diff --git a/api-guide/authentication.html b/api-guide/authentication.html index 97f240b56..58eea2f7a 100644 --- a/api-guide/authentication.html +++ b/api-guide/authentication.html @@ -127,6 +127,7 @@ margin-top: 5px;
API_SETTINGS = {
- 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'DEFAULT_AUTHENTICATION': (
+ 'djangorestframework.authentication.UserBasicAuthentication',
'djangorestframework.authentication.SessionAuthentication',
)
}
You can also set the authentication policy on a per-view basis, using the APIView
class based views.
class ExampleView(APIView):
- authentication_classes = (SessionAuthentication,)
+ authentication_classes = (SessionAuthentication, UserBasicAuthentication)
def get(self, request, format=None):
content = {
@@ -163,7 +172,10 @@ margin-top: 5px;
return Response(content)
Or, if you're using the @api_view
decorator with function based views.
@api_view(allowed=('GET',), authentication_classes=(SessionAuthentication,))
+@api_view(
+ allowed=('GET',),
+ authentication_classes=(SessionAuthentication, UserBasicAuthentication)
+)
def example_view(request, format=None):
content = {
'user': unicode(request.user), # `django.contrib.auth.User` instance.
diff --git a/api-guide/reverse.html b/api-guide/reverse.html
index 48cc36932..57d4676a7 100644
--- a/api-guide/reverse.html
+++ b/api-guide/reverse.html
@@ -146,7 +146,7 @@ margin-top: 5px;
It's more explicit.
It leaves less work for your API clients.
There's no ambiguity about the meaning of the string when it's found in representations such as JSON that do not have a native URI type.
-It allows use to easily do things like markup HTML representations with hyperlinks.
+It makes it easy to do things like markup HTML representations with hyperlinks.
REST framework provides two utility functions to make it more simple to return absolute URIs from your Web API.
There's no requirement for you to use them, but if you do then the self-describing API will be able to automatically hyperlink it's output for you, which makes browsing the API much easier.
diff --git a/api-guide/settings.html b/api-guide/settings.html
index 398d95560..f61074c57 100644
--- a/api-guide/settings.html
+++ b/api-guide/settings.html
@@ -135,7 +135,8 @@ margin-top: 5px;
DEFAULT_MODEL_SERIALIZER
DEFAULT_PAGINATION_SERIALIZER
FORMAT_SUFFIX_KWARG
-UNAUTHENTICATED_USER_CLASS
+UNAUTHENTICATED_USER
+UNAUTHENTICATED_TOKEN
FORM_METHOD_OVERRIDE
FORM_CONTENT_OVERRIDE
FORM_CONTENTTYPE_OVERRIDE
@@ -147,8 +148,8 @@ margin-top: 5px;
Settings
-Settings for REST framework are all namespaced in the API_SETTINGS
setting.
-For example your project's settings.py
file might look like this:
+Configuration for REST framework is all namespaced inside the API_SETTINGS
setting.
+For example your project's settings.py
file might look like this:
API_SETTINGS = {
'DEFAULT_RENDERERS': (
'djangorestframework.renderers.YAMLRenderer',
@@ -189,25 +190,39 @@ For example your project's settings.py
file might look like this:
)
DEFAULT_PERMISSIONS
+A list or tuple of permission classes, that determines the default set of permissions checked at the start of a view.
Default: ()
DEFAULT_THROTTLES
+A list or tuple of throttle classes, that determines the default set of throttles checked at the start of a view.
Default: ()
DEFAULT_MODEL_SERIALIZER
Default: djangorestframework.serializers.ModelSerializer
DEFAULT_PAGINATION_SERIALIZER
Default: djangorestframework.pagination.PaginationSerializer
FORMAT_SUFFIX_KWARG
-Default: format
-UNAUTHENTICATED_USER_CLASS
+Default: 'format'
+UNAUTHENTICATED_USER
+The class that should be used to initialize request.user
for unauthenticated requests.
Default: django.contrib.auth.models.AnonymousUser
+UNAUTHENTICATED_TOKEN
+The class that should be used to initialize request.auth
for unauthenticated requests.
+Default: None
FORM_METHOD_OVERRIDE
-Default: _method
+The name of a form field that may be used to override the HTTP method of the form.
+If the value of this setting is None
then form method overloading will be disabled.
+Default: '_method'
FORM_CONTENT_OVERRIDE
-Default: _content
+The name of a form field that may be used to override the content of the form payload. Must be used together with FORM_CONTENTTYPE_OVERRIDE
.
+If either setting is None
then form content overloading will be disabled.
+Default: '_content'
FORM_CONTENTTYPE_OVERRIDE
-Default: _content_type
+The name of a form field that may be used to override the content type of the form payload. Must be used together with FORM_CONTENT_OVERRIDE
.
+If either setting is None
then form content overloading will be disabled.
+Default: '_content_type'
URL_ACCEPT_OVERRIDE
-Default: _accept
+The name of a URL parameter that may be used to override the HTTP Accept
header.
+If the value of this setting is None
then URL accept overloading will be disabled.
+Default: '_accept'