encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-05 04:50:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into localizedfloatfield

Browse Source
This commit is contained in:
kgeorgy 2017-03-03 10:13:00 +01:00 committed by GitHub
commit 878a0a577f
5 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/index.md
View File

@ -95,7 +95,7 @@ The following packages are optional:
* [coreapi][coreapi] (1.32.0+) - Schema generation support. * [coreapi][coreapi] (1.32.0+) - Schema generation support.
* [Markdown][markdown] (2.1.0+) - Markdown support for the browsable API. * [Markdown][markdown] (2.1.0+) - Markdown support for the browsable API.
* [django-filter][django-filter] (0.9.2+) - Filtering support. * [django-filter][django-filter] (1.0.1+) - Filtering support.
* [django-crispy-forms][django-crispy-forms] - Improved HTML display for filtering. * [django-crispy-forms][django-crispy-forms] - Improved HTML display for filtering.
* [django-guardian][django-guardian] (1.1.1+) - Object level permissions support. * [django-guardian][django-guardian] (1.1.1+) - Object level permissions support.

2
docs/topics/documenting-your-api.md
View File

@ -148,4 +148,4 @@ To implement a hypermedia API you'll need to decide on an appropriate media type
[image-django-rest-swagger]: ../img/django-rest-swagger.png [image-django-rest-swagger]: ../img/django-rest-swagger.png
[image-apiary]: ../img/apiary.png [image-apiary]: ../img/apiary.png
[image-self-describing-api]: ../img/self-describing.png [image-self-describing-api]: ../img/self-describing.png
[schemas-examples]: api-guide/schemas/#examples [schemas-examples]: ../api-guide/schemas/#examples

3
docs/topics/tutorials-and-resources.md
View File

@ -64,7 +64,7 @@ There are a wide range of resources available for learning and using Django REST
* [Classy Django REST Framework][cdrf.co] * [Classy Django REST Framework][cdrf.co]
* [DRF-schema-adapter][drf-schema] * [DRF-schema-adapter][drf-schema]
Want your Django REST Framework talk/tutorial/article to be added to our website? Or know of a resource that's not yet included here? Please [submit a pull request][submit-pr] or [email us][mailto:anna@django-rest-framework.org]! Want your Django REST Framework talk/tutorial/article to be added to our website? Or know of a resource that's not yet included here? Please [submit a pull request][submit-pr] or [email us][anna-email]!
[beginners-guide-to-the-django-rest-framework]: http://code.tutsplus.com/tutorials/beginners-guide-to-the-django-rest-framework--cms-19786 [beginners-guide-to-the-django-rest-framework]: http://code.tutsplus.com/tutorials/beginners-guide-to-the-django-rest-framework--cms-19786
@ -107,3 +107,4 @@ Want your Django REST Framework talk/tutorial/article to be added to our website
[drf-tutorial]: https://tests4geeks.com/django-rest-framework-tutorial/ [drf-tutorial]: https://tests4geeks.com/django-rest-framework-tutorial/
[building-a-restful-api-with-drf]: http://agiliq.com/blog/2014/12/building-a-restful-api-with-django-rest-framework/ [building-a-restful-api-with-drf]: http://agiliq.com/blog/2014/12/building-a-restful-api-with-django-rest-framework/
[submit-pr]: https://github.com/tomchristie/django-rest-framework [submit-pr]: https://github.com/tomchristie/django-rest-framework
[anna-email]: mailto:anna@django-rest-framework.org

9
rest_framework/permissions.py
View File

@ -5,6 +5,7 @@ from __future__ import unicode_literals
from django.http import Http404 from django.http import Http404
from rest_framework import exceptions
from rest_framework.compat import is_authenticated from rest_framework.compat import is_authenticated
@ -108,6 +109,10 @@ class DjangoModelPermissions(BasePermission):
'app_label': model_cls._meta.app_label, 'app_label': model_cls._meta.app_label,
'model_name': model_cls._meta.model_name 'model_name': model_cls._meta.model_name
} }
if method not in self.perms_map:
raise exceptions.MethodNotAllowed(method)
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_permission(self, request, view): def has_permission(self, request, view):
@ -169,6 +174,10 @@ class DjangoObjectPermissions(DjangoModelPermissions):
'app_label': model_cls._meta.app_label, 'app_label': model_cls._meta.app_label,
'model_name': model_cls._meta.model_name 'model_name': model_cls._meta.model_name
} }
if method not in self.perms_map:
raise exceptions.MethodNotAllowed(method)
return [perm % kwargs for perm in self.perms_map[method]] return [perm % kwargs for perm in self.perms_map[method]]
def has_object_permission(self, request, view, obj): def has_object_permission(self, request, view, obj):

14
tests/test_permissions.py
View File

@ -200,6 +200,15 @@ class ModelPermissionsIntegrationTests(TestCase):
response = empty_list_view(request, pk=1) response = empty_list_view(request, pk=1)
self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_calling_method_not_allowed(self):
request = factory.generic('METHOD_NOT_ALLOWED', '/')
response = root_view(request)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
request = factory.generic('METHOD_NOT_ALLOWED', '/1')
response = instance_view(request, pk='1')
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
class BasicPermModel(models.Model): class BasicPermModel(models.Model):
text = models.CharField(max_length=100) text = models.CharField(max_length=100)
@ -384,6 +393,11 @@ class ObjectPermissionsIntegrationTests(TestCase):
self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertListEqual(response.data, []) self.assertListEqual(response.data, [])
def test_cannot_method_not_allowed(self):
request = factory.generic('METHOD_NOT_ALLOWED', '/')
response = object_permissions_list_view(request)
self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED)
class BasicPerm(permissions.BasePermission): class BasicPerm(permissions.BasePermission):
def has_permission(self, request, view): def has_permission(self, request, view):