From 2f66c294e364b1ddaceb9b4422dcf74d7bc3803a Mon Sep 17 00:00:00 2001 From: Bruno Alla Date: Mon, 18 Mar 2024 22:29:02 +0000 Subject: [PATCH 01/47] Make `inflection` package truly optional (#9303) * Make inflection package truly optional Fix #9291 * Make inflection compat layer consistent with the others Co-authored-by: T. Franzel <13507857+tfranzel@users.noreply.github.com> --------- Co-authored-by: T. Franzel <13507857+tfranzel@users.noreply.github.com> --- docs/api-guide/schemas.md | 3 ++- rest_framework/compat.py | 6 ++++++ rest_framework/schemas/openapi.py | 7 +++---- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/api-guide/schemas.md b/docs/api-guide/schemas.md index 7af98dbf5..c387af972 100644 --- a/docs/api-guide/schemas.md +++ b/docs/api-guide/schemas.md @@ -56,10 +56,11 @@ The following sections explain more. ### Install dependencies - pip install pyyaml uritemplate + pip install pyyaml uritemplate inflection * `pyyaml` is used to generate schema into YAML-based OpenAPI format. * `uritemplate` is used internally to get parameters in path. +* `inflection` is used to pluralize operations more appropriately in the list endpoints. ### Generating a static schema with the `generateschema` management command diff --git a/rest_framework/compat.py b/rest_framework/compat.py index 472b8ad24..afc06b6cb 100644 --- a/rest_framework/compat.py +++ b/rest_framework/compat.py @@ -46,6 +46,12 @@ try: except ImportError: yaml = None +# inflection is optional +try: + import inflection +except ImportError: + inflection = None + # requests is optional try: diff --git a/rest_framework/schemas/openapi.py b/rest_framework/schemas/openapi.py index c154494e2..38031e646 100644 --- a/rest_framework/schemas/openapi.py +++ b/rest_framework/schemas/openapi.py @@ -14,7 +14,7 @@ from django.utils.encoding import force_str from rest_framework import ( RemovedInDRF315Warning, exceptions, renderers, serializers ) -from rest_framework.compat import uritemplate +from rest_framework.compat import inflection, uritemplate from rest_framework.fields import _UnvalidatedField, empty from rest_framework.settings import api_settings @@ -247,9 +247,8 @@ class AutoSchema(ViewInspector): name = name[:-len(action)] if action == 'list': - from inflection import pluralize - - name = pluralize(name) + assert inflection, '`inflection` must be installed for OpenAPI schema support.' + name = inflection.pluralize(name) return name From 77ef27f18fc7c11e1d2e5fd4aaa8acc51cda6792 Mon Sep 17 00:00:00 2001 From: Bruno Alla Date: Tue, 19 Mar 2024 07:24:55 +0000 Subject: [PATCH 02/47] Fix broken links in release notes for 3.15 (#9305) * Fix broken links in release notes for 3.15 A few links aren't rendered properly in the docs, seems to be due to extra spaces. * Remove duplicate mention of PR number --- docs/community/release-notes.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/community/release-notes.md b/docs/community/release-notes.md index ab591db3b..07220ef0f 100644 --- a/docs/community/release-notes.md +++ b/docs/community/release-notes.md @@ -40,8 +40,8 @@ You can determine your currently installed version using `pip show`: Date: 15th March 2024 -* Django 5.0 and Python 3.12 support [[#9157] (https://github.com/encode/django-rest-framework/pull/9157)] -* Use POST method instead of GET to perform logout in browsable API [[9208] (https://github.com/encode/django-rest-framework/pull/9208)] +* Django 5.0 and Python 3.12 support [[#9157](https://github.com/encode/django-rest-framework/pull/9157)] +* Use POST method instead of GET to perform logout in browsable API [[9208](https://github.com/encode/django-rest-framework/pull/9208)] * Added jQuery 3.7.1 support & dropped previous version [[#9094](https://github.com/encode/django-rest-framework/pull/9094)] * Use str as default path converter [[#9066](https://github.com/encode/django-rest-framework/pull/9066)] * Document support for http.HTTPMethod in the @action decorator added in Python 3.11 [[#9067](https://github.com/encode/django-rest-framework/pull/9067)] @@ -92,7 +92,7 @@ Date: 15th March 2024 * Use autocomplete widget for user selection in Token admin [[#8534](https://github.com/encode/django-rest-framework/pull/8534)] * Make browsable API compatible with strong CSP [[#8784](https://github.com/encode/django-rest-framework/pull/8784)] * Avoid inline script execution for injecting CSRF token [[#7016](https://github.com/encode/django-rest-framework/pull/7016)] -* Mitigate global dependency on inflection #8017 [[#8017](https://github.com/encode/django-rest-framework/pull/8017)] [[#8781](https://github.com/encode/django-rest-framework/pull/8781)] +* Mitigate global dependency on inflection [[#8017](https://github.com/encode/django-rest-framework/pull/8017)] [[#8781](https://github.com/encode/django-rest-framework/pull/8781)] * Register Django urls [[#8778](https://github.com/encode/django-rest-framework/pull/8778)] * Implemented Verbose Name Translation for TokenProxy [[#8713](https://github.com/encode/django-rest-framework/pull/8713)] * Properly handle OverflowError in DurationField deserialization [[#8042](https://github.com/encode/django-rest-framework/pull/8042)] @@ -110,7 +110,7 @@ Date: 15th March 2024 * Add `__eq__` method for `OperandHolder` class [[#8710](https://github.com/encode/django-rest-framework/pull/8710)] * Avoid importing `django.test` package when not testing [[#8699](https://github.com/encode/django-rest-framework/pull/8699)] * Preserve exception messages for wrapped Django exceptions [[#8051](https://github.com/encode/django-rest-framework/pull/8051)] -* Include `examples` and `format` to OpenAPI schema of CursorPagination [[#8687] (https://github.com/encode/django-rest-framework/pull/8687)] [[#8686](https://github.com/encode/django-rest-framework/pull/8686)] +* Include `examples` and `format` to OpenAPI schema of CursorPagination [[#8687](https://github.com/encode/django-rest-framework/pull/8687)] [[#8686](https://github.com/encode/django-rest-framework/pull/8686)] * Fix infinite recursion with deepcopy on Request [[#8684](https://github.com/encode/django-rest-framework/pull/8684)] * Refactor: Replace try/except with contextlib.suppress() [[#8676](https://github.com/encode/django-rest-framework/pull/8676)] * Minor fix to SerializeMethodField docstring [[#8629](https://github.com/encode/django-rest-framework/pull/8629)] From d7c8dcfc7ee33edff0383688f89e7c1f6b474f6d Mon Sep 17 00:00:00 2001 From: Alex Laird Date: Thu, 21 Mar 2024 07:46:06 -0500 Subject: [PATCH 03/47] Revert PR that adds autocomplete_fields to TokenAdmin, as this break some use cases. (#9301) --- rest_framework/authtoken/admin.py | 1 - 1 file changed, 1 deletion(-) diff --git a/rest_framework/authtoken/admin.py b/rest_framework/authtoken/admin.py index 163328eb0..eabb8fca8 100644 --- a/rest_framework/authtoken/admin.py +++ b/rest_framework/authtoken/admin.py @@ -28,7 +28,6 @@ class TokenAdmin(admin.ModelAdmin): search_help_text = _('Username') ordering = ('-created',) actions = None # Actions not compatible with mapped IDs. - autocomplete_fields = ("user",) def get_changelist(self, request, **kwargs): return TokenChangeList From 56a5b354d0f82ea7e0df5cc4aa5187fe8450cbcb Mon Sep 17 00:00:00 2001 From: Aristotelis Mikropoulos Date: Thu, 21 Mar 2024 16:10:10 +0200 Subject: [PATCH 04/47] Add drf-sendables to third-party-packages.md (#9261) --- docs/community/third-party-packages.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/community/third-party-packages.md b/docs/community/third-party-packages.md index 3a4ba5848..a92da82fc 100644 --- a/docs/community/third-party-packages.md +++ b/docs/community/third-party-packages.md @@ -125,6 +125,7 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque ### Misc +* [drf-sendables][drf-sendables] - User messages for Django REST Framework * [cookiecutter-django-rest][cookiecutter-django-rest] - A cookiecutter template that takes care of the setup and configuration so you can focus on making your REST apis awesome. * [djangorestrelationalhyperlink][djangorestrelationalhyperlink] - A hyperlinked serializer that can can be used to alter relationships via hyperlinks, but otherwise like a hyperlink model serializer. * [django-rest-framework-proxy][django-rest-framework-proxy] - Proxy to redirect incoming request to another API server. @@ -157,6 +158,7 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque * [drf-redesign][drf-redesign] - A project that gives a fresh look to the browse-able API using Bootstrap 5. * [drf-material][drf-material] - A project that gives a sleek and elegant look to the browsable API using Material Design. +[drf-sendables]: https://github.com/amikrop/drf-sendables [cite]: http://www.software-ecosystems.com/Software_Ecosystems/Ecosystems.html [cookiecutter]: https://github.com/jpadilla/cookiecutter-django-rest-framework [new-repo]: https://github.com/new From 0e4ed816279a8b9332544192ad90f7324f49cd62 Mon Sep 17 00:00:00 2001 From: Asif Saif Uddin Date: Thu, 21 Mar 2024 22:09:43 +0600 Subject: [PATCH 05/47] =?UTF-8?q?Revert=20"feat:=20Add=20some=20changes=20?= =?UTF-8?q?to=20ValidationError=20to=20support=20django=20style=20vad?= =?UTF-8?q?=E2=80=A6"=20(#9326)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 4abfa28e0879e2df45937ac8c7a9ffa161561955. Co-authored-by: Tom Christie --- rest_framework/exceptions.py | 19 ++------ tests/test_validation_error.py | 86 ---------------------------------- 2 files changed, 3 insertions(+), 102 deletions(-) diff --git a/rest_framework/exceptions.py b/rest_framework/exceptions.py index bc20fcaa3..09f111102 100644 --- a/rest_framework/exceptions.py +++ b/rest_framework/exceptions.py @@ -144,30 +144,17 @@ class ValidationError(APIException): status_code = status.HTTP_400_BAD_REQUEST default_detail = _('Invalid input.') default_code = 'invalid' - default_params = {} - def __init__(self, detail=None, code=None, params=None): + def __init__(self, detail=None, code=None): if detail is None: detail = self.default_detail if code is None: code = self.default_code - if params is None: - params = self.default_params # For validation failures, we may collect many errors together, # so the details should always be coerced to a list if not already. - if isinstance(detail, str): - detail = [detail % params] - elif isinstance(detail, ValidationError): - detail = detail.detail - elif isinstance(detail, (list, tuple)): - final_detail = [] - for detail_item in detail: - if isinstance(detail_item, ValidationError): - final_detail += detail_item.detail - else: - final_detail += [detail_item % params if isinstance(detail_item, str) else detail_item] - detail = final_detail + if isinstance(detail, tuple): + detail = list(detail) elif not isinstance(detail, dict) and not isinstance(detail, list): detail = [detail] diff --git a/tests/test_validation_error.py b/tests/test_validation_error.py index 7b8b3190f..341c4342a 100644 --- a/tests/test_validation_error.py +++ b/tests/test_validation_error.py @@ -109,89 +109,3 @@ class TestValidationErrorConvertsTuplesToLists(TestCase): assert len(error.detail) == 2 assert str(error.detail[0]) == 'message1' assert str(error.detail[1]) == 'message2' - - -class TestValidationErrorWithDjangoStyle(TestCase): - def test_validation_error_details(self): - error = ValidationError('Invalid value: %(value)s', params={'value': '42'}) - assert str(error.detail[0]) == 'Invalid value: 42' - - def test_validation_error_details_tuple(self): - error = ValidationError( - detail=('Invalid value: %(value1)s', 'Invalid value: %(value2)s'), - params={'value1': '42', 'value2': '43'}, - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 2 - assert str(error.detail[0]) == 'Invalid value: 42' - assert str(error.detail[1]) == 'Invalid value: 43' - - def test_validation_error_details_list(self): - error = ValidationError( - detail=['Invalid value: %(value1)s', 'Invalid value: %(value2)s', ], - params={'value1': '42', 'value2': '43'} - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 2 - assert str(error.detail[0]) == 'Invalid value: 42' - assert str(error.detail[1]) == 'Invalid value: 43' - - def test_validation_error_details_validation_errors(self): - error = ValidationError( - detail=ValidationError( - detail='Invalid value: %(value1)s', - params={'value1': '42'}, - ), - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 1 - assert str(error.detail[0]) == 'Invalid value: 42' - - def test_validation_error_details_validation_errors_list(self): - error = ValidationError( - detail=[ - ValidationError( - detail='Invalid value: %(value1)s', - params={'value1': '42'}, - ), - ValidationError( - detail='Invalid value: %(value2)s', - params={'value2': '43'}, - ), - 'Invalid value: %(value3)s' - ], - params={'value3': '44'} - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 3 - assert str(error.detail[0]) == 'Invalid value: 42' - assert str(error.detail[1]) == 'Invalid value: 43' - assert str(error.detail[2]) == 'Invalid value: 44' - - def test_validation_error_details_validation_errors_nested_list(self): - error = ValidationError( - detail=[ - ValidationError( - detail='Invalid value: %(value1)s', - params={'value1': '42'}, - ), - ValidationError( - detail=[ - 'Invalid value: %(value2)s', - ValidationError( - detail='Invalid value: %(value3)s', - params={'value3': '44'}, - ) - ], - params={'value2': '43'}, - ), - 'Invalid value: %(value4)s' - ], - params={'value4': '45'} - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 4 - assert str(error.detail[0]) == 'Invalid value: 42' - assert str(error.detail[1]) == 'Invalid value: 43' - assert str(error.detail[2]) == 'Invalid value: 44' - assert str(error.detail[3]) == 'Invalid value: 45' From da78a147f2f3c5820396f9fcd9372b2f5b9bbd18 Mon Sep 17 00:00:00 2001 From: Asif Saif Uddin Date: Fri, 22 Mar 2024 04:23:30 +0600 Subject: [PATCH 06/47] Revert "Re-prefetch related objects after updating (#8043)" (#9327) This reverts commit 2b34aa42916882cba03cfea41a1f82b7ae18476a. --- rest_framework/mixins.py | 9 +--- tests/test_prefetch_related.py | 94 +++++++++++----------------------- 2 files changed, 32 insertions(+), 71 deletions(-) diff --git a/rest_framework/mixins.py b/rest_framework/mixins.py index 6ac6366c7..7fa8947cb 100644 --- a/rest_framework/mixins.py +++ b/rest_framework/mixins.py @@ -4,8 +4,6 @@ Basic building blocks for generic class based views. We don't bind behaviour to http method handlers yet, which allows mixin classes to be composed in interesting ways. """ -from django.db.models.query import prefetch_related_objects - from rest_framework import status from rest_framework.response import Response from rest_framework.settings import api_settings @@ -69,13 +67,10 @@ class UpdateModelMixin: serializer.is_valid(raise_exception=True) self.perform_update(serializer) - queryset = self.filter_queryset(self.get_queryset()) - if queryset._prefetch_related_lookups: + if getattr(instance, '_prefetched_objects_cache', None): # If 'prefetch_related' has been applied to a queryset, we need to - # forcibly invalidate the prefetch cache on the instance, - # and then re-prefetch related objects + # forcibly invalidate the prefetch cache on the instance. instance._prefetched_objects_cache = {} - prefetch_related_objects([instance], *queryset._prefetch_related_lookups) return Response(serializer.data) diff --git a/tests/test_prefetch_related.py b/tests/test_prefetch_related.py index 8e7bcf4ac..b07087c97 100644 --- a/tests/test_prefetch_related.py +++ b/tests/test_prefetch_related.py @@ -1,5 +1,4 @@ from django.contrib.auth.models import Group, User -from django.db.models.query import Prefetch from django.test import TestCase from rest_framework import generics, serializers @@ -9,84 +8,51 @@ factory = APIRequestFactory() class UserSerializer(serializers.ModelSerializer): - permissions = serializers.SerializerMethodField() - - def get_permissions(self, obj): - ret = [] - for g in obj.groups.all(): - ret.extend([p.pk for p in g.permissions.all()]) - return ret - class Meta: model = User - fields = ('id', 'username', 'email', 'groups', 'permissions') + fields = ('id', 'username', 'email', 'groups') -class UserRetrieveUpdate(generics.RetrieveUpdateAPIView): - queryset = User.objects.exclude(username='exclude').prefetch_related( - Prefetch('groups', queryset=Group.objects.exclude(name='exclude')), - 'groups__permissions', - ) - serializer_class = UserSerializer - - -class UserUpdateWithoutPrefetchRelated(generics.UpdateAPIView): - queryset = User.objects.exclude(username='exclude') +class UserUpdate(generics.UpdateAPIView): + queryset = User.objects.exclude(username='exclude').prefetch_related('groups') serializer_class = UserSerializer class TestPrefetchRelatedUpdates(TestCase): def setUp(self): self.user = User.objects.create(username='tom', email='tom@example.com') - self.groups = [Group.objects.create(name=f'group {i}') for i in range(10)] + self.groups = [Group.objects.create(name='a'), Group.objects.create(name='b')] self.user.groups.set(self.groups) - self.user.groups.add(Group.objects.create(name='exclude')) - self.expected = { - 'id': self.user.pk, - 'username': 'tom', - 'groups': [group.pk for group in self.groups], - 'email': 'tom@example.com', - 'permissions': [], - } - self.view = UserRetrieveUpdate.as_view() def test_prefetch_related_updates(self): - self.groups.append(Group.objects.create(name='c')) - request = factory.put( - '/', {'username': 'new', 'groups': [group.pk for group in self.groups]}, format='json' - ) - self.expected['username'] = 'new' - self.expected['groups'] = [group.pk for group in self.groups] - response = self.view(request, pk=self.user.pk) - assert User.objects.get(pk=self.user.pk).groups.count() == 12 - assert response.data == self.expected - # Update and fetch should get same result - request = factory.get('/') - response = self.view(request, pk=self.user.pk) - assert response.data == self.expected + view = UserUpdate.as_view() + pk = self.user.pk + groups_pk = self.groups[0].pk + request = factory.put('/', {'username': 'new', 'groups': [groups_pk]}, format='json') + response = view(request, pk=pk) + assert User.objects.get(pk=pk).groups.count() == 1 + expected = { + 'id': pk, + 'username': 'new', + 'groups': [1], + 'email': 'tom@example.com' + } + assert response.data == expected def test_prefetch_related_excluding_instance_from_original_queryset(self): """ Regression test for https://github.com/encode/django-rest-framework/issues/4661 """ - request = factory.put( - '/', {'username': 'exclude', 'groups': [self.groups[0].pk]}, format='json' - ) - response = self.view(request, pk=self.user.pk) - assert User.objects.get(pk=self.user.pk).groups.count() == 2 - self.expected['username'] = 'exclude' - self.expected['groups'] = [self.groups[0].pk] - assert response.data == self.expected - - def test_db_query_count(self): - request = factory.put( - '/', {'username': 'new'}, format='json' - ) - with self.assertNumQueries(7): - self.view(request, pk=self.user.pk) - - request = factory.put( - '/', {'username': 'new2'}, format='json' - ) - with self.assertNumQueries(16): - UserUpdateWithoutPrefetchRelated.as_view()(request, pk=self.user.pk) + view = UserUpdate.as_view() + pk = self.user.pk + groups_pk = self.groups[0].pk + request = factory.put('/', {'username': 'exclude', 'groups': [groups_pk]}, format='json') + response = view(request, pk=pk) + assert User.objects.get(pk=pk).groups.count() == 1 + expected = { + 'id': pk, + 'username': 'exclude', + 'groups': [1], + 'email': 'tom@example.com' + } + assert response.data == expected From a4d58077a0aca89b82f63ab33ebb36b16bf26d4a Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 21 Mar 2024 22:26:50 +0000 Subject: [PATCH 07/47] =?UTF-8?q?Revert=20"feat:=20Add=20some=20changes=20?= =?UTF-8?q?to=20ValidationError=20to=20support=20django=20style=20vad?= =?UTF-8?q?=E2=80=A6"=20(#9330)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 4abfa28e0879e2df45937ac8c7a9ffa161561955. From 4f10c4e43ee57f4a2e387e0c8d44d28d21a3621c Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 21 Mar 2024 22:45:12 +0000 Subject: [PATCH 08/47] =?UTF-8?q?Revert=20"Fix=20Respect=20`can=5Fread=5Fm?= =?UTF-8?q?odel`=20permission=20in=20DjangoModelPermissions=20(#8=E2=80=A6?= =?UTF-8?q?"=20(#9332)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 0618fa88e1a8c2cf8a2aab29ef6de66b49e5f7ed. --- docs/api-guide/permissions.md | 3 +-- rest_framework/permissions.py | 11 +++-------- tests/test_permissions.py | 21 +-------------------- 3 files changed, 5 insertions(+), 30 deletions(-) diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index 5e0b6a153..775888fb6 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -173,12 +173,11 @@ This permission is suitable if you want to your API to allow read permissions to This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. This permission must only be applied to views that have a `.queryset` property or `get_queryset()` method. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned. The appropriate model is determined by checking `get_queryset().model` or `queryset.model`. -* `GET` requests require the user to have the `view` or `change` permission on the model * `POST` requests require the user to have the `add` permission on the model. * `PUT` and `PATCH` requests require the user to have the `change` permission on the model. * `DELETE` requests require the user to have the `delete` permission on the model. -The default behaviour can also be overridden to support custom model permissions. +The default behavior can also be overridden to support custom model permissions. For example, you might want to include a `view` model permission for `GET` requests. To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property. Refer to the source code for details. diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 8fb4569cb..71de226f9 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -186,9 +186,9 @@ class DjangoModelPermissions(BasePermission): # Override this if you need to also provide 'view' permissions, # or if you want to provide custom permission codes. perms_map = { - 'GET': ['%(app_label)s.view_%(model_name)s'], + 'GET': [], 'OPTIONS': [], - 'HEAD': ['%(app_label)s.view_%(model_name)s'], + 'HEAD': [], 'POST': ['%(app_label)s.add_%(model_name)s'], 'PUT': ['%(app_label)s.change_%(model_name)s'], 'PATCH': ['%(app_label)s.change_%(model_name)s'], @@ -239,13 +239,8 @@ class DjangoModelPermissions(BasePermission): queryset = self._queryset(view) perms = self.get_required_permissions(request.method, queryset.model) - change_perm = self.get_required_permissions('PUT', queryset.model) - user = request.user - if request.method == 'GET': - return user.has_perms(perms) or user.has_perms(change_perm) - - return user.has_perms(perms) + return request.user.has_perms(perms) class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): diff --git a/tests/test_permissions.py b/tests/test_permissions.py index 428480dc7..aefff981e 100644 --- a/tests/test_permissions.py +++ b/tests/test_permissions.py @@ -80,8 +80,7 @@ class ModelPermissionsIntegrationTests(TestCase): user.user_permissions.set([ Permission.objects.get(codename='add_basicmodel'), Permission.objects.get(codename='change_basicmodel'), - Permission.objects.get(codename='delete_basicmodel'), - Permission.objects.get(codename='view_basicmodel') + Permission.objects.get(codename='delete_basicmodel') ]) user = User.objects.create_user('updateonly', 'updateonly@example.com', 'password') @@ -140,15 +139,6 @@ class ModelPermissionsIntegrationTests(TestCase): response = get_queryset_list_view(request, pk=1) self.assertEqual(response.status_code, status.HTTP_201_CREATED) - def test_has_get_permissions(self): - request = factory.get('/', HTTP_AUTHORIZATION=self.permitted_credentials) - response = root_view(request) - self.assertEqual(response.status_code, status.HTTP_200_OK) - - request = factory.get('/1', HTTP_AUTHORIZATION=self.updateonly_credentials) - response = root_view(request, pk=1) - self.assertEqual(response.status_code, status.HTTP_200_OK) - def test_has_put_permissions(self): request = factory.put('/1', {'text': 'foobar'}, format='json', HTTP_AUTHORIZATION=self.permitted_credentials) @@ -166,15 +156,6 @@ class ModelPermissionsIntegrationTests(TestCase): response = root_view(request, pk=1) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - def test_does_not_have_get_permissions(self): - request = factory.get('/', HTTP_AUTHORIZATION=self.disallowed_credentials) - response = root_view(request) - self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - - request = factory.get('/1', HTTP_AUTHORIZATION=self.disallowed_credentials) - response = root_view(request, pk=1) - self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - def test_does_not_have_put_permissions(self): request = factory.put('/1', {'text': 'foobar'}, format='json', HTTP_AUTHORIZATION=self.disallowed_credentials) From 4ef3aaf0ad0e31efe13d3c503a7099915a7c8875 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 22 Mar 2024 08:40:34 +0000 Subject: [PATCH 09/47] Revert #9030 (#9333) * Revert #9030 * Fix test case --- docs/api-guide/fields.md | 8 -- rest_framework/metadata.py | 4 - rest_framework/utils/field_mapping.py | 4 - tests/test_metadata.py | 129 -------------------------- tests/test_model_serializer.py | 6 +- 5 files changed, 3 insertions(+), 148 deletions(-) diff --git a/docs/api-guide/fields.md b/docs/api-guide/fields.md index ea944e1ff..94b6e7c21 100644 --- a/docs/api-guide/fields.md +++ b/docs/api-guide/fields.md @@ -68,14 +68,6 @@ When serializing the instance, default will be used if the object attribute or d Note that setting a `default` value implies that the field is not required. Including both the `default` and `required` keyword arguments is invalid and will raise an error. -Notes regarding default value propagation from model to serializer: - -All the default values from model will pass as default to the serializer and the options method. - -If the default is callable then it will be propagated to & evaluated every time in the serializer but not in options method. - -If the value for given field is not given then default value will be present in the serializer and available in serializer's methods. Specified validation on given field will be evaluated on default value as that field will be present in the serializer. - ### `allow_null` Normally an error will be raised if `None` is passed to a serializer field. Set this keyword argument to `True` if `None` should be considered a valid value. diff --git a/rest_framework/metadata.py b/rest_framework/metadata.py index fd0f4e163..364ca5b14 100644 --- a/rest_framework/metadata.py +++ b/rest_framework/metadata.py @@ -11,7 +11,6 @@ from django.http import Http404 from django.utils.encoding import force_str from rest_framework import exceptions, serializers -from rest_framework.fields import empty from rest_framework.request import clone_request from rest_framework.utils.field_mapping import ClassLookupDict @@ -150,7 +149,4 @@ class SimpleMetadata(BaseMetadata): for choice_value, choice_name in field.choices.items() ] - if getattr(field, 'default', None) and field.default != empty and not callable(field.default): - field_info['default'] = field.default - return field_info diff --git a/rest_framework/utils/field_mapping.py b/rest_framework/utils/field_mapping.py index 30bb65e0c..fc63f96fe 100644 --- a/rest_framework/utils/field_mapping.py +++ b/rest_framework/utils/field_mapping.py @@ -9,7 +9,6 @@ from django.db import models from django.utils.text import capfirst from rest_framework.compat import postgres_fields -from rest_framework.fields import empty from rest_framework.validators import UniqueValidator NUMERIC_FIELD_TYPES = ( @@ -128,9 +127,6 @@ def get_field_kwargs(field_name, model_field): kwargs['read_only'] = True return kwargs - if model_field.default is not None and model_field.default != empty and not callable(model_field.default): - kwargs['default'] = model_field.default - if model_field.has_default() or model_field.blank or model_field.null: kwargs['required'] = False diff --git a/tests/test_metadata.py b/tests/test_metadata.py index 387b9ecde..1bdc8697c 100644 --- a/tests/test_metadata.py +++ b/tests/test_metadata.py @@ -184,135 +184,6 @@ class TestMetadata: assert response.status_code == status.HTTP_200_OK assert response.data == expected - def test_actions_with_default(self): - """ - On generic views OPTIONS should return an 'actions' key with metadata - on the fields with default that may be supplied to PUT and POST requests. - """ - class NestedField(serializers.Serializer): - a = serializers.IntegerField(default=2) - b = serializers.IntegerField() - - class ExampleSerializer(serializers.Serializer): - choice_field = serializers.ChoiceField(['red', 'green', 'blue'], default='red') - integer_field = serializers.IntegerField( - min_value=1, max_value=1000, default=1 - ) - char_field = serializers.CharField( - min_length=3, max_length=40, default="example" - ) - list_field = serializers.ListField( - child=serializers.ListField( - child=serializers.IntegerField(default=1) - ) - ) - nested_field = NestedField() - uuid_field = serializers.UUIDField(label="UUID field") - - class ExampleView(views.APIView): - """Example view.""" - def post(self, request): - pass - - def get_serializer(self): - return ExampleSerializer() - - view = ExampleView.as_view() - response = view(request=request) - expected = { - 'name': 'Example', - 'description': 'Example view.', - 'renders': [ - 'application/json', - 'text/html' - ], - 'parses': [ - 'application/json', - 'application/x-www-form-urlencoded', - 'multipart/form-data' - ], - 'actions': { - 'POST': { - 'choice_field': { - 'type': 'choice', - 'required': False, - 'read_only': False, - 'label': 'Choice field', - "choices": [ - {'value': 'red', 'display_name': 'red'}, - {'value': 'green', 'display_name': 'green'}, - {'value': 'blue', 'display_name': 'blue'} - ], - 'default': 'red' - }, - 'integer_field': { - 'type': 'integer', - 'required': False, - 'read_only': False, - 'label': 'Integer field', - 'min_value': 1, - 'max_value': 1000, - 'default': 1 - }, - 'char_field': { - 'type': 'string', - 'required': False, - 'read_only': False, - 'label': 'Char field', - 'min_length': 3, - 'max_length': 40, - 'default': 'example' - }, - 'list_field': { - 'type': 'list', - 'required': True, - 'read_only': False, - 'label': 'List field', - 'child': { - 'type': 'list', - 'required': True, - 'read_only': False, - 'child': { - 'type': 'integer', - 'required': False, - 'read_only': False, - 'default': 1 - } - } - }, - 'nested_field': { - 'type': 'nested object', - 'required': True, - 'read_only': False, - 'label': 'Nested field', - 'children': { - 'a': { - 'type': 'integer', - 'required': False, - 'read_only': False, - 'label': 'A', - 'default': 2 - }, - 'b': { - 'type': 'integer', - 'required': True, - 'read_only': False, - 'label': 'B' - } - } - }, - 'uuid_field': { - 'type': 'string', - 'required': True, - 'read_only': False, - 'label': 'UUID field' - } - } - } - } - assert response.status_code == status.HTTP_200_OK - assert response.data == expected - def test_global_permissions(self): """ If a user does not have global permissions on an action, then any diff --git a/tests/test_model_serializer.py b/tests/test_model_serializer.py index 5b6551a98..d69f1652d 100644 --- a/tests/test_model_serializer.py +++ b/tests/test_model_serializer.py @@ -174,7 +174,7 @@ class TestRegularFieldMappings(TestCase): TestSerializer\(\): auto_field = IntegerField\(read_only=True\) big_integer_field = IntegerField\(.*\) - boolean_field = BooleanField\(default=False, required=False\) + boolean_field = BooleanField\(required=False\) char_field = CharField\(max_length=100\) comma_separated_integer_field = CharField\(max_length=100, validators=\[\]\) date_field = DateField\(\) @@ -183,7 +183,7 @@ class TestRegularFieldMappings(TestCase): email_field = EmailField\(max_length=100\) float_field = FloatField\(\) integer_field = IntegerField\(.*\) - null_boolean_field = BooleanField\(allow_null=True, default=False, required=False\) + null_boolean_field = BooleanField\(allow_null=True, required=False\) positive_integer_field = IntegerField\(.*\) positive_small_integer_field = IntegerField\(.*\) slug_field = SlugField\(allow_unicode=False, max_length=100\) @@ -210,7 +210,7 @@ class TestRegularFieldMappings(TestCase): length_limit_field = CharField\(max_length=12, min_length=3\) blank_field = CharField\(allow_blank=True, max_length=10, required=False\) null_field = IntegerField\(allow_null=True,.*required=False\) - default_field = IntegerField\(default=0,.*required=False\) + default_field = IntegerField\(.*required=False\) descriptive_field = IntegerField\(help_text='Some help text', label='A label'.*\) choices_field = ChoiceField\(choices=(?:\[|\()\('red', 'Red'\), \('blue', 'Blue'\), \('green', 'Green'\)(?:\]|\))\) text_choices_field = ChoiceField\(choices=(?:\[|\()\('red', 'Red'\), \('blue', 'Blue'\), \('green', 'Green'\)(?:\]|\))\) From 400b4c54419c5c88542ddd0b97219ad4fa8ee29a Mon Sep 17 00:00:00 2001 From: Asif Saif Uddin Date: Fri, 22 Mar 2024 15:39:30 +0600 Subject: [PATCH 10/47] =?UTF-8?q?Revert=20"Fix=20NamespaceVersioning=20ign?= =?UTF-8?q?oring=20DEFAULT=5FVERSION=20on=20non-None=20namespac=E2=80=A6"?= =?UTF-8?q?=20(#9335)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit 71f87a586400074f1840276c5cf36fc7da1c2c4c. --- rest_framework/versioning.py | 17 ++++--- tests/test_versioning.py | 93 +----------------------------------- 2 files changed, 9 insertions(+), 101 deletions(-) diff --git a/rest_framework/versioning.py b/rest_framework/versioning.py index a1c0ce4d7..c2764c7a4 100644 --- a/rest_framework/versioning.py +++ b/rest_framework/versioning.py @@ -119,16 +119,15 @@ class NamespaceVersioning(BaseVersioning): def determine_version(self, request, *args, **kwargs): resolver_match = getattr(request, 'resolver_match', None) - if resolver_match is not None and resolver_match.namespace: - # Allow for possibly nested namespaces. - possible_versions = resolver_match.namespace.split(':') - for version in possible_versions: - if self.is_allowed_version(version): - return version + if resolver_match is None or not resolver_match.namespace: + return self.default_version - if not self.is_allowed_version(self.default_version): - raise exceptions.NotFound(self.invalid_version_message) - return self.default_version + # Allow for possibly nested namespaces. + possible_versions = resolver_match.namespace.split(':') + for version in possible_versions: + if self.is_allowed_version(version): + return version + raise exceptions.NotFound(self.invalid_version_message) def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra): if request.version is not None: diff --git a/tests/test_versioning.py b/tests/test_versioning.py index 1ccecae0b..b21646184 100644 --- a/tests/test_versioning.py +++ b/tests/test_versioning.py @@ -272,7 +272,7 @@ class TestInvalidVersion: assert response.status_code == status.HTTP_404_NOT_FOUND -class TestAcceptHeaderAllowedAndDefaultVersion: +class TestAllowedAndDefaultVersion: def test_missing_without_default(self): scheme = versioning.AcceptHeaderVersioning view = AllowedVersionsView.as_view(versioning_class=scheme) @@ -318,97 +318,6 @@ class TestAcceptHeaderAllowedAndDefaultVersion: assert response.data == {'version': 'v2'} -class TestNamespaceAllowedAndDefaultVersion: - def test_no_namespace_without_default(self): - class FakeResolverMatch: - namespace = None - - scheme = versioning.NamespaceVersioning - view = AllowedVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_404_NOT_FOUND - - def test_no_namespace_with_default(self): - class FakeResolverMatch: - namespace = None - - scheme = versioning.NamespaceVersioning - view = AllowedAndDefaultVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': 'v2'} - - def test_no_match_without_default(self): - class FakeResolverMatch: - namespace = 'no_match' - - scheme = versioning.NamespaceVersioning - view = AllowedVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_404_NOT_FOUND - - def test_no_match_with_default(self): - class FakeResolverMatch: - namespace = 'no_match' - - scheme = versioning.NamespaceVersioning - view = AllowedAndDefaultVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': 'v2'} - - def test_with_default(self): - class FakeResolverMatch: - namespace = 'v1' - - scheme = versioning.NamespaceVersioning - view = AllowedAndDefaultVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': 'v1'} - - def test_no_match_without_default_but_none_allowed(self): - class FakeResolverMatch: - namespace = 'no_match' - - scheme = versioning.NamespaceVersioning - view = AllowedWithNoneVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': None} - - def test_no_match_with_default_and_none_allowed(self): - class FakeResolverMatch: - namespace = 'no_match' - - scheme = versioning.NamespaceVersioning - view = AllowedWithNoneAndDefaultVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': 'v2'} - - class TestHyperlinkedRelatedField(URLPatternsTestCase, APITestCase): included = [ path('namespaced//', dummy_pk_view, name='namespaced'), From eb361d289deb4bc99ad2ebab9c5f50a92de40339 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 22 Mar 2024 10:52:43 +0000 Subject: [PATCH 11/47] SearchFilter.get_search_terms returns list. (#9338) --- rest_framework/filters.py | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/rest_framework/filters.py b/rest_framework/filters.py index 86effe24e..5742f512e 100644 --- a/rest_framework/filters.py +++ b/rest_framework/filters.py @@ -24,15 +24,19 @@ def search_smart_split(search_terms): """generator that first splits string by spaces, leaving quoted phrases together, then it splits non-quoted phrases by commas. """ + split_terms = [] for term in smart_split(search_terms): # trim commas to avoid bad matching for quoted phrases term = term.strip(',') if term.startswith(('"', "'")) and term[0] == term[-1]: # quoted phrases are kept together without any other split - yield unescape_string_literal(term) + split_terms.append(unescape_string_literal(term)) else: # non-quoted tokens are split by comma, keeping only non-empty ones - yield from (sub_term.strip() for sub_term in term.split(',') if sub_term) + for sub_term in term.split(','): + if sub_term: + split_terms.append(sub_term.strip()) + return split_terms class BaseFilterBackend: @@ -85,7 +89,8 @@ class SearchFilter(BaseFilterBackend): """ value = request.query_params.get(self.search_param, '') field = CharField(trim_whitespace=False, allow_blank=True) - return field.run_validation(value) + cleaned_value = field.run_validation(value) + return search_smart_split(cleaned_value) def construct_search(self, field_name, queryset): lookup = self.lookup_prefixes.get(field_name[0]) @@ -163,7 +168,7 @@ class SearchFilter(BaseFilterBackend): reduce( operator.or_, (models.Q(**{orm_lookup: term}) for orm_lookup in orm_lookups) - ) for term in search_smart_split(search_terms) + ) for term in search_terms ) queryset = queryset.filter(reduce(operator.and_, conditions)) From 328591693d7a3e734ca5a740dddf85e11ccd208f Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 22 Mar 2024 11:47:50 +0000 Subject: [PATCH 12/47] Version 3.15.1 (#9339) * Version 3.15.1 --- docs/community/3.15-announcement.md | 8 -------- docs/community/release-notes.md | 7 +++++++ rest_framework/__init__.py | 2 +- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/docs/community/3.15-announcement.md b/docs/community/3.15-announcement.md index 5bcff6969..848d534b2 100644 --- a/docs/community/3.15-announcement.md +++ b/docs/community/3.15-announcement.md @@ -31,10 +31,6 @@ The current minimum versions of Django still is 3.0 and Python 3.6. `ModelSerializer` generates validators for [UniqueConstraint](https://docs.djangoproject.com/en/4.0/ref/models/constraints/#uniqueconstraint) (both UniqueValidator and UniqueTogetherValidator) -## ValidationErrors improvements - -The `ValidationError` has been aligned with Django's, currently supporting the same style (signature) and nesting. - ## SimpleRouter non-regex matching support By default the URLs created by `SimpleRouter` use regular expressions. This behavior can be modified by setting the `use_regex_path` argument to `False` when instantiating the router. @@ -47,10 +43,6 @@ Dependency on pytz has been removed and deprecation warnings have been added, Dj Searches now may contain _quoted phrases_ with spaces, each phrase is considered as a single search term, and it will raise a validation error if any null-character is provided in search. See the [Filtering API guide](../api-guide/filtering.md) for more information. -## Default values propagation - -Model fields' default values are now propagated to serializer fields, for more information see the [Serializer fields API guide](../api-guide/fields.md#default). - ## Other fixes and improvements There are a number of fixes and minor improvements in this release, ranging from documentation, internal infrastructure (typing, testing, requirements, deprecation, etc.), security and overall behaviour. diff --git a/docs/community/release-notes.md b/docs/community/release-notes.md index 07220ef0f..6da3efb9f 100644 --- a/docs/community/release-notes.md +++ b/docs/community/release-notes.md @@ -36,6 +36,13 @@ You can determine your currently installed version using `pip show`: ## 3.15.x series +### 3.15.1 + +Date: 22nd March 2024 + +* Fix `SearchFilter` handling of quoted and comma separated strings, when `.get_search_terms` is being called into by a custom class. See [[#9338](https://github.com/encode/django-rest-framework/issues/9338)] +* Revert number of 3.15.0 issues which included unintended side-effects. See [[#9331](https://github.com/encode/django-rest-framework/issues/9331)] + ### 3.15.0 Date: 15th March 2024 diff --git a/rest_framework/__init__.py b/rest_framework/__init__.py index 45ff90980..fe2eab04b 100644 --- a/rest_framework/__init__.py +++ b/rest_framework/__init__.py @@ -10,7 +10,7 @@ ______ _____ _____ _____ __ import django __title__ = 'Django REST framework' -__version__ = '3.15.0' +__version__ = '3.15.1' __author__ = 'Tom Christie' __license__ = 'BSD 3-Clause' __copyright__ = 'Copyright 2011-2023 Encode OSS Ltd' From 6df509863d0ec2684e7c2cc13b27686aa87cffb6 Mon Sep 17 00:00:00 2001 From: Bradley Wells Date: Fri, 22 Mar 2024 20:33:00 +0200 Subject: [PATCH 13/47] Add @api_view example to caching documentation (#9131) --- docs/api-guide/caching.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/api-guide/caching.md b/docs/api-guide/caching.md index 503acb09e..d5f7ecb3a 100644 --- a/docs/api-guide/caching.md +++ b/docs/api-guide/caching.md @@ -59,6 +59,31 @@ class PostView(APIView): return Response(content) ``` + +## Using cache with @api_view decorator + +When using @api_view decorator, the Django-provided method-based cache decorators such as [`cache_page`][page], +[`vary_on_cookie`][cookie] and [`vary_on_headers`][headers] can be called directly. + +```python +from django.views.decorators.cache import cache_page +from django.views.decorators.vary import vary_on_cookie + +from rest_framework.decorators import api_view +from rest_framework.response import Response + + +@cache_page(60 * 15) +@vary_on_cookie +@api_view(['GET']) +def get_user_list(request): + content = { + 'user_feed': request.user.get_user_feed() + } + return Response(content) +``` + + **NOTE:** The [`cache_page`][page] decorator only caches the `GET` and `HEAD` responses with status 200. From f4194c4684420ac86485d9610adf760064db381f Mon Sep 17 00:00:00 2001 From: "John-Anthony G. Thevos" Date: Fri, 22 Mar 2024 15:37:20 -0400 Subject: [PATCH 14/47] Update docstring (#9340) --- rest_framework/filters.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/rest_framework/filters.py b/rest_framework/filters.py index 5742f512e..435c30c88 100644 --- a/rest_framework/filters.py +++ b/rest_framework/filters.py @@ -21,9 +21,7 @@ from rest_framework.settings import api_settings def search_smart_split(search_terms): - """generator that first splits string by spaces, leaving quoted phrases together, - then it splits non-quoted phrases by commas. - """ + """Returns sanitized search terms as a list.""" split_terms = [] for term in smart_split(search_terms): # trim commas to avoid bad matching for quoted phrases From 085b7e166ba80aa973645e5249b441f2dbdc0c96 Mon Sep 17 00:00:00 2001 From: "John-Anthony G. Thevos" Date: Wed, 27 Mar 2024 06:39:49 -0400 Subject: [PATCH 15/47] Apply black formatting to caching markdown (#9341) It _looks_ like blacken-docs is failing on this file. Running black locally fails with a failed to reformat. This is because it expects python code, and when it hits the ">", there's invalid python. --- docs/api-guide/caching.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/api-guide/caching.md b/docs/api-guide/caching.md index d5f7ecb3a..c4ab215c8 100644 --- a/docs/api-guide/caching.md +++ b/docs/api-guide/caching.md @@ -75,11 +75,9 @@ from rest_framework.response import Response @cache_page(60 * 15) @vary_on_cookie -@api_view(['GET']) +@api_view(["GET"]) def get_user_list(request): - content = { - 'user_feed': request.user.get_user_feed() - } + content = {"user_feed": request.user.get_user_feed()} return Response(content) ``` From 63063da0820e23ef0edbf92a3031103a6c2ce254 Mon Sep 17 00:00:00 2001 From: Marcelo Galigniana Date: Thu, 4 Apr 2024 04:12:19 -0300 Subject: [PATCH 16/47] Update renderers documentation example (#9362) --- docs/api-guide/renderers.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/api-guide/renderers.md b/docs/api-guide/renderers.md index 44f1b6021..d48f785ab 100644 --- a/docs/api-guide/renderers.md +++ b/docs/api-guide/renderers.md @@ -283,7 +283,7 @@ By default this will include the following keys: `view`, `request`, `response`, The following is an example plaintext renderer that will return a response with the `data` parameter as the content of the response. - from django.utils.encoding import smart_text + from django.utils.encoding import smart_str from rest_framework import renderers @@ -292,7 +292,7 @@ The following is an example plaintext renderer that will return a response with format = 'txt' def render(self, data, accepted_media_type=None, renderer_context=None): - return smart_text(data, encoding=self.charset) + return smart_str(data, encoding=self.charset) ## Setting the character set From 9864c47018238dd9f8477df0e4ab2ef62a24fd2b Mon Sep 17 00:00:00 2001 From: JAEGYUN JUNG Date: Mon, 8 Apr 2024 20:26:02 +0900 Subject: [PATCH 17/47] Removing live examples of tutorial code that are no longer hosted (#9363) * docs: Removing live examples of tutorial code that are no longer hosted * docs: Remove all references to tutorial links --- README.md | 3 --- docs/community/project-management.md | 2 -- docs/index.md | 1 - docs/tutorial/1-serialization.md | 5 ++--- 4 files changed, 2 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 56933a4c8..75d177001 100644 --- a/README.md +++ b/README.md @@ -45,8 +45,6 @@ Some reasons you might want to use REST framework: * Customizable all the way down - just use [regular function-based views][functionview-section] if you don't need the [more][generic-views] [powerful][viewsets] [features][routers]. * [Extensive documentation][docs], and [great community support][group]. -There is a live example API for testing purposes, [available here][sandbox]. - **Below**: *Screenshot from the browsable API* ![Screenshot][image] @@ -188,7 +186,6 @@ Please see the [security policy][security-policy]. [pypi]: https://pypi.org/project/djangorestframework/ [twitter]: https://twitter.com/starletdreaming [group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework -[sandbox]: https://restframework.herokuapp.com/ [funding]: https://fund.django-rest-framework.org/topics/funding/ [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors diff --git a/docs/community/project-management.md b/docs/community/project-management.md index 92132ae7e..8545fe2b7 100644 --- a/docs/community/project-management.md +++ b/docs/community/project-management.md @@ -199,7 +199,6 @@ If `@tomchristie` ceases to participate in the project then `@j4mie` has respons The following issues still need to be addressed: * Ensure `@jamie` has back-up access to the `django-rest-framework.org` domain setup and admin. -* Document ownership of the [live example][sandbox] API. * Document ownership of the [mailing list][mailing-list] and IRC channel. * Document ownership and management of the security mailing list. @@ -208,5 +207,4 @@ The following issues still need to be addressed: [transifex-project]: https://www.transifex.com/projects/p/django-rest-framework/ [transifex-client]: https://pypi.org/project/transifex-client/ [translation-memory]: http://docs.transifex.com/guides/tm#let-tm-automatically-populate-translations -[sandbox]: https://restframework.herokuapp.com/ [mailing-list]: https://groups.google.com/forum/#!forum/django-rest-framework diff --git a/docs/index.md b/docs/index.md index 07d233107..222b28de5 100644 --- a/docs/index.md +++ b/docs/index.md @@ -247,7 +247,6 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. [serializer-section]: api-guide/serializers#serializers [modelserializer-section]: api-guide/serializers#modelserializer [functionview-section]: api-guide/views#function-based-views -[sandbox]: https://restframework.herokuapp.com/ [sponsors]: https://fund.django-rest-framework.org/topics/funding/#our-sponsors [quickstart]: tutorial/quickstart.md diff --git a/docs/tutorial/1-serialization.md b/docs/tutorial/1-serialization.md index 6db3ea282..c86008104 100644 --- a/docs/tutorial/1-serialization.md +++ b/docs/tutorial/1-serialization.md @@ -8,7 +8,7 @@ The tutorial is fairly in-depth, so you should probably get a cookie and a cup o --- -**Note**: The code for this tutorial is available in the [encode/rest-framework-tutorial][repo] repository on GitHub. The completed implementation is also online as a sandbox version for testing, [available here][sandbox]. +**Note**: The code for this tutorial is available in the [encode/rest-framework-tutorial][repo] repository on GitHub. Feel free to clone the repository and see the code in action. --- @@ -307,7 +307,7 @@ Quit out of the shell... Validating models... 0 errors found - Django version 4.0, using settings 'tutorial.settings' + Django version 5.0, using settings 'tutorial.settings' Starting Development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. @@ -371,7 +371,6 @@ We'll see how we can start to improve things in [part 2 of the tutorial][tut-2]. [quickstart]: quickstart.md [repo]: https://github.com/encode/rest-framework-tutorial -[sandbox]: https://restframework.herokuapp.com/ [venv]: https://docs.python.org/3/library/venv.html [tut-2]: 2-requests-and-responses.md [httpie]: https://github.com/httpie/httpie#installation From f4daa98f48f9a25079531058fba4387949a4b54f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Bl=C3=A4ul?= <6819464+gogowitsch@users.noreply.github.com> Date: Fri, 26 Apr 2024 14:18:16 +0200 Subject: [PATCH 18/47] Remove an unnecessary step from quickstart.md (#9387) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since django is a dependency of djangorestframework, we don’t need to install it manually. --- docs/tutorial/quickstart.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/tutorial/quickstart.md b/docs/tutorial/quickstart.md index 7b46a44e6..a140dbce0 100644 --- a/docs/tutorial/quickstart.md +++ b/docs/tutorial/quickstart.md @@ -15,7 +15,6 @@ Create a new Django project named `tutorial`, then start a new app called `quick source env/bin/activate # On Windows use `env\Scripts\activate` # Install Django and Django REST framework into the virtual environment - pip install django pip install djangorestframework # Set up a new project with a single application From 97c5617edcf4189e8f9dca688ce8364992567b72 Mon Sep 17 00:00:00 2001 From: Jakub Szaredko <54867641+Szaroslav@users.noreply.github.com> Date: Sat, 27 Apr 2024 12:57:48 +0200 Subject: [PATCH 19/47] Docs: Add Python 3.12 to the requirements (#9382) --- docs/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 222b28de5..4c5f20c48 100644 --- a/docs/index.md +++ b/docs/index.md @@ -86,7 +86,7 @@ continued development by **[signing up for a paid plan][funding]**. REST framework requires the following: -* Python (3.6, 3.7, 3.8, 3.9, 3.10, 3.11) +* Python (3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12) * Django (3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0) We **highly recommend** and only officially support the latest patch release of From f96c065607e6f4651edaeef5cb75e0b44b324c56 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sat, 27 Apr 2024 11:58:44 +0100 Subject: [PATCH 20/47] Update README.md (#9375) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Drop unnecessary self-serving promo text. (blergh) 😅 --- README.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/README.md b/README.md index 75d177001..cadfd73a5 100644 --- a/README.md +++ b/README.md @@ -172,8 +172,6 @@ Full documentation for the project is available at [https://www.django-rest-fram For questions and support, use the [REST framework discussion group][group], or `#restframework` on libera.chat IRC. -You may also want to [follow the author on Twitter][twitter]. - # Security Please see the [security policy][security-policy]. @@ -184,7 +182,6 @@ Please see the [security policy][security-policy]. [codecov]: https://codecov.io/github/encode/django-rest-framework?branch=master [pypi-version]: https://img.shields.io/pypi/v/djangorestframework.svg [pypi]: https://pypi.org/project/djangorestframework/ -[twitter]: https://twitter.com/starletdreaming [group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework [funding]: https://fund.django-rest-framework.org/topics/funding/ From 7f18ec1b536a90b1fc194ef6140a6dcd8b605051 Mon Sep 17 00:00:00 2001 From: Max Muoto Date: Sat, 27 Apr 2024 06:07:05 -0500 Subject: [PATCH 21/47] Revert "Ensure CursorPagination respects nulls in the ordering field (#8912)" (#9381) This reverts commit b1cec517ff33d633d3ebcf5794a5f0f0583fabe6. --- rest_framework/pagination.py | 16 ++--- tests/test_pagination.py | 134 +---------------------------------- 2 files changed, 8 insertions(+), 142 deletions(-) diff --git a/rest_framework/pagination.py b/rest_framework/pagination.py index 2b20e76af..a543ceeb5 100644 --- a/rest_framework/pagination.py +++ b/rest_framework/pagination.py @@ -11,7 +11,6 @@ from urllib import parse from django.core.paginator import InvalidPage from django.core.paginator import Paginator as DjangoPaginator -from django.db.models import Q from django.template import loader from django.utils.encoding import force_str from django.utils.translation import gettext_lazy as _ @@ -631,7 +630,7 @@ class CursorPagination(BasePagination): queryset = queryset.order_by(*self.ordering) # If we have a cursor with a fixed position then filter by that. - if str(current_position) != 'None': + if current_position is not None: order = self.ordering[0] is_reversed = order.startswith('-') order_attr = order.lstrip('-') @@ -642,12 +641,7 @@ class CursorPagination(BasePagination): else: kwargs = {order_attr + '__gt': current_position} - filter_query = Q(**kwargs) - # If some records contain a null for the ordering field, don't lose them. - # When reverse ordering, nulls will come last and need to be included. - if (reverse and not is_reversed) or is_reversed: - filter_query |= Q(**{order_attr + '__isnull': True}) - queryset = queryset.filter(filter_query) + queryset = queryset.filter(**kwargs) # If we have an offset cursor then offset the entire page by that amount. # We also always fetch an extra item in order to determine if there is a @@ -720,7 +714,7 @@ class CursorPagination(BasePagination): # The item in this position and the item following it # have different positions. We can use this position as # our marker. - has_item_with_unique_position = position is not None + has_item_with_unique_position = True break # The item in this position has the same position as the item @@ -773,7 +767,7 @@ class CursorPagination(BasePagination): # The item in this position and the item following it # have different positions. We can use this position as # our marker. - has_item_with_unique_position = position is not None + has_item_with_unique_position = True break # The item in this position has the same position as the item @@ -896,7 +890,7 @@ class CursorPagination(BasePagination): attr = instance[field_name] else: attr = getattr(instance, field_name) - return None if attr is None else str(attr) + return str(attr) def get_paginated_response(self, data): return Response({ diff --git a/tests/test_pagination.py b/tests/test_pagination.py index 090eb0d81..02d443ade 100644 --- a/tests/test_pagination.py +++ b/tests/test_pagination.py @@ -972,24 +972,17 @@ class TestCursorPagination(CursorPaginationTestsMixin): def __init__(self, items): self.items = items - def filter(self, q): - q_args = dict(q.deconstruct()[1]) - if not q_args: - # django 3.0.x artifact - q_args = dict(q.deconstruct()[2]) - created__gt = q_args.get('created__gt') - created__lt = q_args.get('created__lt') - + def filter(self, created__gt=None, created__lt=None): if created__gt is not None: return MockQuerySet([ item for item in self.items - if item.created is None or item.created > int(created__gt) + if item.created > int(created__gt) ]) assert created__lt is not None return MockQuerySet([ item for item in self.items - if item.created is None or item.created < int(created__lt) + if item.created < int(created__lt) ]) def order_by(self, *ordering): @@ -1108,127 +1101,6 @@ class TestCursorPaginationWithValueQueryset(CursorPaginationTestsMixin, TestCase return (previous, current, next, previous_url, next_url) -class NullableCursorPaginationModel(models.Model): - created = models.IntegerField(null=True) - - -class TestCursorPaginationWithNulls(TestCase): - """ - Unit tests for `pagination.CursorPagination` with ordering on a nullable field. - """ - - def setUp(self): - class ExamplePagination(pagination.CursorPagination): - page_size = 1 - ordering = 'created' - - self.pagination = ExamplePagination() - data = [ - None, None, 3, 4 - ] - for idx in data: - NullableCursorPaginationModel.objects.create(created=idx) - - self.queryset = NullableCursorPaginationModel.objects.all() - - get_pages = TestCursorPagination.get_pages - - def test_ascending(self): - """Test paginating one row at a time, current should go 1, 2, 3, 4, 3, 2, 1.""" - (previous, current, next, previous_url, next_url) = self.get_pages('/') - - assert previous is None - assert current == [None] - assert next == [None] - - (previous, current, next, previous_url, next_url) = self.get_pages(next_url) - - assert previous == [None] - assert current == [None] - assert next == [3] - - (previous, current, next, previous_url, next_url) = self.get_pages(next_url) - - assert previous == [3] # [None] paging artifact documented at https://github.com/ddelange/django-rest-framework/blob/3.14.0/rest_framework/pagination.py#L789 - assert current == [3] - assert next == [4] - - (previous, current, next, previous_url, next_url) = self.get_pages(next_url) - - assert previous == [3] - assert current == [4] - assert next is None - assert next_url is None - - (previous, current, next, previous_url, next_url) = self.get_pages(previous_url) - - assert previous == [None] - assert current == [3] - assert next == [4] - - (previous, current, next, previous_url, next_url) = self.get_pages(previous_url) - - assert previous == [None] - assert current == [None] - assert next == [None] # [3] paging artifact documented at https://github.com/ddelange/django-rest-framework/blob/3.14.0/rest_framework/pagination.py#L731 - - (previous, current, next, previous_url, next_url) = self.get_pages(previous_url) - - assert previous is None - assert current == [None] - assert next == [None] - - def test_descending(self): - """Test paginating one row at a time, current should go 4, 3, 2, 1, 2, 3, 4.""" - self.pagination.ordering = ('-created',) - (previous, current, next, previous_url, next_url) = self.get_pages('/') - - assert previous is None - assert current == [4] - assert next == [3] - - (previous, current, next, previous_url, next_url) = self.get_pages(next_url) - - assert previous == [None] # [4] paging artifact - assert current == [3] - assert next == [None] - - (previous, current, next, previous_url, next_url) = self.get_pages(next_url) - - assert previous == [None] # [3] paging artifact - assert current == [None] - assert next == [None] - - (previous, current, next, previous_url, next_url) = self.get_pages(next_url) - - assert previous == [None] - assert current == [None] - assert next is None - assert next_url is None - - (previous, current, next, previous_url, next_url) = self.get_pages(previous_url) - - assert previous == [3] - assert current == [None] - assert next == [None] - - (previous, current, next, previous_url, next_url) = self.get_pages(previous_url) - - assert previous == [None] - assert current == [3] - assert next == [3] # [4] paging artifact documented at https://github.com/ddelange/django-rest-framework/blob/3.14.0/rest_framework/pagination.py#L731 - - # skip back artifact - (previous, current, next, previous_url, next_url) = self.get_pages(previous_url) - (previous, current, next, previous_url, next_url) = self.get_pages(previous_url) - - (previous, current, next, previous_url, next_url) = self.get_pages(previous_url) - - assert previous is None - assert current == [4] - assert next == [3] - - def test_get_displayed_page_numbers(): """ Test our contextual page display function. From e596f43c4e8183e4639996f95477b71eba3c8d80 Mon Sep 17 00:00:00 2001 From: Terence Honles Date: Sat, 27 Apr 2024 13:15:06 +0200 Subject: [PATCH 22/47] use warnings rather than logging a warning for DecimalField warnings (#9367) --- rest_framework/fields.py | 8 +++----- tests/test_fields.py | 23 ++++++++++++++--------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/rest_framework/fields.py b/rest_framework/fields.py index fda656507..cbc02e2c2 100644 --- a/rest_framework/fields.py +++ b/rest_framework/fields.py @@ -4,9 +4,9 @@ import datetime import decimal import functools import inspect -import logging import re import uuid +import warnings from collections.abc import Mapping from enum import Enum @@ -44,8 +44,6 @@ from rest_framework.utils.formatting import lazy_format from rest_framework.utils.timezone import valid_datetime from rest_framework.validators import ProhibitSurrogateCharactersValidator -logger = logging.getLogger("rest_framework.fields") - class empty: """ @@ -989,9 +987,9 @@ class DecimalField(Field): self.min_value = min_value if self.max_value is not None and not isinstance(self.max_value, decimal.Decimal): - logger.warning("max_value in DecimalField should be Decimal type.") + warnings.warn("max_value should be a Decimal instance.") if self.min_value is not None and not isinstance(self.min_value, decimal.Decimal): - logger.warning("min_value in DecimalField should be Decimal type.") + warnings.warn("min_value should be a Decimal instance.") if self.max_digits is not None and self.decimal_places is not None: self.max_whole_digits = self.max_digits - self.decimal_places diff --git a/tests/test_fields.py b/tests/test_fields.py index 2b6fc56ac..9ac84dd21 100644 --- a/tests/test_fields.py +++ b/tests/test_fields.py @@ -4,6 +4,7 @@ import os import re import sys import uuid +import warnings from decimal import ROUND_DOWN, ROUND_UP, Decimal from enum import auto from unittest.mock import patch @@ -1254,15 +1255,19 @@ class TestMinMaxDecimalField(FieldValues): ) def test_warning_when_not_decimal_types(self, caplog): - import logging - serializers.DecimalField( - max_digits=3, decimal_places=1, - min_value=10, max_value=20 - ) - assert caplog.record_tuples == [ - ("rest_framework.fields", logging.WARNING, "max_value in DecimalField should be Decimal type."), - ("rest_framework.fields", logging.WARNING, "min_value in DecimalField should be Decimal type.") - ] + with warnings.catch_warnings(record=True) as w: + warnings.simplefilter('always') + + serializers.DecimalField( + max_digits=3, decimal_places=1, + min_value=10, max_value=20 + ) + + assert len(w) == 2 + assert all(issubclass(i.category, UserWarning) for i in w) + + assert 'max_value should be a Decimal instance' in str(w[0].message) + assert 'min_value should be a Decimal instance' in str(w[1].message) class TestAllowEmptyStrDecimalFieldWithValidators(FieldValues): From 430de731e7b521e95ca7d5b77a561ffc94d970c5 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 12:13:17 +0200 Subject: [PATCH 23/47] Clean up project management docs --- docs/community/project-management.md | 58 +++------------------------- 1 file changed, 6 insertions(+), 52 deletions(-) diff --git a/docs/community/project-management.md b/docs/community/project-management.md index 8545fe2b7..5fadca7b6 100644 --- a/docs/community/project-management.md +++ b/docs/community/project-management.md @@ -13,55 +13,13 @@ The aim is to ensure that the project has a high ## Maintenance team -We have a quarterly maintenance cycle where new members may join the maintenance team. We currently cap the size of the team at 5 members, and may encourage folks to step out of the team for a cycle to allow new members to participate. +[Participating actively in the REST framework project](contributing.md) **does not require being part of the maintenance team**. Almost every important part of issue triage and project improvement can be actively worked on regardless of your collaborator status on the repository. -#### Current team +#### Composition -The [maintenance team for Q4 2015](https://github.com/encode/django-rest-framework/issues/2190): +The composition of the maintenance team is handled by [@tomchristie](https://github.com/encode/). Team members will be added as collaborators to the repository. -* [@tomchristie](https://github.com/encode/) -* [@xordoquy](https://github.com/xordoquy/) (Release manager.) -* [@carltongibson](https://github.com/carltongibson/) -* [@kevin-brown](https://github.com/kevin-brown/) -* [@jpadilla](https://github.com/jpadilla/) - -#### Maintenance cycles - -Each maintenance cycle is initiated by an issue being opened with the `Process` label. - -* To be considered for a maintainer role simply comment against the issue. -* Existing members must explicitly opt-in to the next cycle by check-marking their name. -* The final decision on the incoming team will be made by `@tomchristie`. - -Members of the maintenance team will be added as collaborators to the repository. - -The following template should be used for the description of the issue, and serves as the formal process for selecting the team. - - This issue is for determining the maintenance team for the *** period. - - Please see the [Project management](https://www.django-rest-framework.org/topics/project-management/) section of our documentation for more details. - - --- - - #### Renewing existing members. - - The following people are the current maintenance team. Please checkmark your name if you wish to continue to have write permission on the repository for the *** period. - - - [ ] @*** - - [ ] @*** - - [ ] @*** - - [ ] @*** - - [ ] @*** - - --- - - #### New members. - - If you wish to be considered for this or a future date, please comment against this or subsequent issues. - - To modify this process for future maintenance cycles make a pull request to the [project management](https://www.django-rest-framework.org/topics/project-management/) documentation. - -#### Responsibilities of team members +#### Responsibilities Team members have the following responsibilities. @@ -78,16 +36,12 @@ Further notes for maintainers: * Each issue/pull request should have exactly one label once triaged. * Search for un-triaged issues with [is:open no:label][un-triaged]. -It should be noted that participating actively in the REST framework project clearly **does not require being part of the maintenance team**. Almost every import part of issue triage and project improvement can be actively worked on regardless of your collaborator status on the repository. - --- ## Release process -The release manager is selected on every quarterly maintenance cycle. - -* The manager should be selected by `@tomchristie`. -* The manager will then have the maintainer role added to PyPI package. +* The release manager is selected by `@tomchristie`. +* The release manager will then have the maintainer role added to PyPI package. * The previous manager will then have the maintainer role removed from the PyPI package. Our PyPI releases will be handled by either the current release manager, or by `@tomchristie`. Every release should have an open issue tagged with the `Release` label and marked against the appropriate milestone. From f642d85be26e0c7b7733a774363528022e769f7f Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 12:13:39 +0200 Subject: [PATCH 24/47] Fix docs typo --- docs/community/project-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/community/project-management.md b/docs/community/project-management.md index 5fadca7b6..4f203e13b 100644 --- a/docs/community/project-management.md +++ b/docs/community/project-management.md @@ -152,7 +152,7 @@ If `@tomchristie` ceases to participate in the project then `@j4mie` has respons The following issues still need to be addressed: -* Ensure `@jamie` has back-up access to the `django-rest-framework.org` domain setup and admin. +* Ensure `@j4mie` has back-up access to the `django-rest-framework.org` domain setup and admin. * Document ownership of the [mailing list][mailing-list] and IRC channel. * Document ownership and management of the security mailing list. From 52bfe20decf2e637cbb4ce848601556999c72bdb Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 15:13:37 +0200 Subject: [PATCH 25/47] Adapt docs to reflect stability-focused contribution policy --- docs/community/contributing.md | 15 ++++++--------- docs/community/release-notes.md | 8 +++++--- docs/index.md | 2 +- docs_theme/css/default.css | 14 ++++++++++++++ mkdocs.yml | 1 + 5 files changed, 27 insertions(+), 13 deletions(-) diff --git a/docs/community/contributing.md b/docs/community/contributing.md index 994226b97..5dea6426d 100644 --- a/docs/community/contributing.md +++ b/docs/community/contributing.md @@ -6,11 +6,9 @@ There are many ways you can contribute to Django REST framework. We'd like it to be a community-led project, so please get involved and help shape the future of the project. ---- +!!! note -**Note**: At this point in it's lifespan we consider Django REST framework to be essentially feature-complete. We may accept pull requests that track the continued development of Django versions, but would prefer not to accept new features or code formatting changes. - ---- + At this point in its lifespan we consider Django REST framework to be feature-complete. We focus on pull requests that track the continued development of Django versions, and generally do not accept new features or code formatting changes. ## Community @@ -36,10 +34,9 @@ Our contribution process is that the [GitHub discussions page](https://github.co Some tips on good potential issue reporting: -* When describing issues try to phrase your ticket in terms of the *behavior* you think needs changing rather than the *code* you think need changing. +* Django REST framework is considered feature-complete. Please do not file requests to change behavior, unless it is required for security reasons or to maintain compatibility with upcoming Django or Python versions. * Search the GitHub project page for related items, and make sure you're running the latest version of REST framework before reporting an issue. -* Feature requests will often be closed with a recommendation that they be implemented outside of the core REST framework library. Keeping new feature requests implemented as third party libraries allows us to keep down the maintenance overhead of REST framework, so that the focus can be on continued stability, bugfixes, and great documentation. At this point in it's lifespan we consider Django REST framework to be essentially feature-complete. -* Closing an issue doesn't necessarily mean the end of a discussion. If you believe your issue has been closed incorrectly, explain why and we'll consider if it needs to be reopened. +* Feature requests will typically be closed with a recommendation that they be implemented outside the core REST framework library (e.g. as third-party libraries). This approach allows us to keep down the maintenance overhead of REST framework, so that the focus can be on continued stability and great documentation. ## Triaging issues @@ -48,8 +45,8 @@ Getting involved in triaging incoming issues is a good way to start contributing * Read through the ticket - does it make sense, is it missing any context that would help explain it better? * Is the ticket reported in the correct place, would it be better suited as a discussion on the discussion group? * If the ticket is a bug report, can you reproduce it? Are you able to write a failing test case that demonstrates the issue and that can be submitted as a pull request? -* If the ticket is a feature request, do you agree with it, and could the feature request instead be implemented as a third party package? -* If a ticket hasn't had much activity and it addresses something you need, then comment on the ticket and try to find out what's needed to get it moving again. +* If the ticket is a feature request, could the feature request instead be implemented as a third party package? +* If a ticket hasn't had much activity and addresses something you need, then comment on the ticket and try to find out what's needed to get it moving again. # Development diff --git a/docs/community/release-notes.md b/docs/community/release-notes.md index 6da3efb9f..f983424da 100644 --- a/docs/community/release-notes.md +++ b/docs/community/release-notes.md @@ -2,11 +2,13 @@ ## Versioning -Minor version numbers (0.0.x) are used for changes that are API compatible. You should be able to upgrade between minor point releases without any other code changes. +- **Minor** version numbers (0.0.x) are used for changes that are API compatible. You should be able to upgrade between minor point releases without any other code changes. -Medium version numbers (0.x.0) may include API changes, in line with the [deprecation policy][deprecation-policy]. You should read the release notes carefully before upgrading between medium point releases. +- **Medium** version numbers (0.x.0) may include API changes, in line with the [deprecation policy][deprecation-policy]. You should read the release notes carefully before upgrading between medium point releases. -Major version numbers (x.0.0) are reserved for substantial project milestones. +- **Major** version numbers (x.0.0) are reserved for substantial project milestones. + +As REST Framework is considered feature-complete, most releases are expected to be minor releases. ## Deprecation policy diff --git a/docs/index.md b/docs/index.md index 4c5f20c48..adc66226e 100644 --- a/docs/index.md +++ b/docs/index.md @@ -184,7 +184,7 @@ Can't wait to get started? The [quickstart guide][quickstart] is the fastest way ## Development See the [Contribution guidelines][contributing] for information on how to clone -the repository, run the test suite and contribute changes back to REST +the repository, run the test suite and help maintain the code base of REST Framework. ## Support diff --git a/docs_theme/css/default.css b/docs_theme/css/default.css index 7006f2a66..dfde26293 100644 --- a/docs_theme/css/default.css +++ b/docs_theme/css/default.css @@ -439,3 +439,17 @@ ul.sponsor { display: inline-block !important; } +/* admonition */ +.admonition { + border: .075rem solid #448aff; + border-radius: .2rem; + margin: 1.5625em 0; + padding: 0 .6rem; +} +.admonition-title { + background: #448aff1a; + font-weight: 700; + margin: 0 -.6rem 1em; + padding: 0.4rem 0.6rem; +} + diff --git a/mkdocs.yml b/mkdocs.yml index 79831fe95..a031dd69b 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -9,6 +9,7 @@ theme: custom_dir: docs_theme markdown_extensions: + - admonition - toc: anchorlink: True From 861b7ac42b2c0f3a82f9c3fc0fd49e2393e52ca3 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 15:27:55 +0200 Subject: [PATCH 26/47] Adapt issue/PR template to better reflect contribution policy --- .github/ISSUE_TEMPLATE/1-issue.md | 9 ++++++++- PULL_REQUEST_TEMPLATE.md | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/1-issue.md b/.github/ISSUE_TEMPLATE/1-issue.md index 0da154953..87fa57a89 100644 --- a/.github/ISSUE_TEMPLATE/1-issue.md +++ b/.github/ISSUE_TEMPLATE/1-issue.md @@ -5,6 +5,13 @@ about: Please only raise an issue if you've been advised to do so after discussi ## Checklist + + - [ ] Raised initially as discussion #... -- [ ] This cannot be dealt with as a third party library. (We prefer new functionality to be [in the form of third party libraries](https://www.django-rest-framework.org/community/third-party-packages/#about-third-party-packages) where possible.) +- [ ] This is not a feature request suitable for implementation outside this project. Please elaborate what it is: + - [ ] compatibility fix for new Django/Python version ... + - [ ] other type of bug fix + - [ ] other type of improvement that does not touch existing code or change existing behavior (e.g. wrapper for new Django field) - [ ] I have reduced the issue to the simplest possible case. diff --git a/PULL_REQUEST_TEMPLATE.md b/PULL_REQUEST_TEMPLATE.md index e9230d5c9..1c6881858 100644 --- a/PULL_REQUEST_TEMPLATE.md +++ b/PULL_REQUEST_TEMPLATE.md @@ -1,4 +1,4 @@ -*Note*: Before submitting this pull request, please review our [contributing guidelines](https://www.django-rest-framework.org/community/contributing/#pull-requests). +*Note*: Before submitting a code change, please review our [contributing guidelines](https://www.django-rest-framework.org/community/contributing/#pull-requests). ## Description From 7900778fbeec79a1994d577ed33e13b0ef2e51f3 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 20:04:12 +0200 Subject: [PATCH 27/47] Remove obsolete sentence from docs --- docs/api-guide/serializers.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/api-guide/serializers.md b/docs/api-guide/serializers.md index 0f355c76d..eae79b62f 100644 --- a/docs/api-guide/serializers.md +++ b/docs/api-guide/serializers.md @@ -845,8 +845,6 @@ Here's an example of how you might choose to implement multiple updates: class Meta: list_serializer_class = BookListSerializer -It is possible that a third party package may be included alongside the 3.1 release that provides some automatic support for multiple update operations, similar to the `allow_add_remove` behavior that was present in REST framework 2. - #### Customizing ListSerializer initialization When a serializer with `many=True` is instantiated, we need to determine which arguments and keyword arguments should be passed to the `.__init__()` method for both the child `Serializer` class, and for the parent `ListSerializer` class. From 91bbac1f673390df32a39f59cede25d7a4577ff0 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 15:48:51 +0200 Subject: [PATCH 28/47] bump mkdocs, no longer need to pin jinja2 Addresses https://github.com/encode/django-rest-framework/security/dependabot/11 --- requirements/requirements-documentation.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/requirements/requirements-documentation.txt b/requirements/requirements-documentation.txt index 25f5121f2..2cf936ef3 100644 --- a/requirements/requirements-documentation.txt +++ b/requirements/requirements-documentation.txt @@ -1,6 +1,5 @@ # MkDocs to build our documentation. -mkdocs==1.2.4 -jinja2>=2.10,<3.1.0 # contextfilter has been renamed +mkdocs==1.6.0 # pylinkvalidator to check for broken links in documentation. pylinkvalidator==0.3 From 1f2daaf53cb1e62080be99ea15986f607a193817 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 16:49:58 +0200 Subject: [PATCH 29/47] Drop support for Django < 4.2 and Python < 3.8 Discussion: https://github.com/encode/django-rest-framework/discussions/8814#discussioncomment-9237791 --- .github/workflows/main.yml | 11 ----------- README.md | 4 ++-- docs/index.md | 4 ++-- setup.py | 13 +++---------- tox.ini | 12 ++---------- 5 files changed, 9 insertions(+), 35 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c3c587cbf..6276dddcd 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -14,8 +14,6 @@ jobs: strategy: matrix: python-version: - - '3.6' - - '3.7' - '3.8' - '3.9' - '3.10' @@ -37,18 +35,9 @@ jobs: - name: Install dependencies run: python -m pip install --upgrade codecov tox - - name: Install tox-py - if: ${{ matrix.python-version == '3.6' }} - run: python -m pip install --upgrade tox-py - - name: Run tox targets for ${{ matrix.python-version }} - if: ${{ matrix.python-version != '3.6' }} run: tox run -f py$(echo ${{ matrix.python-version }} | tr -d .) - - name: Run tox targets for ${{ matrix.python-version }} - if: ${{ matrix.python-version == '3.6' }} - run: tox --py current - - name: Run extra tox targets if: ${{ matrix.python-version == '3.9' }} run: | diff --git a/README.md b/README.md index cadfd73a5..d32fbc331 100644 --- a/README.md +++ b/README.md @@ -53,8 +53,8 @@ Some reasons you might want to use REST framework: # Requirements -* Python 3.6+ -* Django 5.0, 4.2, 4.1, 4.0, 3.2, 3.1, 3.0 +* Python 3.8+ +* Django 5.0, 4.2 We **highly recommend** and only officially support the latest patch release of each Python and Django series. diff --git a/docs/index.md b/docs/index.md index adc66226e..98cbf6a40 100644 --- a/docs/index.md +++ b/docs/index.md @@ -86,8 +86,8 @@ continued development by **[signing up for a paid plan][funding]**. REST framework requires the following: -* Python (3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12) -* Django (3.0, 3.1, 3.2, 4.0, 4.1, 4.2, 5.0) +* Django (4.2, 5.0) +* Python (3.8, 3.9, 3.10, 3.11, 3.12) We **highly recommend** and only officially support the latest patch release of each Python and Django series. diff --git a/setup.py b/setup.py index 40898b6c1..d2cfe877e 100755 --- a/setup.py +++ b/setup.py @@ -8,7 +8,7 @@ from io import open from setuptools import find_packages, setup CURRENT_PYTHON = sys.version_info[:2] -REQUIRED_PYTHON = (3, 6) +REQUIRED_PYTHON = (3, 8) # This check and everything above must remain compatible with Python 2.7. if CURRENT_PYTHON < REQUIRED_PYTHON: @@ -83,18 +83,13 @@ setup( author_email='tom@tomchristie.com', # SEE NOTE BELOW (*) packages=find_packages(exclude=['tests*']), include_package_data=True, - install_requires=["django>=3.0", 'backports.zoneinfo;python_version<"3.9"'], - python_requires=">=3.6", + install_requires=["django>=4.2", 'backports.zoneinfo;python_version<"3.9"'], + python_requires=">=3.8", zip_safe=False, classifiers=[ 'Development Status :: 5 - Production/Stable', 'Environment :: Web Environment', 'Framework :: Django', - 'Framework :: Django :: 3.0', - 'Framework :: Django :: 3.1', - 'Framework :: Django :: 3.2', - 'Framework :: Django :: 4.0', - 'Framework :: Django :: 4.1', 'Framework :: Django :: 4.2', 'Framework :: Django :: 5.0', 'Intended Audience :: Developers', @@ -102,8 +97,6 @@ setup( 'Operating System :: OS Independent', 'Programming Language :: Python', 'Programming Language :: Python :: 3', - 'Programming Language :: Python :: 3.6', - 'Programming Language :: Python :: 3.7', 'Programming Language :: Python :: 3.8', 'Programming Language :: Python :: 3.9', 'Programming Language :: Python :: 3.10', diff --git a/tox.ini b/tox.ini index ffcbd6729..45429371d 100644 --- a/tox.ini +++ b/tox.ini @@ -1,10 +1,7 @@ [tox] envlist = - {py36,py37,py38,py39}-django30 - {py36,py37,py38,py39}-django31 - {py36,py37,py38,py39,py310}-django32 - {py38,py39,py310}-{django40,django41,django42,djangomain} - {py311}-{django41,django42,django50,djangomain} + {py38,py39,py310}-{django42,djangomain} + {py311}-{django42,django50,djangomain} {py312}-{django42,djanggo50,djangomain} base dist @@ -17,11 +14,6 @@ setenv = PYTHONDONTWRITEBYTECODE=1 PYTHONWARNINGS=once deps = - django30: Django>=3.0,<3.1 - django31: Django>=3.1,<3.2 - django32: Django>=3.2,<4.0 - django40: Django>=4.0,<4.1 - django41: Django>=4.1,<4.2 django42: Django>=4.2,<5.0 django50: Django>=5.0,<5.1 djangomain: https://github.com/django/django/archive/main.tar.gz From 82d91a85fffea6a3cab2aa2c8bdd86e5581ccd7a Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 17:16:28 +0200 Subject: [PATCH 30/47] Fix tox config --- tox.ini | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tox.ini b/tox.ini index 45429371d..16cc3f8f4 100644 --- a/tox.ini +++ b/tox.ini @@ -1,8 +1,9 @@ [tox] envlist = - {py38,py39,py310}-{django42,djangomain} + {py38,py39}-{django42} + {py310}-{django42,django50,djangomain} {py311}-{django42,django50,djangomain} - {py312}-{django42,djanggo50,djangomain} + {py312}-{django42,django50,djangomain} base dist docs From d38aab39e49e2c9ba8f06b89b3de1e0ff29c207f Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 16:50:27 +0200 Subject: [PATCH 31/47] Remove unused code --- rest_framework/__init__.py | 6 ------ rest_framework/authtoken/__init__.py | 4 ---- rest_framework/compat.py | 24 --------------------- rest_framework/filters.py | 4 ---- rest_framework/parsers.py | 2 +- rest_framework/renderers.py | 3 ++- rest_framework/request.py | 2 +- rest_framework/test.py | 17 ++------------- rest_framework/utils/mediatypes.py | 2 +- tests/authentication/test_authentication.py | 17 ++++----------- tests/conftest.py | 8 +------ tests/test_model_serializer.py | 10 +++------ tests/test_testing.py | 17 ++++----------- 13 files changed, 19 insertions(+), 97 deletions(-) diff --git a/rest_framework/__init__.py b/rest_framework/__init__.py index fe2eab04b..4bd5bdbda 100644 --- a/rest_framework/__init__.py +++ b/rest_framework/__init__.py @@ -7,8 +7,6 @@ ______ _____ _____ _____ __ \_| \_\____/\____/ \_/ |_| |_| \__,_|_| |_| |_|\___| \_/\_/ \___/|_| |_|\_| """ -import django - __title__ = 'Django REST framework' __version__ = '3.15.1' __author__ = 'Tom Christie' @@ -25,10 +23,6 @@ HTTP_HEADER_ENCODING = 'iso-8859-1' ISO_8601 = 'iso-8601' -if django.VERSION < (3, 2): - default_app_config = 'rest_framework.apps.RestFrameworkConfig' - - class RemovedInDRF315Warning(DeprecationWarning): pass diff --git a/rest_framework/authtoken/__init__.py b/rest_framework/authtoken/__init__.py index 285fe15c6..e69de29bb 100644 --- a/rest_framework/authtoken/__init__.py +++ b/rest_framework/authtoken/__init__.py @@ -1,4 +0,0 @@ -import django - -if django.VERSION < (3, 2): - default_app_config = 'rest_framework.authtoken.apps.AuthTokenConfig' diff --git a/rest_framework/compat.py b/rest_framework/compat.py index afc06b6cb..27c5632be 100644 --- a/rest_framework/compat.py +++ b/rest_framework/compat.py @@ -151,30 +151,6 @@ else: return False -if django.VERSION >= (4, 2): - # Django 4.2+: use the stock parse_header_parameters function - # Note: Django 4.1 also has an implementation of parse_header_parameters - # which is slightly different from the one in 4.2, it needs - # the compatibility shim as well. - from django.utils.http import parse_header_parameters -else: - # Django <= 4.1: create a compatibility shim for parse_header_parameters - from django.http.multipartparser import parse_header - - def parse_header_parameters(line): - # parse_header works with bytes, but parse_header_parameters - # works with strings. Call encode to convert the line to bytes. - main_value_pair, params = parse_header(line.encode()) - return main_value_pair, { - # parse_header will convert *some* values to string. - # parse_header_parameters converts *all* values to string. - # Make sure all values are converted by calling decode on - # any remaining non-string values. - k: v if isinstance(v, str) else v.decode() - for k, v in params.items() - } - - if django.VERSION >= (5, 1): # Django 5.1+: use the stock ip_address_validators function # Note: Before Django 5.1, ip_address_validators returns a tuple containing diff --git a/rest_framework/filters.py b/rest_framework/filters.py index 435c30c88..3f4730da8 100644 --- a/rest_framework/filters.py +++ b/rest_framework/filters.py @@ -114,10 +114,6 @@ class SearchFilter(BaseFilterBackend): if hasattr(field, "path_infos"): # Update opts to follow the relation. opts = field.path_infos[-1].to_opts - # django < 4.1 - elif hasattr(field, 'get_path_info'): - # Update opts to follow the relation. - opts = field.get_path_info()[-1].to_opts # Otherwise, use the field with icontains. lookup = 'icontains' return LOOKUP_SEP.join([field_name, lookup]) diff --git a/rest_framework/parsers.py b/rest_framework/parsers.py index f0fd2b884..0e8e4bcb8 100644 --- a/rest_framework/parsers.py +++ b/rest_framework/parsers.py @@ -15,9 +15,9 @@ from django.http.multipartparser import ChunkIter from django.http.multipartparser import \ MultiPartParser as DjangoMultiPartParser from django.http.multipartparser import MultiPartParserError +from django.utils.http import parse_header_parameters from rest_framework import renderers -from rest_framework.compat import parse_header_parameters from rest_framework.exceptions import ParseError from rest_framework.settings import api_settings from rest_framework.utils import json diff --git a/rest_framework/renderers.py b/rest_framework/renderers.py index db1fdd128..ea73c6657 100644 --- a/rest_framework/renderers.py +++ b/rest_framework/renderers.py @@ -19,12 +19,13 @@ from django.core.paginator import Page from django.template import engines, loader from django.urls import NoReverseMatch from django.utils.html import mark_safe +from django.utils.http import parse_header_parameters from django.utils.safestring import SafeString from rest_framework import VERSION, exceptions, serializers, status from rest_framework.compat import ( INDENT_SEPARATORS, LONG_SEPARATORS, SHORT_SEPARATORS, coreapi, coreschema, - parse_header_parameters, pygments_css, yaml + pygments_css, yaml ) from rest_framework.exceptions import ParseError from rest_framework.request import is_form_media_type, override_method diff --git a/rest_framework/request.py b/rest_framework/request.py index 93109226d..f30578fa2 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -16,9 +16,9 @@ from django.conf import settings from django.http import HttpRequest, QueryDict from django.http.request import RawPostDataException from django.utils.datastructures import MultiValueDict +from django.utils.http import parse_header_parameters from rest_framework import exceptions -from rest_framework.compat import parse_header_parameters from rest_framework.settings import api_settings diff --git a/rest_framework/test.py b/rest_framework/test.py index 04409f962..e939adcd7 100644 --- a/rest_framework/test.py +++ b/rest_framework/test.py @@ -3,7 +3,6 @@ import io from importlib import import_module -import django from django.conf import settings from django.core.exceptions import ImproperlyConfigured from django.core.handlers.wsgi import WSGIHandler @@ -394,19 +393,7 @@ class URLPatternsTestCase(testcases.SimpleTestCase): cls._override.enable() - if django.VERSION > (4, 0): - cls.addClassCleanup(cls._override.disable) - cls.addClassCleanup(cleanup_url_patterns, cls) + cls.addClassCleanup(cls._override.disable) + cls.addClassCleanup(cleanup_url_patterns, cls) super().setUpClass() - - if django.VERSION < (4, 0): - @classmethod - def tearDownClass(cls): - super().tearDownClass() - cls._override.disable() - - if hasattr(cls, '_module_urlpatterns'): - cls._module.urlpatterns = cls._module_urlpatterns - else: - del cls._module.urlpatterns diff --git a/rest_framework/utils/mediatypes.py b/rest_framework/utils/mediatypes.py index b9004d496..8641732f0 100644 --- a/rest_framework/utils/mediatypes.py +++ b/rest_framework/utils/mediatypes.py @@ -3,7 +3,7 @@ Handling of media types, as found in HTTP Content-Type and Accept headers. See https://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7 """ -from rest_framework.compat import parse_header_parameters +from django.utils.http import parse_header_parameters def media_type_matches(lhs, rhs): diff --git a/tests/authentication/test_authentication.py b/tests/authentication/test_authentication.py index 22e837ef4..2f05ce7d1 100644 --- a/tests/authentication/test_authentication.py +++ b/tests/authentication/test_authentication.py @@ -1,6 +1,5 @@ import base64 -import django import pytest from django.conf import settings from django.contrib.auth.models import User @@ -235,21 +234,13 @@ class SessionAuthTests(TestCase): Ensure POSTing form over session authentication with CSRF token succeeds. Regression test for #6088 """ - # Remove this shim when dropping support for Django 3.0. - if django.VERSION < (3, 1): - from django.middleware.csrf import _get_new_csrf_token - else: - from django.middleware.csrf import ( - _get_new_csrf_string, _mask_cipher_secret - ) - - def _get_new_csrf_token(): - return _mask_cipher_secret(_get_new_csrf_string()) - self.csrf_client.login(username=self.username, password=self.password) # Set the csrf_token cookie so that CsrfViewMiddleware._get_token() works - token = _get_new_csrf_token() + from django.middleware.csrf import ( + _get_new_csrf_string, _mask_cipher_secret + ) + token = _mask_cipher_secret(_get_new_csrf_string()) self.csrf_client.cookies[settings.CSRF_COOKIE_NAME] = token # Post the token matching the cookie value diff --git a/tests/conftest.py b/tests/conftest.py index b67475d8a..01914ae77 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -13,8 +13,6 @@ def pytest_addoption(parser): def pytest_configure(config): from django.conf import settings - # USE_L10N is deprecated, and will be removed in Django 5.0. - use_l10n = {"USE_L10N": True} if django.VERSION < (4, 0) else {} settings.configure( DEBUG_PROPAGATE_EXCEPTIONS=True, DATABASES={ @@ -64,7 +62,6 @@ def pytest_configure(config): PASSWORD_HASHERS=( 'django.contrib.auth.hashers.MD5PasswordHasher', ), - **use_l10n, ) # guardian is optional @@ -87,10 +84,7 @@ def pytest_configure(config): import rest_framework settings.STATIC_ROOT = os.path.join(os.path.dirname(rest_framework.__file__), 'static-root') backend = 'django.contrib.staticfiles.storage.ManifestStaticFilesStorage' - if django.VERSION < (4, 2): - settings.STATICFILES_STORAGE = backend - else: - settings.STORAGES['staticfiles']['BACKEND'] = backend + settings.STORAGES['staticfiles']['BACKEND'] = backend django.setup() diff --git a/tests/test_model_serializer.py b/tests/test_model_serializer.py index d69f1652d..ae1a2b0fa 100644 --- a/tests/test_model_serializer.py +++ b/tests/test_model_serializer.py @@ -12,7 +12,6 @@ import re import sys import tempfile -import django import pytest from django.core.exceptions import ImproperlyConfigured from django.core.serializers.json import DjangoJSONEncoder @@ -453,14 +452,11 @@ class TestPosgresFieldsMapping(TestCase): model = ArrayFieldModel fields = ['array_field', 'array_field_with_blank'] - validators = "" - if django.VERSION < (4, 1): - validators = ", validators=[]" expected = dedent(""" TestSerializer(): - array_field = ListField(allow_empty=False, child=CharField(label='Array field'%s)) - array_field_with_blank = ListField(child=CharField(label='Array field with blank'%s), required=False) - """ % (validators, validators)) + array_field = ListField(allow_empty=False, child=CharField(label='Array field')) + array_field_with_blank = ListField(child=CharField(label='Array field with blank'), required=False) + """) self.assertEqual(repr(TestSerializer()), expected) @pytest.mark.skipif(hasattr(models, 'JSONField'), reason='has models.JSONField') diff --git a/tests/test_testing.py b/tests/test_testing.py index 196319a29..7c2a09fae 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -2,7 +2,6 @@ import itertools from io import BytesIO from unittest.mock import patch -import django from django.contrib.auth.models import User from django.http import HttpResponseRedirect from django.shortcuts import redirect @@ -334,18 +333,10 @@ class TestUrlPatternTestCase(URLPatternsTestCase): super().setUpClass() assert urlpatterns is cls.urlpatterns - if django.VERSION > (4, 0): - cls.addClassCleanup( - check_urlpatterns, - cls - ) - - if django.VERSION < (4, 0): - @classmethod - def tearDownClass(cls): - assert urlpatterns is cls.urlpatterns - super().tearDownClass() - assert urlpatterns is not cls.urlpatterns + cls.addClassCleanup( + check_urlpatterns, + cls + ) def test_urlpatterns(self): assert self.client.get('/').status_code == 200 From d58b8da591120abedc94c1b71576cb9afb2d7868 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 16:50:40 +0200 Subject: [PATCH 32/47] Update deprecation hints --- rest_framework/__init__.py | 2 +- rest_framework/schemas/openapi.py | 6 +++--- tests/test_fields.py | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rest_framework/__init__.py b/rest_framework/__init__.py index 4bd5bdbda..bc16b221b 100644 --- a/rest_framework/__init__.py +++ b/rest_framework/__init__.py @@ -23,7 +23,7 @@ HTTP_HEADER_ENCODING = 'iso-8859-1' ISO_8601 = 'iso-8601' -class RemovedInDRF315Warning(DeprecationWarning): +class RemovedInDRF316Warning(DeprecationWarning): pass diff --git a/rest_framework/schemas/openapi.py b/rest_framework/schemas/openapi.py index 38031e646..f35106fe5 100644 --- a/rest_framework/schemas/openapi.py +++ b/rest_framework/schemas/openapi.py @@ -12,7 +12,7 @@ from django.db import models from django.utils.encoding import force_str from rest_framework import ( - RemovedInDRF315Warning, exceptions, renderers, serializers + RemovedInDRF316Warning, exceptions, renderers, serializers ) from rest_framework.compat import inflection, uritemplate from rest_framework.fields import _UnvalidatedField, empty @@ -725,7 +725,7 @@ class AutoSchema(ViewInspector): def _get_reference(self, serializer): warnings.warn( "Method `_get_reference()` has been renamed to `get_reference()`. " - "The old name will be removed in DRF v3.15.", - RemovedInDRF315Warning, stacklevel=2 + "The old name will be removed in DRF v3.16.", + RemovedInDRF316Warning, stacklevel=2 ) return self.get_reference(serializer) diff --git a/tests/test_fields.py b/tests/test_fields.py index 9ac84dd21..430681763 100644 --- a/tests/test_fields.py +++ b/tests/test_fields.py @@ -1633,7 +1633,7 @@ class TestCustomTimezoneForDateTimeField(TestCase): assert rendered_date == rendered_date_in_timezone -@pytest.mark.skipif(pytz is None, reason="As Django 4.0 has deprecated pytz, this test should eventually be able to get removed.") +@pytest.mark.skipif(pytz is None, reason="Django 5.0 has removed pytz; this test should eventually be able to get removed.") class TestPytzNaiveDayLightSavingTimeTimeZoneDateTimeField(FieldValues): """ Invalid values for `DateTimeField` with datetime in DST shift (non-existing or ambiguous) and timezone with DST. From 22377241a89c8233b45441b5adde5b858edef371 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 16:01:11 +0200 Subject: [PATCH 33/47] bump pygments (security hygiene) Addresses https://github.com/encode/django-rest-framework/security/dependabot/9 --- requirements/requirements-optionals.txt | 2 +- tests/test_description.py | 2 +- tests/test_renderers.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements/requirements-optionals.txt b/requirements/requirements-optionals.txt index e54100f52..bac597c95 100644 --- a/requirements/requirements-optionals.txt +++ b/requirements/requirements-optionals.txt @@ -6,5 +6,5 @@ django-guardian>=2.4.0,<2.5 inflection==0.5.1 markdown>=3.3.7 psycopg2-binary>=2.9.5,<2.10 -pygments>=2.12.0,<2.14.0 +pygments~=2.17.0 pyyaml>=5.3.1,<5.4 diff --git a/tests/test_description.py b/tests/test_description.py index ecc6b9776..93539a838 100644 --- a/tests/test_description.py +++ b/tests/test_description.py @@ -41,7 +41,7 @@ MARKDOWN_DOCSTRING = """

an example docstring

indented

hash style header

-
[{
    "alpha": 1,
    "beta": "this is a string"
}]
+
[{
    "alpha": 1,
    "beta": "this is a string"
}]


""" diff --git a/tests/test_renderers.py b/tests/test_renderers.py index 247737576..d04ff300f 100644 --- a/tests/test_renderers.py +++ b/tests/test_renderers.py @@ -910,7 +910,7 @@ class TestDocumentationRenderer(TestCase): 'link': coreapi.Link(url='/data/', action='get', fields=[]), } html = template.render(context) - assert 'testcases list' in html + assert 'testcases list' in html @pytest.mark.skipif(not coreapi, reason='coreapi is not installed') From ab681f2d5e4a9645aa68eabf1ff18e41d0d5f642 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 17:09:08 +0200 Subject: [PATCH 34/47] Update requirements in docs --- docs/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/index.md b/docs/index.md index 98cbf6a40..864c1d072 100644 --- a/docs/index.md +++ b/docs/index.md @@ -95,8 +95,8 @@ each Python and Django series. The following packages are optional: * [PyYAML][pyyaml], [uritemplate][uriteemplate] (5.1+, 3.0.0+) - Schema generation support. -* [Markdown][markdown] (3.0.0+) - Markdown support for the browsable API. -* [Pygments][pygments] (2.4.0+) - Add syntax highlighting to Markdown processing. +* [Markdown][markdown] (3.3.0+) - Markdown support for the browsable API. +* [Pygments][pygments] (2.7.0+) - Add syntax highlighting to Markdown processing. * [django-filter][django-filter] (1.0.1+) - Filtering support. * [django-guardian][django-guardian] (1.1.1+) - Object level permissions support. From b34bde47d7fff403df4143a35c71975d7c2e7763 Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 18:02:19 +0200 Subject: [PATCH 35/47] Fix typo in setup.cfg setting --- setup.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.cfg b/setup.cfg index e7e288816..459238836 100644 --- a/setup.cfg +++ b/setup.cfg @@ -3,7 +3,7 @@ license_files = LICENSE.md [tool:pytest] addopts=--tb=short --strict-markers -ra -testspath = tests +testpaths = tests filterwarnings = ignore:CoreAPI compatibility is deprecated*:rest_framework.RemovedInDRF317Warning [flake8] From 9d4ed054bf8acfac6209b7e7f837fc97517affcc Mon Sep 17 00:00:00 2001 From: Peter Thomassen Date: Fri, 26 Apr 2024 18:05:13 +0200 Subject: [PATCH 36/47] Don't use Windows line endings --- docs/community/funding.md | 796 +++++++++++++++++----------------- docs/topics/html-and-forms.md | 440 +++++++++---------- tests/test_description.py | 310 ++++++------- 3 files changed, 773 insertions(+), 773 deletions(-) diff --git a/docs/community/funding.md b/docs/community/funding.md index 951833682..10e09bf71 100644 --- a/docs/community/funding.md +++ b/docs/community/funding.md @@ -1,398 +1,398 @@ - - - - -# Funding - -If you use REST framework commercially we strongly encourage you to invest in its continued development by signing up for a paid plan. - -**We believe that collaboratively funded software can offer outstanding returns on investment, by encouraging our users to collectively share the cost of development.** - -Signing up for a paid plan will: - -* Directly contribute to faster releases, more features, and higher quality software. -* Allow more time to be invested in documentation, issue triage, and community support. -* Safeguard the future development of REST framework. - -REST framework continues to be open-source and permissively licensed, but we firmly believe it is in the commercial best-interest for users of the project to invest in its ongoing development. - ---- - -## What funding has enabled so far - -* The [3.4](https://www.django-rest-framework.org/community/3.4-announcement/) and [3.5](https://www.django-rest-framework.org/community/3.5-announcement/) releases, including schema generation for both Swagger and RAML, a Python client library, a Command Line client, and addressing of a large number of outstanding issues. -* The [3.6](https://www.django-rest-framework.org/community/3.6-announcement/) release, including JavaScript client library, and API documentation, complete with auto-generated code samples. -* The [3.7 release](https://www.django-rest-framework.org/community/3.7-announcement/), made possible due to our collaborative funding model, focuses on improvements to schema generation and the interactive API documentation. -* The recent [3.8 release](https://www.django-rest-framework.org/community/3.8-announcement/). -* Tom Christie, the creator of Django REST framework, working on the project full-time. -* Around 80-90 issues and pull requests closed per month since Tom Christie started working on the project full-time. -* A community & operations manager position part-time for 4 months, helping mature the business and grow sponsorship. -* Contracting development time for the work on the JavaScript client library and API documentation tooling. - ---- - -## What future funding will enable - -* Realtime API support, using WebSockets. This will consist of documentation and support for using REST framework together with Django Channels, plus integrating WebSocket support into the client libraries. -* Better authentication defaults, possibly bringing JWT & CORS support into the core package. -* Securing the community & operations manager position long-term. -* Opening up and securing a part-time position to focus on ticket triage and resolution. -* Paying for development time on building API client libraries in a range of programming languages. These would be integrated directly into the upcoming API documentation. - -Sign up for a paid plan today, and help ensure that REST framework becomes a sustainable, full-time funded project. - ---- - -## What our sponsors and users say - -> As a developer, Django REST framework feels like an obvious and natural extension to all the great things that make up Django and it's community. Getting started is easy while providing simple abstractions which makes it flexible and customizable. Contributing and supporting Django REST framework helps ensure its future and one way or another it also helps Django, and the Python ecosystem. -> -> — José Padilla, Django REST framework contributor - -  - -> The number one feature of the Python programming language is its community. Such a community is only possible because of the Open Source nature of the language and all the culture that comes from it. Building great Open Source projects require great minds. Given that, we at Vinta are not only proud to sponsor the team behind DRF but we also recognize the ROI that comes from it. -> -> — Filipe Ximenes, Vinta Software - -  - -> It's really awesome that this project continues to endure. The code base is top notch and the maintainers are committed to the highest level of quality. -DRF is one of the core reasons why Django is top choice among web frameworks today. In my opinion, it sets the standard for rest frameworks for the development community at large. -> -> — Andrew Conti, Django REST framework user - ---- - -## Individual plan - -This subscription is recommended for individuals with an interest in seeing REST framework continue to improve. - -If you are using REST framework as a full-time employee, consider recommending that your company takes out a [corporate plan](#corporate-plans). - -
-
-
-
- {{ symbol }} - {{ rates.personal1 }} - /month{% if vat %} +VAT{% endif %} -
-
Individual
-
-
- Support ongoing development -
-
- Credited on the site -
-
- -
-
-
-
- -*Billing is monthly and you can cancel at any time.* - ---- - -## Corporate plans - -These subscriptions are recommended for companies and organizations using REST framework either publicly or privately. - -In exchange for funding you'll also receive advertising space on our site, allowing you to **promote your company or product to many tens of thousands of developers worldwide**. - -Our professional and premium plans also include **priority support**. At any time your engineers can escalate an issue or discussion group thread, and we'll ensure it gets a guaranteed response within the next working day. - -
-
-
-
- {{ symbol }} - {{ rates.corporate1 }} - /month{% if vat %} +VAT{% endif %} -
-
Basic
-
-
- Support ongoing development -
-
- Funding page ad placement -
-
- -
-
-
-
-
- {{ symbol }} - {{ rates.corporate2 }} - /month{% if vat %} +VAT{% endif %} -
-
Professional
-
-
- Support ongoing development -
-
- Sidebar ad placement -
-
- Priority support for your engineers -
-
- -
-
-
-
-
- {{ symbol }} - {{ rates.corporate3 }} - /month{% if vat %} +VAT{% endif %} -
-
Premium
-
-
- Support ongoing development -
-
- Homepage ad placement -
-
- Sidebar ad placement -
-
- Priority support for your engineers -
-
- -
-
-
- -
- -*Billing is monthly and you can cancel at any time.* - -Once you've signed up, we will contact you via email and arrange your ad placements on the site. - -For further enquires please contact funding@django-rest-framework.org. - ---- - -## Accountability - -In an effort to keep the project as transparent as possible, we are releasing [monthly progress reports](https://www.encode.io/reports/march-2018/) and regularly include financial reports and cost breakdowns. - - - - -
-
-
-

Stay up to date, with our monthly progress reports...

-
- - -
-
- - -
- -
-
-
-
- - - ---- - -## Frequently asked questions - -**Q: Can you issue monthly invoices?** -A: Yes, we are happy to issue monthly invoices. Please just email us and let us know who to issue the invoice to (name and address) and which email address to send it to each month. - -**Q: Does sponsorship include VAT?** -A: Sponsorship is VAT exempt. - -**Q: Do I have to sign up for a certain time period?** -A: No, we appreciate your support for any time period that is convenient for you. Also, you can cancel your sponsorship anytime. - -**Q: Can I pay yearly? Can I pay upfront fox X amount of months at a time?** -A: We are currently only set up to accept monthly payments. However, if you'd like to support Django REST framework and you can only do yearly/upfront payments, we are happy to work with you and figure out a convenient solution. - -**Q: Are you only looking for corporate sponsors?** -A: No, we value individual sponsors just as much as corporate sponsors and appreciate any kind of support. - ---- - -## Our sponsors - -
- - + + + + +# Funding + +If you use REST framework commercially we strongly encourage you to invest in its continued development by signing up for a paid plan. + +**We believe that collaboratively funded software can offer outstanding returns on investment, by encouraging our users to collectively share the cost of development.** + +Signing up for a paid plan will: + +* Directly contribute to faster releases, more features, and higher quality software. +* Allow more time to be invested in documentation, issue triage, and community support. +* Safeguard the future development of REST framework. + +REST framework continues to be open-source and permissively licensed, but we firmly believe it is in the commercial best-interest for users of the project to invest in its ongoing development. + +--- + +## What funding has enabled so far + +* The [3.4](https://www.django-rest-framework.org/community/3.4-announcement/) and [3.5](https://www.django-rest-framework.org/community/3.5-announcement/) releases, including schema generation for both Swagger and RAML, a Python client library, a Command Line client, and addressing of a large number of outstanding issues. +* The [3.6](https://www.django-rest-framework.org/community/3.6-announcement/) release, including JavaScript client library, and API documentation, complete with auto-generated code samples. +* The [3.7 release](https://www.django-rest-framework.org/community/3.7-announcement/), made possible due to our collaborative funding model, focuses on improvements to schema generation and the interactive API documentation. +* The recent [3.8 release](https://www.django-rest-framework.org/community/3.8-announcement/). +* Tom Christie, the creator of Django REST framework, working on the project full-time. +* Around 80-90 issues and pull requests closed per month since Tom Christie started working on the project full-time. +* A community & operations manager position part-time for 4 months, helping mature the business and grow sponsorship. +* Contracting development time for the work on the JavaScript client library and API documentation tooling. + +--- + +## What future funding will enable + +* Realtime API support, using WebSockets. This will consist of documentation and support for using REST framework together with Django Channels, plus integrating WebSocket support into the client libraries. +* Better authentication defaults, possibly bringing JWT & CORS support into the core package. +* Securing the community & operations manager position long-term. +* Opening up and securing a part-time position to focus on ticket triage and resolution. +* Paying for development time on building API client libraries in a range of programming languages. These would be integrated directly into the upcoming API documentation. + +Sign up for a paid plan today, and help ensure that REST framework becomes a sustainable, full-time funded project. + +--- + +## What our sponsors and users say + +> As a developer, Django REST framework feels like an obvious and natural extension to all the great things that make up Django and it's community. Getting started is easy while providing simple abstractions which makes it flexible and customizable. Contributing and supporting Django REST framework helps ensure its future and one way or another it also helps Django, and the Python ecosystem. +> +> — José Padilla, Django REST framework contributor + +  + +> The number one feature of the Python programming language is its community. Such a community is only possible because of the Open Source nature of the language and all the culture that comes from it. Building great Open Source projects require great minds. Given that, we at Vinta are not only proud to sponsor the team behind DRF but we also recognize the ROI that comes from it. +> +> — Filipe Ximenes, Vinta Software + +  + +> It's really awesome that this project continues to endure. The code base is top notch and the maintainers are committed to the highest level of quality. +DRF is one of the core reasons why Django is top choice among web frameworks today. In my opinion, it sets the standard for rest frameworks for the development community at large. +> +> — Andrew Conti, Django REST framework user + +--- + +## Individual plan + +This subscription is recommended for individuals with an interest in seeing REST framework continue to improve. + +If you are using REST framework as a full-time employee, consider recommending that your company takes out a [corporate plan](#corporate-plans). + +
+
+
+
+ {{ symbol }} + {{ rates.personal1 }} + /month{% if vat %} +VAT{% endif %} +
+
Individual
+
+
+ Support ongoing development +
+
+ Credited on the site +
+
+ +
+
+
+
+ +*Billing is monthly and you can cancel at any time.* + +--- + +## Corporate plans + +These subscriptions are recommended for companies and organizations using REST framework either publicly or privately. + +In exchange for funding you'll also receive advertising space on our site, allowing you to **promote your company or product to many tens of thousands of developers worldwide**. + +Our professional and premium plans also include **priority support**. At any time your engineers can escalate an issue or discussion group thread, and we'll ensure it gets a guaranteed response within the next working day. + +
+
+
+
+ {{ symbol }} + {{ rates.corporate1 }} + /month{% if vat %} +VAT{% endif %} +
+
Basic
+
+
+ Support ongoing development +
+
+ Funding page ad placement +
+
+ +
+
+
+
+
+ {{ symbol }} + {{ rates.corporate2 }} + /month{% if vat %} +VAT{% endif %} +
+
Professional
+
+
+ Support ongoing development +
+
+ Sidebar ad placement +
+
+ Priority support for your engineers +
+
+ +
+
+
+
+
+ {{ symbol }} + {{ rates.corporate3 }} + /month{% if vat %} +VAT{% endif %} +
+
Premium
+
+
+ Support ongoing development +
+
+ Homepage ad placement +
+
+ Sidebar ad placement +
+
+ Priority support for your engineers +
+
+ +
+
+
+ +
+ +*Billing is monthly and you can cancel at any time.* + +Once you've signed up, we will contact you via email and arrange your ad placements on the site. + +For further enquires please contact funding@django-rest-framework.org. + +--- + +## Accountability + +In an effort to keep the project as transparent as possible, we are releasing [monthly progress reports](https://www.encode.io/reports/march-2018/) and regularly include financial reports and cost breakdowns. + + + + +
+
+
+

Stay up to date, with our monthly progress reports...

+
+ + +
+
+ + +
+ +
+
+
+
+ + + +--- + +## Frequently asked questions + +**Q: Can you issue monthly invoices?** +A: Yes, we are happy to issue monthly invoices. Please just email us and let us know who to issue the invoice to (name and address) and which email address to send it to each month. + +**Q: Does sponsorship include VAT?** +A: Sponsorship is VAT exempt. + +**Q: Do I have to sign up for a certain time period?** +A: No, we appreciate your support for any time period that is convenient for you. Also, you can cancel your sponsorship anytime. + +**Q: Can I pay yearly? Can I pay upfront fox X amount of months at a time?** +A: We are currently only set up to accept monthly payments. However, if you'd like to support Django REST framework and you can only do yearly/upfront payments, we are happy to work with you and figure out a convenient solution. + +**Q: Are you only looking for corporate sponsors?** +A: No, we value individual sponsors just as much as corporate sponsors and appreciate any kind of support. + +--- + +## Our sponsors + +
+ + diff --git a/docs/topics/html-and-forms.md b/docs/topics/html-and-forms.md index 17c9e3314..c7e51c152 100644 --- a/docs/topics/html-and-forms.md +++ b/docs/topics/html-and-forms.md @@ -1,220 +1,220 @@ -# HTML & Forms - -REST framework is suitable for returning both API style responses, and regular HTML pages. Additionally, serializers can be used as HTML forms and rendered in templates. - -## Rendering HTML - -In order to return HTML responses you'll need to use either `TemplateHTMLRenderer`, or `StaticHTMLRenderer`. - -The `TemplateHTMLRenderer` class expects the response to contain a dictionary of context data, and renders an HTML page based on a template that must be specified either in the view or on the response. - -The `StaticHTMLRender` class expects the response to contain a string of the pre-rendered HTML content. - -Because static HTML pages typically have different behavior from API responses you'll probably need to write any HTML views explicitly, rather than relying on the built-in generic views. - -Here's an example of a view that returns a list of "Profile" instances, rendered in an HTML template: - -**views.py**: - - from my_project.example.models import Profile - from rest_framework.renderers import TemplateHTMLRenderer - from rest_framework.response import Response - from rest_framework.views import APIView - - - class ProfileList(APIView): - renderer_classes = [TemplateHTMLRenderer] - template_name = 'profile_list.html' - - def get(self, request): - queryset = Profile.objects.all() - return Response({'profiles': queryset}) - -**profile_list.html**: - - -

Profiles

-
    - {% for profile in profiles %} -
  • {{ profile.name }}
    • - {% endfor %} -
- - -## Rendering Forms - -Serializers may be rendered as forms by using the `render_form` template tag, and including the serializer instance as context to the template. - -The following view demonstrates an example of using a serializer in a template for viewing and updating a model instance: - -**views.py**: - - from django.shortcuts import get_object_or_404 - from my_project.example.models import Profile - from rest_framework.renderers import TemplateHTMLRenderer - from rest_framework.views import APIView - - - class ProfileDetail(APIView): - renderer_classes = [TemplateHTMLRenderer] - template_name = 'profile_detail.html' - - def get(self, request, pk): - profile = get_object_or_404(Profile, pk=pk) - serializer = ProfileSerializer(profile) - return Response({'serializer': serializer, 'profile': profile}) - - def post(self, request, pk): - profile = get_object_or_404(Profile, pk=pk) - serializer = ProfileSerializer(profile, data=request.data) - if not serializer.is_valid(): - return Response({'serializer': serializer, 'profile': profile}) - serializer.save() - return redirect('profile-list') - -**profile_detail.html**: - - {% load rest_framework %} - - - -

Profile - {{ profile.name }}

- -
- {% csrf_token %} - {% render_form serializer %} - -
- - - -### Using template packs - -The `render_form` tag takes an optional `template_pack` argument, that specifies which template directory should be used for rendering the form and form fields. - -REST framework includes three built-in template packs, all based on Bootstrap 3. The built-in styles are `horizontal`, `vertical`, and `inline`. The default style is `horizontal`. To use any of these template packs you'll want to also include the Bootstrap 3 CSS. - -The following HTML will link to a CDN hosted version of the Bootstrap 3 CSS: - - - … - - - -Third party packages may include alternate template packs, by bundling a template directory containing the necessary form and field templates. - -Let's take a look at how to render each of the three available template packs. For these examples we'll use a single serializer class to present a "Login" form. - - class LoginSerializer(serializers.Serializer): - email = serializers.EmailField( - max_length=100, - style={'placeholder': 'Email', 'autofocus': True} - ) - password = serializers.CharField( - max_length=100, - style={'input_type': 'password', 'placeholder': 'Password'} - ) - remember_me = serializers.BooleanField() - ---- - -#### `rest_framework/vertical` - -Presents form labels above their corresponding control inputs, using the standard Bootstrap layout. - -*This is the default template pack.* - - {% load rest_framework %} - - ... - -
- {% csrf_token %} - {% render_form serializer template_pack='rest_framework/vertical' %} - -
- -![Vertical form example](../img/vertical.png) - ---- - -#### `rest_framework/horizontal` - -Presents labels and controls alongside each other, using a 2/10 column split. - -*This is the form style used in the browsable API and admin renderers.* - - {% load rest_framework %} - - ... - -
- {% csrf_token %} - {% render_form serializer %} -
-
- -
-
-
- -![Horizontal form example](../img/horizontal.png) - ---- - -#### `rest_framework/inline` - -A compact form style that presents all the controls inline. - - {% load rest_framework %} - - ... - -
- {% csrf_token %} - {% render_form serializer template_pack='rest_framework/inline' %} - -
- -![Inline form example](../img/inline.png) - -## Field styles - -Serializer fields can have their rendering style customized by using the `style` keyword argument. This argument is a dictionary of options that control the template and layout used. - -The most common way to customize the field style is to use the `base_template` style keyword argument to select which template in the template pack should be use. - -For example, to render a `CharField` as an HTML textarea rather than the default HTML input, you would use something like this: - - details = serializers.CharField( - max_length=1000, - style={'base_template': 'textarea.html'} - ) - -If you instead want a field to be rendered using a custom template that is *not part of an included template pack*, you can instead use the `template` style option, to fully specify a template name: - - details = serializers.CharField( - max_length=1000, - style={'template': 'my-field-templates/custom-input.html'} - ) - -Field templates can also use additional style properties, depending on their type. For example, the `textarea.html` template also accepts a `rows` property that can be used to affect the sizing of the control. - - details = serializers.CharField( - max_length=1000, - style={'base_template': 'textarea.html', 'rows': 10} - ) - -The complete list of `base_template` options and their associated style options is listed below. - -base_template | Valid field types | Additional style options ------------------------|-------------------------------------------------------------|----------------------------------------------- -input.html | Any string, numeric or date/time field | input_type, placeholder, hide_label, autofocus -textarea.html | `CharField` | rows, placeholder, hide_label -select.html | `ChoiceField` or relational field types | hide_label -radio.html | `ChoiceField` or relational field types | inline, hide_label -select_multiple.html | `MultipleChoiceField` or relational fields with `many=True` | hide_label -checkbox_multiple.html | `MultipleChoiceField` or relational fields with `many=True` | inline, hide_label -checkbox.html | `BooleanField` | hide_label -fieldset.html | Nested serializer | hide_label -list_fieldset.html | `ListField` or nested serializer with `many=True` | hide_label +# HTML & Forms + +REST framework is suitable for returning both API style responses, and regular HTML pages. Additionally, serializers can be used as HTML forms and rendered in templates. + +## Rendering HTML + +In order to return HTML responses you'll need to use either `TemplateHTMLRenderer`, or `StaticHTMLRenderer`. + +The `TemplateHTMLRenderer` class expects the response to contain a dictionary of context data, and renders an HTML page based on a template that must be specified either in the view or on the response. + +The `StaticHTMLRender` class expects the response to contain a string of the pre-rendered HTML content. + +Because static HTML pages typically have different behavior from API responses you'll probably need to write any HTML views explicitly, rather than relying on the built-in generic views. + +Here's an example of a view that returns a list of "Profile" instances, rendered in an HTML template: + +**views.py**: + + from my_project.example.models import Profile + from rest_framework.renderers import TemplateHTMLRenderer + from rest_framework.response import Response + from rest_framework.views import APIView + + + class ProfileList(APIView): + renderer_classes = [TemplateHTMLRenderer] + template_name = 'profile_list.html' + + def get(self, request): + queryset = Profile.objects.all() + return Response({'profiles': queryset}) + +**profile_list.html**: + + +

Profiles

+
    + {% for profile in profiles %} +
  • {{ profile.name }}
    • + {% endfor %} +
+ + +## Rendering Forms + +Serializers may be rendered as forms by using the `render_form` template tag, and including the serializer instance as context to the template. + +The following view demonstrates an example of using a serializer in a template for viewing and updating a model instance: + +**views.py**: + + from django.shortcuts import get_object_or_404 + from my_project.example.models import Profile + from rest_framework.renderers import TemplateHTMLRenderer + from rest_framework.views import APIView + + + class ProfileDetail(APIView): + renderer_classes = [TemplateHTMLRenderer] + template_name = 'profile_detail.html' + + def get(self, request, pk): + profile = get_object_or_404(Profile, pk=pk) + serializer = ProfileSerializer(profile) + return Response({'serializer': serializer, 'profile': profile}) + + def post(self, request, pk): + profile = get_object_or_404(Profile, pk=pk) + serializer = ProfileSerializer(profile, data=request.data) + if not serializer.is_valid(): + return Response({'serializer': serializer, 'profile': profile}) + serializer.save() + return redirect('profile-list') + +**profile_detail.html**: + + {% load rest_framework %} + + + +

Profile - {{ profile.name }}

+ +
+ {% csrf_token %} + {% render_form serializer %} + +
+ + + +### Using template packs + +The `render_form` tag takes an optional `template_pack` argument, that specifies which template directory should be used for rendering the form and form fields. + +REST framework includes three built-in template packs, all based on Bootstrap 3. The built-in styles are `horizontal`, `vertical`, and `inline`. The default style is `horizontal`. To use any of these template packs you'll want to also include the Bootstrap 3 CSS. + +The following HTML will link to a CDN hosted version of the Bootstrap 3 CSS: + + + … + + + +Third party packages may include alternate template packs, by bundling a template directory containing the necessary form and field templates. + +Let's take a look at how to render each of the three available template packs. For these examples we'll use a single serializer class to present a "Login" form. + + class LoginSerializer(serializers.Serializer): + email = serializers.EmailField( + max_length=100, + style={'placeholder': 'Email', 'autofocus': True} + ) + password = serializers.CharField( + max_length=100, + style={'input_type': 'password', 'placeholder': 'Password'} + ) + remember_me = serializers.BooleanField() + +--- + +#### `rest_framework/vertical` + +Presents form labels above their corresponding control inputs, using the standard Bootstrap layout. + +*This is the default template pack.* + + {% load rest_framework %} + + ... + +
+ {% csrf_token %} + {% render_form serializer template_pack='rest_framework/vertical' %} + +
+ +![Vertical form example](../img/vertical.png) + +--- + +#### `rest_framework/horizontal` + +Presents labels and controls alongside each other, using a 2/10 column split. + +*This is the form style used in the browsable API and admin renderers.* + + {% load rest_framework %} + + ... + +
+ {% csrf_token %} + {% render_form serializer %} +
+
+ +
+
+
+ +![Horizontal form example](../img/horizontal.png) + +--- + +#### `rest_framework/inline` + +A compact form style that presents all the controls inline. + + {% load rest_framework %} + + ... + +
+ {% csrf_token %} + {% render_form serializer template_pack='rest_framework/inline' %} + +
+ +![Inline form example](../img/inline.png) + +## Field styles + +Serializer fields can have their rendering style customized by using the `style` keyword argument. This argument is a dictionary of options that control the template and layout used. + +The most common way to customize the field style is to use the `base_template` style keyword argument to select which template in the template pack should be use. + +For example, to render a `CharField` as an HTML textarea rather than the default HTML input, you would use something like this: + + details = serializers.CharField( + max_length=1000, + style={'base_template': 'textarea.html'} + ) + +If you instead want a field to be rendered using a custom template that is *not part of an included template pack*, you can instead use the `template` style option, to fully specify a template name: + + details = serializers.CharField( + max_length=1000, + style={'template': 'my-field-templates/custom-input.html'} + ) + +Field templates can also use additional style properties, depending on their type. For example, the `textarea.html` template also accepts a `rows` property that can be used to affect the sizing of the control. + + details = serializers.CharField( + max_length=1000, + style={'base_template': 'textarea.html', 'rows': 10} + ) + +The complete list of `base_template` options and their associated style options is listed below. + +base_template | Valid field types | Additional style options +-----------------------|-------------------------------------------------------------|----------------------------------------------- +input.html | Any string, numeric or date/time field | input_type, placeholder, hide_label, autofocus +textarea.html | `CharField` | rows, placeholder, hide_label +select.html | `ChoiceField` or relational field types | hide_label +radio.html | `ChoiceField` or relational field types | inline, hide_label +select_multiple.html | `MultipleChoiceField` or relational fields with `many=True` | hide_label +checkbox_multiple.html | `MultipleChoiceField` or relational fields with `many=True` | inline, hide_label +checkbox.html | `BooleanField` | hide_label +fieldset.html | Nested serializer | hide_label +list_fieldset.html | `ListField` or nested serializer with `many=True` | hide_label diff --git a/tests/test_description.py b/tests/test_description.py index 93539a838..7fb93ed4e 100644 --- a/tests/test_description.py +++ b/tests/test_description.py @@ -1,155 +1,155 @@ -import pytest -from django.test import TestCase - -from rest_framework.compat import apply_markdown -from rest_framework.utils.formatting import dedent -from rest_framework.views import APIView - -# We check that docstrings get nicely un-indented. -DESCRIPTION = """an example docstring -==================== - -* list -* list - -another header --------------- - - code block - -indented - -# hash style header # - -```json -[{ - "alpha": 1, - "beta": "this is a string" -}] -```""" - - -# If markdown is installed we also test it's working -# (and that our wrapped forces '=' to h2 and '-' to h3) -MARKDOWN_DOCSTRING = """

an example docstring

-
    -
  • list
    • -
  • list
    • -
-

another header

-
code block
-
-

indented

-

hash style header

-
[{
    "alpha": 1,
    "beta": "this is a string"
}]
-


""" - - -class TestViewNamesAndDescriptions(TestCase): - def test_view_name_uses_class_name(self): - """ - Ensure view names are based on the class name. - """ - class MockView(APIView): - pass - assert MockView().get_view_name() == 'Mock' - - def test_view_name_uses_name_attribute(self): - class MockView(APIView): - name = 'Foo' - assert MockView().get_view_name() == 'Foo' - - def test_view_name_uses_suffix_attribute(self): - class MockView(APIView): - suffix = 'List' - assert MockView().get_view_name() == 'Mock List' - - def test_view_name_preferences_name_over_suffix(self): - class MockView(APIView): - name = 'Foo' - suffix = 'List' - assert MockView().get_view_name() == 'Foo' - - def test_view_description_uses_docstring(self): - """Ensure view descriptions are based on the docstring.""" - class MockView(APIView): - """an example docstring - ==================== - - * list - * list - - another header - -------------- - - code block - - indented - - # hash style header # - - ```json - [{ - "alpha": 1, - "beta": "this is a string" - }] - ```""" - - assert MockView().get_view_description() == DESCRIPTION - - def test_view_description_uses_description_attribute(self): - class MockView(APIView): - description = 'Foo' - assert MockView().get_view_description() == 'Foo' - - def test_view_description_allows_empty_description(self): - class MockView(APIView): - """Description.""" - description = '' - assert MockView().get_view_description() == '' - - def test_view_description_can_be_empty(self): - """ - Ensure that if a view has no docstring, - then it's description is the empty string. - """ - class MockView(APIView): - pass - assert MockView().get_view_description() == '' - - def test_view_description_can_be_promise(self): - """ - Ensure a view may have a docstring that is actually a lazily evaluated - class that can be converted to a string. - - See: https://github.com/encode/django-rest-framework/issues/1708 - """ - # use a mock object instead of gettext_lazy to ensure that we can't end - # up with a test case string in our l10n catalog - - class MockLazyStr: - def __init__(self, string): - self.s = string - - def __str__(self): - return self.s - - class MockView(APIView): - __doc__ = MockLazyStr("a gettext string") - - assert MockView().get_view_description() == 'a gettext string' - - @pytest.mark.skipif(not apply_markdown, reason="Markdown is not installed") - def test_markdown(self): - """ - Ensure markdown to HTML works as expected. - """ - assert apply_markdown(DESCRIPTION) == MARKDOWN_DOCSTRING - - -def test_dedent_tabs(): - result = 'first string\n\nsecond string' - assert dedent(" first string\n\n second string") == result - assert dedent("first string\n\n second string") == result - assert dedent("\tfirst string\n\n\tsecond string") == result - assert dedent("first string\n\n\tsecond string") == result +import pytest +from django.test import TestCase + +from rest_framework.compat import apply_markdown +from rest_framework.utils.formatting import dedent +from rest_framework.views import APIView + +# We check that docstrings get nicely un-indented. +DESCRIPTION = """an example docstring +==================== + +* list +* list + +another header +-------------- + + code block + +indented + +# hash style header # + +```json +[{ + "alpha": 1, + "beta": "this is a string" +}] +```""" + + +# If markdown is installed we also test it's working +# (and that our wrapped forces '=' to h2 and '-' to h3) +MARKDOWN_DOCSTRING = """

an example docstring

+
    +
  • list
    • +
  • list
    • +
+

another header

+
code block
+
+

indented

+

hash style header

+
[{
    "alpha": 1,
    "beta": "this is a string"
}]
+


""" + + +class TestViewNamesAndDescriptions(TestCase): + def test_view_name_uses_class_name(self): + """ + Ensure view names are based on the class name. + """ + class MockView(APIView): + pass + assert MockView().get_view_name() == 'Mock' + + def test_view_name_uses_name_attribute(self): + class MockView(APIView): + name = 'Foo' + assert MockView().get_view_name() == 'Foo' + + def test_view_name_uses_suffix_attribute(self): + class MockView(APIView): + suffix = 'List' + assert MockView().get_view_name() == 'Mock List' + + def test_view_name_preferences_name_over_suffix(self): + class MockView(APIView): + name = 'Foo' + suffix = 'List' + assert MockView().get_view_name() == 'Foo' + + def test_view_description_uses_docstring(self): + """Ensure view descriptions are based on the docstring.""" + class MockView(APIView): + """an example docstring + ==================== + + * list + * list + + another header + -------------- + + code block + + indented + + # hash style header # + + ```json + [{ + "alpha": 1, + "beta": "this is a string" + }] + ```""" + + assert MockView().get_view_description() == DESCRIPTION + + def test_view_description_uses_description_attribute(self): + class MockView(APIView): + description = 'Foo' + assert MockView().get_view_description() == 'Foo' + + def test_view_description_allows_empty_description(self): + class MockView(APIView): + """Description.""" + description = '' + assert MockView().get_view_description() == '' + + def test_view_description_can_be_empty(self): + """ + Ensure that if a view has no docstring, + then it's description is the empty string. + """ + class MockView(APIView): + pass + assert MockView().get_view_description() == '' + + def test_view_description_can_be_promise(self): + """ + Ensure a view may have a docstring that is actually a lazily evaluated + class that can be converted to a string. + + See: https://github.com/encode/django-rest-framework/issues/1708 + """ + # use a mock object instead of gettext_lazy to ensure that we can't end + # up with a test case string in our l10n catalog + + class MockLazyStr: + def __init__(self, string): + self.s = string + + def __str__(self): + return self.s + + class MockView(APIView): + __doc__ = MockLazyStr("a gettext string") + + assert MockView().get_view_description() == 'a gettext string' + + @pytest.mark.skipif(not apply_markdown, reason="Markdown is not installed") + def test_markdown(self): + """ + Ensure markdown to HTML works as expected. + """ + assert apply_markdown(DESCRIPTION) == MARKDOWN_DOCSTRING + + +def test_dedent_tabs(): + result = 'first string\n\nsecond string' + assert dedent(" first string\n\n second string") == result + assert dedent("first string\n\n second string") == result + assert dedent("\tfirst string\n\n\tsecond string") == result + assert dedent("first string\n\n\tsecond string") == result From 36d5c0e74f562cbe3055f0d20818bd48d3c32359 Mon Sep 17 00:00:00 2001 From: Stanislav Levin Date: Tue, 7 May 2024 10:05:03 +0300 Subject: [PATCH 37/47] tests: Check urlpatterns after cleanups (#9400) According to docs: https://docs.python.org/3/library/unittest.html#unittest.TestCase.addClassCleanup > Add a function to be called after tearDownClass() to cleanup resources used during the test class. Functions will be called in reverse order to the order they are added (LIFO). This was revealed with recent change in pytest (`8.2.0`): > pytest-dev/pytest#11728: For unittest-based tests, exceptions during class cleanup (as raised by functions registered with TestCase.addClassCleanup) are now reported instead of silently failing. `check_urlpatterns` is called before `cleanup_url_patterns` and fails (problem was hidden by `pytest < 8.2.0`). `doClassCleanups` can be used instead to check after-cleanup state: https://docs.python.org/3/library/unittest.html#unittest.TestCase.doClassCleanups > This method is called unconditionally after tearDownClass(), or after setUpClass() if setUpClass() raises an exception. It is responsible for calling all the cleanup functions added by addClassCleanup(). If you need cleanup functions to be called prior to tearDownClass() then you can call doClassCleanups() yourself. Fixes: https://github.com/encode/django-rest-framework/issues/9399 Signed-off-by: Stanislav Levin --- tests/test_testing.py | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/tests/test_testing.py b/tests/test_testing.py index 7c2a09fae..a7e00ab63 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -318,10 +318,6 @@ class TestAPIRequestFactory(TestCase): assert request.META['CONTENT_TYPE'] == 'application/json' -def check_urlpatterns(cls): - assert urlpatterns is not cls.urlpatterns - - class TestUrlPatternTestCase(URLPatternsTestCase): urlpatterns = [ path('', view), @@ -333,10 +329,11 @@ class TestUrlPatternTestCase(URLPatternsTestCase): super().setUpClass() assert urlpatterns is cls.urlpatterns - cls.addClassCleanup( - check_urlpatterns, - cls - ) + @classmethod + def doClassCleanups(cls): + assert urlpatterns is cls.urlpatterns + super().doClassCleanups() + assert urlpatterns is not cls.urlpatterns def test_urlpatterns(self): assert self.client.get('/').status_code == 200 From fbdab09c776d5ceef041793a7acd1c9e91695e5d Mon Sep 17 00:00:00 2001 From: wkwkhautbois Date: Sun, 2 Jun 2024 13:14:37 +0900 Subject: [PATCH 38/47] docs: Correct some evaluation results and a httpie option in Tutorial1 (#9421) * Tutorial 1: Added --unsorted option to httpie calls to prevent automatic json key sorting * Tutorial 1: Changed evaluation results accurate --- docs/tutorial/1-serialization.md | 66 ++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 29 deletions(-) diff --git a/docs/tutorial/1-serialization.md b/docs/tutorial/1-serialization.md index c86008104..1dac5e0d8 100644 --- a/docs/tutorial/1-serialization.md +++ b/docs/tutorial/1-serialization.md @@ -150,7 +150,7 @@ At this point we've translated the model instance into Python native datatypes. content = JSONRenderer().render(serializer.data) content - # b'{"id": 2, "title": "", "code": "print(\\"hello, world\\")\\n", "linenos": false, "language": "python", "style": "friendly"}' + # b'{"id":2,"title":"","code":"print(\\"hello, world\\")\\n","linenos":false,"language":"python","style":"friendly"}' Deserialization is similar. First we parse a stream into Python native datatypes... @@ -165,7 +165,7 @@ Deserialization is similar. First we parse a stream into Python native datatype serializer.is_valid() # True serializer.validated_data - # OrderedDict([('title', ''), ('code', 'print("hello, world")\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')]) + # {'title': '', 'code': 'print("hello, world")', 'linenos': False, 'language': 'python', 'style': 'friendly'} serializer.save() # @@ -175,7 +175,7 @@ We can also serialize querysets instead of model instances. To do so we simply serializer = SnippetSerializer(Snippet.objects.all(), many=True) serializer.data - # [OrderedDict([('id', 1), ('title', ''), ('code', 'foo = "bar"\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')]), OrderedDict([('id', 2), ('title', ''), ('code', 'print("hello, world")\n'), ('linenos', False), ('language', 'python'), ('style', 'friendly')]), OrderedDict([('id', 3), ('title', ''), ('code', 'print("hello, world")'), ('linenos', False), ('language', 'python'), ('style', 'friendly')])] + # [{'id': 1, 'title': '', 'code': 'foo = "bar"\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}, {'id': 2, 'title': '', 'code': 'print("hello, world")\n', 'linenos': False, 'language': 'python', 'style': 'friendly'}, {'id': 3, 'title': '', 'code': 'print("hello, world")', 'linenos': False, 'language': 'python', 'style': 'friendly'}] ## Using ModelSerializers @@ -321,42 +321,50 @@ You can install httpie using pip: Finally, we can get a list of all of the snippets: - http http://127.0.0.1:8000/snippets/ + http http://127.0.0.1:8000/snippets/ --unsorted HTTP/1.1 200 OK ... [ - { - "id": 1, - "title": "", - "code": "foo = \"bar\"\n", - "linenos": false, - "language": "python", - "style": "friendly" - }, - { + { + "id": 1, + "title": "", + "code": "foo = \"bar\"\n", + "linenos": false, + "language": "python", + "style": "friendly" + }, + { + "id": 2, + "title": "", + "code": "print(\"hello, world\")\n", + "linenos": false, + "language": "python", + "style": "friendly" + }, + { + "id": 3, + "title": "", + "code": "print(\"hello, world\")", + "linenos": false, + "language": "python", + "style": "friendly" + } + ] + +Or we can get a particular snippet by referencing its id: + + http http://127.0.0.1:8000/snippets/2/ --unsorted + + HTTP/1.1 200 OK + ... + { "id": 2, "title": "", "code": "print(\"hello, world\")\n", "linenos": false, "language": "python", "style": "friendly" - } - ] - -Or we can get a particular snippet by referencing its id: - - http http://127.0.0.1:8000/snippets/2/ - - HTTP/1.1 200 OK - ... - { - "id": 2, - "title": "", - "code": "print(\"hello, world\")\n", - "linenos": false, - "language": "python", - "style": "friendly" } Similarly, you can have the same json displayed by visiting these URLs in a web browser. From fe92f0dd0d4c587eed000c7de611ddbff241bd6a Mon Sep 17 00:00:00 2001 From: Ivan Studinsky Date: Mon, 10 Jun 2024 13:19:06 +0700 Subject: [PATCH 39/47] Add `__hash__` method for `permissions.OperandHolder` class (#9417) `OperandHolder` is not hashable, so need to add `__hash__` method --- rest_framework/permissions.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 71de226f9..7c15eca58 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -54,6 +54,9 @@ class OperandHolder(OperationHolderMixin): self.op2_class == other.op2_class ) + def __hash__(self): + return hash((self.operator_class, self.op1_class, self.op2_class)) + class AND: def __init__(self, op1, op2): From 3b41f0124194430da957b119712978fa2266b642 Mon Sep 17 00:00:00 2001 From: Seokchan Yoon Date: Fri, 14 Jun 2024 18:52:02 +0900 Subject: [PATCH 40/47] Fix potential XSS vulnerability in break_long_headers template filter (#9435) The header input is now properly escaped before splitting and joining with
tags. This prevents potential XSS attacks if the header contains unsanitized user input. --- rest_framework/templatetags/rest_framework.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rest_framework/templatetags/rest_framework.py b/rest_framework/templatetags/rest_framework.py index e01568cf2..dba8153b1 100644 --- a/rest_framework/templatetags/rest_framework.py +++ b/rest_framework/templatetags/rest_framework.py @@ -322,5 +322,5 @@ def break_long_headers(header): when possible (are comma separated) """ if len(header) > 160 and ',' in header: - header = mark_safe('
' + ',
'.join(header.split(','))) + header = mark_safe('
' + ',
'.join(escape(header).split(','))) return header From c7a7eae551528b6887614df816c8a26df70272d6 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 14 Jun 2024 16:34:21 +0100 Subject: [PATCH 41/47] Version 3.15.2 (#9439) --- docs/community/release-notes.md | 9 +++++++++ rest_framework/__init__.py | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/docs/community/release-notes.md b/docs/community/release-notes.md index f983424da..5ec415a79 100644 --- a/docs/community/release-notes.md +++ b/docs/community/release-notes.md @@ -38,6 +38,15 @@ You can determine your currently installed version using `pip show`: ## 3.15.x series +### 3.15.2 + +**Date**: 14th June 2024 + +* Fix potential XSS vulnerability in browsable API. [#9435](https://github.com/encode/django-rest-framework/pull/9157) +* Revert "Ensure CursorPagination respects nulls in the ordering field". [#9381](https://github.com/encode/django-rest-framework/pull/9381) +* Use warnings rather than logging a warning for DecimalField. [#9367](https://github.com/encode/django-rest-framework/pull/9367) +* Remove unused code. [#9393](https://github.com/encode/django-rest-framework/pull/9393) + ### 3.15.1 Date: 22nd March 2024 diff --git a/rest_framework/__init__.py b/rest_framework/__init__.py index bc16b221b..636f0c8ad 100644 --- a/rest_framework/__init__.py +++ b/rest_framework/__init__.py @@ -8,7 +8,7 @@ ______ _____ _____ _____ __ """ __title__ = 'Django REST framework' -__version__ = '3.15.1' +__version__ = '3.15.2' __author__ = 'Tom Christie' __license__ = 'BSD 3-Clause' __copyright__ = 'Copyright 2011-2023 Encode OSS Ltd' From 1e9b5c15ecc165e6d7658a6db13de98560f2b8df Mon Sep 17 00:00:00 2001 From: Ivan Studinsky Date: Sat, 15 Jun 2024 15:00:28 +0700 Subject: [PATCH 42/47] Provide tests for hashing of `OperandHolder` (#9437) --- tests/test_permissions.py | 56 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/tests/test_permissions.py b/tests/test_permissions.py index aefff981e..39b7ed662 100644 --- a/tests/test_permissions.py +++ b/tests/test_permissions.py @@ -716,3 +716,59 @@ class PermissionsCompositionTests(TestCase): composed_perm = (IsAuthenticatedUserOwner | permissions.IsAdminUser) hasperm = composed_perm().has_object_permission(request, None, None) assert hasperm is False + + def test_operand_holder_is_hashable(self): + assert hash((permissions.IsAuthenticated & permissions.IsAdminUser)) + + def test_operand_holder_hash_same_for_same_operands_and_operator(self): + first_operand_holder = ( + permissions.IsAuthenticated & permissions.IsAdminUser + ) + second_operand_holder = ( + permissions.IsAuthenticated & permissions.IsAdminUser + ) + + assert hash(first_operand_holder) == hash(second_operand_holder) + + def test_operand_holder_hash_differs_for_different_operands(self): + first_operand_holder = ( + permissions.IsAuthenticated & permissions.IsAdminUser + ) + second_operand_holder = ( + permissions.AllowAny & permissions.IsAdminUser + ) + third_operand_holder = ( + permissions.IsAuthenticated & permissions.AllowAny + ) + + assert hash(first_operand_holder) != hash(second_operand_holder) + assert hash(first_operand_holder) != hash(third_operand_holder) + assert hash(second_operand_holder) != hash(third_operand_holder) + + def test_operand_holder_hash_differs_for_different_operators(self): + first_operand_holder = ( + permissions.IsAuthenticated & permissions.IsAdminUser + ) + second_operand_holder = ( + permissions.IsAuthenticated | permissions.IsAdminUser + ) + + assert hash(first_operand_holder) != hash(second_operand_holder) + + def test_filtering_permissions(self): + unfiltered_permissions = [ + permissions.IsAuthenticated & permissions.IsAdminUser, + permissions.IsAuthenticated & permissions.IsAdminUser, + permissions.AllowAny, + ] + expected_permissions = [ + permissions.IsAuthenticated & permissions.IsAdminUser, + permissions.AllowAny, + ] + + filtered_permissions = [ + perm for perm + in dict.fromkeys(unfiltered_permissions) + ] + + assert filtered_permissions == expected_permissions From e13688f0c0d32672d31ef3b9474c2a9f9dd12ae9 Mon Sep 17 00:00:00 2001 From: Devid <13779643+sevdog@users.noreply.github.com> Date: Tue, 18 Jun 2024 19:03:37 +0100 Subject: [PATCH 43/47] Remove long deprecated code from request wrapper (#9441) --- rest_framework/request.py | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/rest_framework/request.py b/rest_framework/request.py index f30578fa2..b29e64d16 100644 --- a/rest_framework/request.py +++ b/rest_framework/request.py @@ -422,13 +422,6 @@ class Request: except AttributeError: return self.__getattribute__(attr) - @property - def DATA(self): - raise NotImplementedError( - '`request.DATA` has been deprecated in favor of `request.data` ' - 'since version 3.0, and has been fully removed as of version 3.2.' - ) - @property def POST(self): # Ensure that request.POST uses our request parsing. @@ -447,13 +440,6 @@ class Request: self._load_data_and_files() return self._files - @property - def QUERY_PARAMS(self): - raise NotImplementedError( - '`request.QUERY_PARAMS` has been deprecated in favor of `request.query_params` ' - 'since version 3.0, and has been fully removed as of version 3.2.' - ) - def force_plaintext_errors(self, value): # Hack to allow our exception handler to force choice of # plaintext or html error responses. From 7297f197015dce61b7f00fae80540df0cc7a4fc8 Mon Sep 17 00:00:00 2001 From: Martijn Jacobs Date: Mon, 24 Jun 2024 11:31:49 +0200 Subject: [PATCH 44/47] Add adrf as a third party package for Django REST framework (#9198) --- docs/community/third-party-packages.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/community/third-party-packages.md b/docs/community/third-party-packages.md index a92da82fc..593836411 100644 --- a/docs/community/third-party-packages.md +++ b/docs/community/third-party-packages.md @@ -46,6 +46,10 @@ Check out a grid detailing all the packages and ecosystem around Django REST Fra To submit new content, [open an issue][drf-create-issue] or [create a pull request][drf-create-pr]. +## Async Support + +* [adrf](https://github.com/em1208/adrf) - Async support, provides async Views, ViewSets, and Serializers. + ### Authentication * [djangorestframework-digestauth][djangorestframework-digestauth] - Provides Digest Access Authentication support. From 4d0662663a360bc0656f019cf215c554e466bb75 Mon Sep 17 00:00:00 2001 From: Francesco Cataldo <78490028+FraCata00@users.noreply.github.com> Date: Thu, 27 Jun 2024 14:19:59 +0200 Subject: [PATCH 45/47] fix(release-notes): fix wronk link PR(#9435) on release-notes 3.15.2 (#9444) Co-authored-by: Francesco --- docs/community/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/community/release-notes.md b/docs/community/release-notes.md index 5ec415a79..c3294f595 100644 --- a/docs/community/release-notes.md +++ b/docs/community/release-notes.md @@ -42,7 +42,7 @@ You can determine your currently installed version using `pip show`: **Date**: 14th June 2024 -* Fix potential XSS vulnerability in browsable API. [#9435](https://github.com/encode/django-rest-framework/pull/9157) +* Fix potential XSS vulnerability in browsable API. [#9435](https://github.com/encode/django-rest-framework/pull/9435) * Revert "Ensure CursorPagination respects nulls in the ordering field". [#9381](https://github.com/encode/django-rest-framework/pull/9381) * Use warnings rather than logging a warning for DecimalField. [#9367](https://github.com/encode/django-rest-framework/pull/9367) * Remove unused code. [#9393](https://github.com/encode/django-rest-framework/pull/9393) From e9f3fd250aa4176b43753097add1ddcd73ea9d55 Mon Sep 17 00:00:00 2001 From: Alvaro Vega Date: Sat, 29 Jun 2024 09:48:31 +0200 Subject: [PATCH 46/47] Update release-notes.md (#9451) --- docs/community/release-notes.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/community/release-notes.md b/docs/community/release-notes.md index c3294f595..3e5d3ebc5 100644 --- a/docs/community/release-notes.md +++ b/docs/community/release-notes.md @@ -46,6 +46,7 @@ You can determine your currently installed version using `pip show`: * Revert "Ensure CursorPagination respects nulls in the ordering field". [#9381](https://github.com/encode/django-rest-framework/pull/9381) * Use warnings rather than logging a warning for DecimalField. [#9367](https://github.com/encode/django-rest-framework/pull/9367) * Remove unused code. [#9393](https://github.com/encode/django-rest-framework/pull/9393) +* Django < 4.2 and Python < 3.8 no longer supported. [#9393](https://github.com/encode/django-rest-framework/pull/9393) ### 3.15.1 From ccfe0a963799f52c137a7ed555648e7bbffa0d93 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 5 Jul 2024 16:56:58 +0100 Subject: [PATCH 47/47] Add Zuplo to sponsors (#9460) --- README.md | 5 ++++- docs/img/premium/zuplo-readme.png | Bin 0 -> 12409 bytes docs/index.md | 3 ++- setup.py | 1 - 4 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 docs/img/premium/zuplo-readme.png diff --git a/README.md b/README.md index d32fbc331..fc44a461e 100644 --- a/README.md +++ b/README.md @@ -28,8 +28,9 @@ The initial aim is to provide a single full-time position on REST framework. [![][cryptapi-img]][cryptapi-url] [![][fezto-img]][fezto-url] [![][svix-img]][svix-url] +[![][zuplo-img]][zuplo-url] -Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry][sentry-url], [Stream][stream-url], [Spacinov][spacinov-url], [Retool][retool-url], [bit.io][bitio-url], [PostHog][posthog-url], [CryptAPI][cryptapi-url], [FEZTO][fezto-url], and [Svix][svix-url]. +Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry][sentry-url], [Stream][stream-url], [Spacinov][spacinov-url], [Retool][retool-url], [bit.io][bitio-url], [PostHog][posthog-url], [CryptAPI][cryptapi-url], [FEZTO][fezto-url], [Svix][svix-url], and [Zuplo][zuplo-url]. --- @@ -196,6 +197,7 @@ Please see the [security policy][security-policy]. [cryptapi-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/cryptapi-readme.png [fezto-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/fezto-readme.png [svix-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/svix-premium.png +[zuplo-img]: https://raw.githubusercontent.com/encode/django-rest-framework/master/docs/img/premium/zuplo-readme.png [sentry-url]: https://getsentry.com/welcome/ [stream-url]: https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage @@ -206,6 +208,7 @@ Please see the [security policy][security-policy]. [cryptapi-url]: https://cryptapi.io [fezto-url]: https://www.fezto.xyz/?utm_source=DjangoRESTFramework [svix-url]: https://www.svix.com/?utm_source=django-REST&utm_medium=sponsorship +[zuplo-url]: https://zuplo.link/django-gh [oauth1-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-rest-framework-oauth [oauth2-section]: https://www.django-rest-framework.org/api-guide/authentication/#django-oauth-toolkit diff --git a/docs/img/premium/zuplo-readme.png b/docs/img/premium/zuplo-readme.png new file mode 100644 index 0000000000000000000000000000000000000000..245ded35e6ca23cc9497992c19a887dba04b6ae4 GIT binary patch literal 12409 zcmeHs1y>yFvi2Y$KoTTaa19bHxVwizgS$&`cMs0s?l5R@2=49-?gV#&yMB{>&bfEr zv(Ehm_v^K0R&`Z9Z&f{AZ?CTIPXfGf)BsU~%pN#rbZVTyN>&p|w?WBdj(4(!a9C{p-?=Qmms;0ch z#YJX;L&GK#sbQJGvA1)==xT>S)I*^2MYWap1e0G`TG7L3cniGL&_%+SUAgHxE6@7e zyi^4CLIf6Z00Y>){N597`qXWR0Pz`)SZp}JHQyH;P*kWW6Uxl{$_e>b3Uqa0aC24n zpRU#W6D@dAoDrz65qt&Za>ij{^t5KAsmD0b61tOvuVcEOiq@$u*urYP0;s(Kr@$QE zwC*l4`4Qk3OlJFAVxQRqeZIVzgdp zqtn(-qb1I7LMzpJi;l;yY>6%KG2;{-eGlsU+QW2T^`>%LpZZ*Y*afW+I03%_J`c;8DnRf{u`hh>Qd&udzqw#XneS3Zx5gx6}$;9haT!kYCt zAM%E%sa>8pk){eMu^hg$#KqXsYvRXVSeI6x0=?<&e4b!PY`?m^;9%9z#fe=fK5obn zP{hOq+thdJ661br?u>H04^Aze6qEPl;U0UwnQ#2ySW{Mk14m|PNjU4&UHR(kh}E1^ z#{fWD5AfCxEkvvYH3ZP<>;B+%=y5sc9>tUmz(a(87IY3c_xOIHA;-D67(j6fBlb*k z58-^O)$u_Kp7eRnDX*_4(JSMywh~2j4cz#w2O~VOT4e$5dKuY)*U7~^@EJW0Kfnu{ zooRc?MPhm?SdXv`;{2MoERK9Bw=jG`I%P`8yqo~7d#=ft0GkVGR<}k z345vA4x-EDMW?iX?-Z)|GV7}lq_71vOkq)QAj(_W_eUFIe2dhqT6al|C&Ha~mrGMh*0Im}A^&O>Zwg1-sAAAiLQc}=5-GXUF|jfNS3EdT1DL&_E*{dHM3#-+c- z8s!HVupaCREz25VGF}&K ze+Sv;kQKrH@RJqV&2}!rX@Xe^Bocz;sGAXK_@gHinFQSFBdMXN1YhaBnTNUl4!2It zi8S{8Vx74G+xolan$9gHFS1Y~;2s)^=!Y1wX>_!#N(TpfqO)T61>?VwJ|+jvm5rN@8jmVt%U7p18qZdgZVNJ zFA)T^`hBizX^rOggC}+y!D`4!=V~`(tsQ+2(H~ySpQ#gsCObe9kA{c1^4;V6+;?J8 zlUz=PI5Uw;a?1B_LausHHV8M~p1lqYq>!2<*Uj+}ZSUylAnD8=Uh6~aj)vHV(dcX?vo-ZpqLt+} zqd&PyR!W?fp*2Tm$`{F}j4S7G>GSJbH9@##!FR(cZ1EOq{K3xfuMhOn5r zSflv$B&WI4KH5I{Bsp_sL>Mp{m_L#sb4ocQGc6;*zOoXrQd-63>F|3excai%z1pt2 z&^XIxecqt)qoMR+VwAmsy|w-8Erf0F!IFXCp}Ao>>S(MHEM`n@%pELaOfM{2EMjUV zYFyfU+FBYf#b0?x6`o3NT7k;FUyLihWDUtFvni*3i#sSyO-`*})UORbusor<8{PC#*Ar+w*LG>-V2u3$S_ma2~xda#) zT-Zm}=hs&V+65{BV`a*d4P@wnsLA}Sn;aKxJjU#%b^Xfi+6c^#_&8eK zja9x-FyX$b2 zdz4ow7?FyRRgqq@Kv^Q$!t^$7d~O^rxyFIUyryNxZM*!Yy2kaD^ySEAFFOuN~4)dmCa~<{5HyK&w ztEBDfKJ+hSFLN*&Fk&z^u(hzL2xAEQ@Cop(g?RF`MOpqb0VV$JLG$0!5!I2LP^?hM zzql*rAkMc^SgG7 zb_sT?8yOpn6qOX;soqizQJ7G*$ui4wCq_tJ%N$Fi%Pu6G^C~meQoj3gA$2H?BLe|u zEtpqdY%xrhM{CzJZ?S|i^Pf2XT8SCVYGiS6j~dLJQjbvoSsLt7e_Xa0ydbgS!lOyk z%=@4ksXHcL?rAM`Y@ccKYur2V$@oF_9PZo(rwE&Xz6UD^Cz5cS%eFcspSsxWK6|D! zQA9Y{9>t5{`cs=iu9l+mmro%2j88Rm7PL6DjC8u?h(A7*O;=d*kGOC?oX(MZOB@r< z@GUC!>LzH`D#?@)RWKEs7bg_a7kAI}&b0n;`9aKE;C(c0m$}*4?~{orz~nS}yfyRn zTcIr5DH~>bkX(Oerq!hx0hgg`L77xtaX|{0>xPaK-{bl>*NKDSF8$bzwtV}zqr&6H zx^!uhy+(FoPh#V2_G~fxTwU|;o!?%Bnmi2JzwGZs3vEq}aXeIoIEr~{Jo2fEcZU-O zXiq%gJPIFL?kVrJ?}@cmysxf(dpoWy`sVImUmy@mvo66jqw<8xb>d-+kk%R2FKc=A7XJ@@wfJh^O6nqW*aW!7bC z`Q%1_dq0ie%aKvjS3_>IvO3lh?s>E6HTyadHCW(_SIceEv2M2mg9A&JS(eJq1$G0D ztf$KJ@=fpc@KkSQFR`veo1G8Oo%YkiTI|K-A@SMp?RIt6qyUe%`lEaG`?~7)QaK8< z<*%IWMjvSz44HWpaKMNjEmPoXDGW>w5PF-cP>tw8gAw-Za#a#$<3wa5xp_$k=umgqy?`x7{lSSUF>&t7tTvZUkSMh z+qq~Pzc9n)xCwT;2TgL!Bcl!AZ)m5+Ak4px| z2Bn7cw_lyy47xCk(`_+4dh6vD9qP^Gtn^O5PgAUA&aqd#+YK{K=nj5}awOpUs;r!$ zilKU_P^igh|CaxH<2C_fhH6Ugj*T;&-C~*#{3~yq&P(N%V9xFSqMf0o{q|H*PTI>t zMN_ibDtOU2N7i6>w|sYnoUc`t;X3n(XHnPF>7`@LBEHjVuCbi)m+NQ8eUp9LbNZ8| z0vAki*OQH7hGh@u_FbVFv!Ub*kw!bC$6w&;{&I{X42~=cV3;flAIOXH>S$Z($^nAY z!q`_Rt+NRE3|V$hcv?KY8cMrXAJV+F+HNj8DOgSNth^6-nZHoIOdr=ep<0qNyx6(0 zdXt6|>4W{ObtQHyy_x%Kw#M7oc=ScQ64qbHgsFAjK&DC*$|U%mpIsv65-}A7Pp

aZ^{Oj(1+6AB14x6l!eykDz61_S z8eeR0Vr3*K2eU-p60jA$FX>Z(%tp-UR2&xB@T>T=Z1niWdB}a_5KX_f{>cZPp;!T0 z>+nAuEU#Rwn6><9RGL&APhCn}YHJ7Y*}IuqsfxImLyl?DTQj{>p14(&5sWINP`~IV zwdU~Vc};oFKPQe_ZSpLMV;+B5-fV^30^BP<-`iVWu6Nw#OY{>FCx>`#a2B7(KkX-( zq82dlGP`?_5#QJoZAO07U$SFuL52}& zkfo!zo4}o-{T#x4&J>e^tKKl+U;4#T<%l&BoPN_lN<{w)&_?#G~58xZJn zU-76m<~1}m&@{3%v|l%DsMnEq4bP`RJR+Ibz8*_oeZA3rRn+?pc1@ zyKl&XGNhZiStgwijmc7;Je*C;jp&c~Y8a_Cc|Eub8Ri(}xNWR`Jf1UQn}u__P+xP8 z^BFmWT#Qd`G{tr(?oZYmzuTThE)JVZC`8#M3g!H!ny)pg(<;xRxFla+@@qZ0r>b{T zRSq-rE$8-h<D{KA(>sy$s3f?)Md8MiQ~3_Yvh~ zh|a{Z(_#3Dfa}#!$7!w0T%%1gYChPe@^0yi%X{(rld4rz4_iavj{fuQhT%)-O`IEK zx`4mU%uD_HU_33{#>aagwMGX~_wg~nW9H@XWugo_{S!d!3Bbt!tJnUwCkIV2K!La}(!}HxIm>hbPQSKBNs#IKQIAhkipYYaZK`DT1KSf*Ep8=$w zk#S-;NL-eLBZliO zj|qNi^R@wlUZ$R%+N)A3cKjv(jLxdf2-~v;gk_4%2#(Ieb z@vM2BU>)kwnOUD=56#d*m+>ImXhv6e_f$Xr7}WsBkS@g<1vOm*2`k+)Nh~8C?GAl8 zJt+y2)R^QusjLK=mH4^^Vvzrkz2~{wotRj*XvGMatgK0SR3jr7y`s_Qu*!;017mU3 z3HMU;vi4oe+Zxa!XjcYnWMkBWKBbI$Hpw#PcawARbrNA>dL8$PW8-n(I?<7xRd9qV zQs9_r1@TrE-YFk-WE0wZtb5XQJSGgW9GSj`UjB$1=`CqI85&8J)zG7ZMZ$Vh>Ddx5 z3H$W(Q?;9MlO+rdTl*Bd-Gd^zup^K?^6^SX!bD!HvdoA8)b<|Lr^^3&kCv~!>#y|>_= z6&&gw4DA}+dqEg8m^af8og}zhe&pG>mwrsADE=f2(>IjS9P#j2BBnX|X4rk*8 zcR=W*{LVYT+ zy6SpjJtO%gt;uo3OYMC}+?_k&vKXaihe=p(V!2RzWqOsuj<`9Dj1N;qj47|9A zINiL00*BwcY5FZ5o^pD#k8N87oGvHcO^>O$zq)eY@K}6OGi$I|zmeavU8$>q|J)DD-4T@eL@$Ux573Q9MDDN~e@Eo+ z7J?q@2h0JOp}PO75N6b;qkEOs9b-$g9N?agH6hd$-912W^a}hPsY}U_NPnSnsVZ>( zfm1e}s+{Nsy}}RDB|s8_@gA{TRKbARE@9-1WQewbkpiIkB)-2u?c~Mn&ku zHy=rzWYh2Nm@cdYEI2o0q*PK&ZlA97nr0YwBB)Yus>5!64~0U)hi^Xh5Sj7rDFUhY zKS`I4a|5~0TYgmR0JWiAf#D%1#j$Mp)`pCuKJ%i*w{d=cV;*5qPS^Q2nX_)&`w6OF z0-x6$e$QQ1lLn>*)N9$atR#e3Y>k^CcdSCSzo*%P-i~Dd+f8GuIr^L)T z+PpOdL&y9>ub0d2!YEn?z2mt;)C)Nr1|No}_bo*Y4VPCN^&Ka?s~$-$iQdmeTG-mw zkHzOThe;b1hO}C=ZY9rADDsM09$tc%_W-@D@=`iUfG;EL+OA(h0&y)Zt-#^9(Iyf= zRd}xbp|sT^8HSU$JuJvb+~xV?N)Ew1hfZT>QRt)+^HU`EFu2!~CZvcSTl^ZHr89VBexLR3SJ8--5k^SYt4VC|> z8Occga&ffaBU6)+ClRr+Hzr|YU}gAB#*a)wLc(irWWuc|D*jJ6^o)*^cWI63l>k^KquU&lZ4bTl{l??~1T|11kyAmbkkBNM}C#{UE}b~XQBV1F$CE6m97 zzpAozvbX%JCL=>eV@qQzV{1nTD30krhJ$kZU%>y7q^rK|KZ5;5;y-HR{gXMjqOpUG zrPCh@l&#Gj`I&kDD(K(U|INrhP$D)~w)Vyj4p12X=YK-}uKRa?wf_#o&+)Gqe^>rH zK+fJATB-h@y!e^^8Q|}_fA?4aPXYd}{2Sm8_1yC2uEv&XqUKOS|EhwS16s#_wER0# z#KzLb{;RFNq4A&0{(}5X_3z$)#ZmuT9Jc=v=Wmw3A&m^V9h?ll85=tO?Rr74+F#xO z)!2^lZ)#q~|LDyN?FDWb8zXZQH&J~@V}9n(%&gp>Ik-Qwkub6UC9v}{{+rL=GWcT= zu{YLtw6RyRv9aX;s|>3@rz9*4T>n7+-TqG~FXNwm^tXNWk4^iR7P@Qsk)g&|whx0Li=5MQHQ}>!hkQIa?xNXepMZgGc z4fgB>Oqhivy$pi8zW2Nt8J9Li2>|H^>fjn(tAMy(s#3@06%J|5g8+p1mG79*g!O|M1esR zMHeJcNT!B|LHrJnCLtN%geXW72G|Jc5+#L76uz9oc%>o$SOusNlM)%4?Eg>g{{m|S zn9p7A*6`P6!H>klJn((3HQ(0VPnk<9X96{4HYrw9 z5K!~z>|vI9E2*knCb|@c@`?bu1oTT)x$eg8>AJ~Hdj82PbqTmlYrFaV7m7DY{nAS# znZGRSfGM}2+k*OUjie(SEOvt@S*_{`HcFAiNui3q8F)oMu zqn4Z7#8L*}@JFoG4V_Q$O)OmYoZzc*WUpRWI5qgbej|YQ6Zsf-v1;hNNl+ufZ+1O{ zYa&5Z$`>QA_KC`u^OMAvKsYMf4bd9n45RBcE|V;QUn5VQBo6udLIepLdDW$e>E(Xg zy3}y$taFyv6u(oWd@7ZM0Cq}3G2G{rw(ANeJ}IVkda2hKZc6BMJqoYH4hFJ(QS%sh zSB?%@YAXiF+4Mrl6G)b#2w}Zdb{=X*%QN!5#EEG9L9d2Zi~INb3dVo#kUp^S1wp{ul(^?>V9=>r|C%W;KJ}3UAIskl6pJvaK$+ z;F@EckRV{{6enPcr)GJCf1D*uA_Tv92IgbH^h|`Jog|5@Et8L+Z2nSVf`K~5Q-4M9 z+fSWa*T$9|b&lZJ*b51P?L|w@t_WD|4#+2mg3!@lg^}5gZRMseSs0>ARBX*#b0UqL z^8{8oLhpFo=o?Sfh`_T>g|SjcWbTbUQM2fi2au`Sy|i9+Pp6m-VT!|XF?p^KRy1qo z>JR)ex;YXbp}5%P1aId}mej9y>E72KTtL+!*~!(ZjAyl1JuAop8)jlAYZZstUP5w| z59(y`-SJadZhy-T?2ZmkliUijd&hv=w?c zt^K5y8$0!S>8K=%r9IJfCg=xMS07t=6e2-Y{ZZN4`s{N3s0lFwK7Yd+Zlt1;&#I`) z&zIBO0!Eijst+ut>fF$KZ3g0*cNUT)9@Qa#_Ve5LVvs4v_02^VogJ{)qbCIHVPdI( z4FB0fIqT)p#OnaiB>7}*v9U`UDe7yfgXM>AzRX8r?#hyA!}5^y zOd1&}Bt}4pu8{2wi!0fU-?$}{5w@c3;}E=tf!2=(Z)eFtiec``v29urVHNMS?9nqJ zG4DCuj1(bhC~t_je!N^SyNQo~g{&KjCSBr0>03({*L%pHMN-K1ir-9arbC}HC8&P^ z{pHg5=`!KR;w~2Ii9csGsH{!xWJ<>P@u*7^cc7cfuxzGusQ;J+Q0oUW4e6^*BI~Dm`tk9^E++H zhT+1LDH%HorZ><&oStL8H^^XSPSTg9tgq5+Tsb0>+AN-C@*QD*7j^iqgw{+|7d4uW z|E--7deDySUifwmrB~%=9P`p>R)%=iL}dz)(Abojf%UVeYrq1k%05RQTdJgiPi$Im z?2lHhX!G<;shh1;@)U8bNi$?SG!|ir@D=HAOQu&S7wH}}dFkwbpD^A{N zqhvP=DEzqq*j=$AdH29PS=S61+C|y$-hbSs0AV#LC@L=9JNp{l2+>H0I)iZ2cv#PS zo4&&3G)iv%27<}VUFT?%`cW(=NcLtRX?!E<@$n~ba3zpix2!&bFxUX@g>7mMEc=l#_dM)Ir}K#aVFUK-#5EcbxCEkkFUS4IR_en)M1UR5Sho>lfS z;)WzjD{-Il)(!F66>cbS%x~k*X+MINbd-xYkD3K^ZdUvw40VaT?qyz|0i`zQ?kyg@ zN9P9g&w$->jVh#|g;;Tvsev@DdiR2y`HVy`qqD4tuGqDF-KzS9k{8#K6}eYGt$q>A1zf-Row*ya}~r4)2KpN zJxSt^rM81vkjn|oOORVVVpCZ0Oyz#yP03?#8{$D}C3aYwR4WRf8(`HSjOS~Y?VDg} zvSyzadgPbt?q}VRIX3COAG&8f|1p;N_T1SAjDCJRh%>{dzPExgmKhO5eZ|HcspL;s zKPR+&l(|I)>f2%f zHb^mb8`a0kJ7uO-nRq@opPy4h#ZS(fbSyu0qe zWK}8lm~0rT^#^wEnr|hVYmu8jh5^B&Lh1{e5q3&J%%w#s=6e-q3n}S*P=@oXrYr2r zNTvqNGlNX==FEVbl(LOM68ag3Mg$2{GeXM*Qv+Y{xIL&s$%Kqq=N~)<4SBDg$m}Ls%7?bP@;wV#=bb`LVXrc%wB`jc>oV@y43-LS5q- z6BiSgc;B__jW$zBf@8t;NnZvy-E-<7?3v~f>Gq=^r(D%tYR`e2XJO2s^s!9Wn;u3` zdjilftGg1?9&JYf1Lb~z)e}e_=Z07D1&_brOzqXAs|Qe|P{%=yck1+5YSX_qp6*j{ zU&L=OlFdCXZ|Jr&#B-yB%c*cJfKnc%LIPTDq5=UovtkjF`ffZ2R2oQeCFDM*rHG5O z2t)s|CI^_N%pB#S#pQx6-r>jCIlfayrATEL;s`vep~7{N^8{|jTz!-Ig3L(DUJxT4 z(zyKc)2&&60d#UNS>^z3)AGG9cyZf{X^_tkYDmKbes7QNjxk^xzrSKhRM?h z^II8LYeR7}tA4pCtT;PIxMLDNpUt4JBRg{YCMEYn<%C=w=kl*of>w_q5NNNxgRquQ zCimsCZ6w8t%>=h^r4DlDf-6{`f9$&x_5a+X|3-hC$_$c@H&-J4Q(va}EhrF&sX*b7 zDPEonR|1pQNg;Ah3uH4E@=4nxXHFXrZ|e4t+e>Lk*Rb~REof>P3^Yt!OzNH_m@->d zVl{ESfw2?qRne`qF#R^x*HbiEi|uYGiieu_MZ|+k2&u4s|9-}#d8SW@@tLB} zXK(+TkGBXdMRx#-L^CAH+iZtOGrcorrkuv9wa_H1%y0blZi)=vY3I>ogW5{mM+VT3 z>)!5EO|z13n%ez6r?Wg`I}%)e5#UXxY{r?H{&zZfht4O2Q)(MNpc3Hv6K5#53U_R- zAQ!y6$C8>f-qg%Z`_^7v{x_eg{Pn4UlL`&I+7m9~&w0>UVyWW`K@y>%^U*ET?&Z*$ zXGb$xl)#kWA_K7dDOP~_>|bmpJ$+vw-3`fPMR-$klsVlrr=$abJ~}WD46#SfOrO^v zI2!LENEyORn&A@t`algey>IVXpUWlS^R*sI0vj<;e#M>t>+|K^MRKB8G-&pgV zl+96898nt0OeuXMY=%z;%zkp-bQCup0-UD1K#qBXL&J{ByR8FT`ac@KWls_Q+Xe-~Q~oiHEJ z1PLD25Pc>H!f>3pr%wVqVPO!DL;!Y20pyQj8)_v~Z31mfo-xpQP!P&ObGKep6V02a zCUoq7jfD?ow1>B?3|6|0UhOWfFt8t?qk$Ee(XOTZcu1Q+F6Pz0;?nzkA>w#c-6R~@ zHwz8n2!kfi9i+A4s&K*O-O^+zg)Eqj2^~y7O?GXm_p_wV{mH~u<>T=O`PnKV?SzUJ zvpUeB>PE7{w`8PfJ5dSMqT?x&eJ5IQeKrYvPy%3M?^AVC6~u{lWq>TElpFT81 z6KGFX2D$lMy=E!p!z?}b5GpFPL!9W?epRV++%{^R-)@&^+l(TheL#S6S4jPZXo*eI z9hB)~-zq!Bth0zA#*WtvtsGJn$Ln0YbiR#qsrQY~31q&{7iZL61??G%Uf}tu#E0b^ zhG949QR`_rh^QLL=PfAaBh2gqHiWZ$yrG{elUXy*Z;B8x@BL4u*pDzoQS$0)ybt5& zMMUea3kWq)dyO?oM260tN;Oj`3lBsuB6^b0VSWgXE4GJ^&hNI}=8!3tcxGy0=Wunw zU3h6QcA#o=lrr`R6!z?k4ij}x$+#m-!u`d=l8IyWh~`^lS*UD7p(Mpgh8es13Vu@m zy8R8QWS-w_zTJy^jk5Pk+@45HVNvD89(>=zBlW2f0r;ZiR5?ln?Tt?nD{7*3_l} z8gKoKpcfLC6iYCh7fNbN@{|E01+*;&5sLw^+t3BKd(*K+NKybBlH!uD(5RyT8`O+D zKR>_@LP=v5{^Tp@1{K_x3VYEcDSbI((G_9fhoIMTD4dHv2%11oOhhy?i98WZkAlvK nITL&=^qt86PwD?8OSb}WnRxI9W>>-qmb{mzys literal 0 HcmV?d00001 diff --git a/docs/index.md b/docs/index.md index 864c1d072..719eb6e6e 100644 --- a/docs/index.md +++ b/docs/index.md @@ -75,10 +75,11 @@ continued development by **[signing up for a paid plan][funding]**.

  • CryptAPI
  • FEZTO
  • Svix
    • +
  • Zuplo
    • -*Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage), [Spacinov](https://www.spacinov.com/), [Retool](https://retool.com/?utm_source=djangorest&utm_medium=sponsorship), [bit.io](https://bit.io/jobs?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [PostHog](https://posthog.com?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [CryptAPI](https://cryptapi.io), [FEZTO](https://www.fezto.xyz/?utm_source=DjangoRESTFramework), and [Svix](https://www.svix.com/?utm_source=django-REST&utm_medium=sponsorship).* +*Many thanks to all our [wonderful sponsors][sponsors], and in particular to our premium backers, [Sentry](https://getsentry.com/welcome/), [Stream](https://getstream.io/?utm_source=DjangoRESTFramework&utm_medium=Webpage_Logo_Ad&utm_content=Developer&utm_campaign=DjangoRESTFramework_Jan2022_HomePage), [Spacinov](https://www.spacinov.com/), [Retool](https://retool.com/?utm_source=djangorest&utm_medium=sponsorship), [bit.io](https://bit.io/jobs?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [PostHog](https://posthog.com?utm_source=DRF&utm_medium=sponsor&utm_campaign=DRF_sponsorship), [CryptAPI](https://cryptapi.io), [FEZTO](https://www.fezto.xyz/?utm_source=DjangoRESTFramework), [Svix](https://www.svix.com/?utm_source=django-REST&utm_medium=sponsorship), , and [Zuplo](https://zuplo.link/django-web).* --- diff --git a/setup.py b/setup.py index d2cfe877e..568909bbc 100755 --- a/setup.py +++ b/setup.py @@ -1,4 +1,3 @@ -#!/usr/bin/env python3 import os import re import shutil