCH 6/6] Fixed broken mail link in tutorials and resources --- docs/topics/tutorials-and-resources.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/topics/tutorials-and-resources.md b/docs/topics/tutorials-and-resources.md index 3bbe52e44..3fb1ec258 100644 --- a/docs/topics/tutorials-and-resources.md +++ b/docs/topics/tutorials-and-resources.md @@ -64,7 +64,7 @@ There are a wide range of resources available for learning and using Django REST * [Classy Django REST Framework][cdrf.co] * [DRF-schema-adapter][drf-schema] -Want your Django REST Framework talk/tutorial/article to be added to our website? Or know of a resource that's not yet included here? Please [submit a pull request][submit-pr] or [email us][mailto:anna@django-rest-framework.org]! +Want your Django REST Framework talk/tutorial/article to be added to our website? Or know of a resource that's not yet included here? Please [submit a pull request][submit-pr] or [email us][anna-email]! [beginners-guide-to-the-django-rest-framework]: http://code.tutsplus.com/tutorials/beginners-guide-to-the-django-rest-framework--cms-19786 @@ -107,3 +107,4 @@ Want your Django REST Framework talk/tutorial/article to be added to our website [drf-tutorial]: https://tests4geeks.com/django-rest-framework-tutorial/ [building-a-restful-api-with-drf]: http://agiliq.com/blog/2014/12/building-a-restful-api-with-django-rest-framework/ [submit-pr]: https://github.com/tomchristie/django-rest-framework +[anna-email]: mailto:anna@django-rest-framework.org