Merge remote-tracking branch 'upstream/master' into writable-nested-serializers

Conflicts:
	rest_framework/serializers.py

MANIFEST.in

@@ -1,2 +1,2 @@
 recursive-include rest_framework/static *.js *.css *.png
-recursive-include rest_framework/templates *.txt *.html
+recursive-include rest_framework/templates *.html

README.md

@@ -79,6 +79,10 @@ To run the tests.
 
     ./rest_framework/runtests/runtests.py
 
+To run the tests against all supported configurations, first install [the tox testing tool][tox] globally, using `pip install tox`, then simply run `tox`: 
+
+    tox
+
 # License
 
 Copyright (c) 2011-2013, Tom Christie
@@ -113,6 +117,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 [rest-framework-2-announcement]: http://django-rest-framework.org/topics/rest-framework-2-announcement.html
 [2.1.0-notes]: https://groups.google.com/d/topic/django-rest-framework/Vv2M0CMY9bg/discussion
 
+[tox]: http://testrun.org/tox/latest/
+
 [docs]: http://django-rest-framework.org/
 [urlobject]: https://github.com/zacharyvoase/urlobject
 [markdown]: http://pypi.python.org/pypi/Markdown/

docs/api-guide/authentication.md

@@ -113,7 +113,12 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401
 
 This authentication scheme uses a simple token-based HTTP Authentication scheme.  Token authentication is appropriate for client-server setups, such as native desktop and mobile clients.
 
-To use the `TokenAuthentication` scheme, include `rest_framework.authtoken` in your `INSTALLED_APPS` setting.
+To use the `TokenAuthentication` scheme, include `rest_framework.authtoken` in your `INSTALLED_APPS` setting:
+
+    INSTALLED_APPS = (
+        ...
+        'rest_framework.authtoken'
+    )
 
 You'll also need to create tokens for your users.
 
@@ -135,10 +140,14 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401
 
     WWW-Authenticate: Token
 
+---
+
 **Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https` only.
 
 ---
 
+#### Generating Tokens
+
 If you want every user to have an automatically generated Token, you can simply catch the User's `post_save` signal.
 
     @receiver(post_save, sender=User)
@@ -154,8 +163,7 @@ If you've already created some users, you can generate tokens for all existing u
     for user in User.objects.all():
         Token.objects.get_or_create(user=user)
 
-When using `TokenAuthentication`, you may want to provide a mechanism for clients to obtain a token given the username and password. 
-REST framework provides a built-in view to provide this behavior.  To use it, add the `obtain_auth_token` view to your URLconf:
+When using `TokenAuthentication`, you may want to provide a mechanism for clients to obtain a token given the username and password.  REST framework provides a built-in view to provide this behavior.  To use it, add the `obtain_auth_token` view to your URLconf:
 
     urlpatterns += patterns('',
         url(r'^api-token-auth/', 'rest_framework.authtoken.views.obtain_auth_token')
@@ -169,6 +177,23 @@ The `obtain_auth_token` view will return a JSON response when valid `username` a
 
 Note that the default `obtain_auth_token` view explicitly uses JSON requests and responses, rather than using default renderer and parser classes in your settings.  If you need a customized version of the `obtain_auth_token` view, you can do so by overriding the `ObtainAuthToken` view class, and using that in your url conf instead.
 
+#### Custom user models
+
+The `rest_framework.authtoken` app includes a south migration that will create the authtoken table.   If you're using a [custom user model][custom-user-model] you'll need to make sure that any initial migration that creates the user table runs before the authtoken table is created.
+
+You can do so by inserting a `needed_by` attribute in your user migration:
+
+    class Migration:
+
+        needed_by = (
+            ('authtoken', '0001_initial'),
+        )
+        
+        def forwards(self):
+            ...
+
+For more details, see the [south documentation on dependencies][south-dependencies].
+
 ## SessionAuthentication
 
 This authentication scheme uses Django's default session backend for authentication.  Session authentication is appropriate for AJAX clients that are running in the same session context as your website.
@@ -233,5 +258,7 @@ HTTP digest authentication is a widely implemented scheme that was intended to r
 [throttling]: throttling.md
 [csrf-ajax]: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax
 [mod_wsgi_official]: http://code.google.com/p/modwsgi/wiki/ConfigurationDirectives#WSGIPassAuthorization
+[custom-user-model]: https://docs.djangoproject.com/en/dev/topics/auth/customizing/#specifying-a-custom-user-model
+[south-dependencies]: http://south.readthedocs.org/en/latest/dependencies.html
 [juanriaza]: https://github.com/juanriaza
 [djangorestframework-digestauth]: https://github.com/juanriaza/django-rest-framework-digestauth

docs/api-guide/fields.md

@@ -2,7 +2,7 @@
 
 # Serializer fields
 
-> Each field in a Form class is responsible not only for validating data, but also for "cleaning" it -- normalizing it to a consistent format. 
+> Each field in a Form class is responsible not only for validating data, but also for "cleaning" it — normalizing it to a consistent format. 
 >
 > — [Django documentation][cite]
 
@@ -181,12 +181,6 @@ Corresponds to `django.forms.fields.RegexField`
 
 **Signature:** `RegexField(regex, max_length=None, min_length=None)`
 
-## DateField
-
-A date representation.
-
-Corresponds to `django.db.models.fields.DateField`
-
 ## DateTimeField
 
 A date and time representation.
@@ -203,12 +197,41 @@ If you want to override this behavior, you'll need to declare the `DateTimeField
         class Meta:
             model = Comment
 
+**Signature:** `DateTimeField(format=None, input_formats=None)`
+
+* `format` - A string representing the output format.  If not specified, the `DATETIME_FORMAT` setting will be used, which defaults to `'iso-8601'`.
+* `input_formats` - A list of strings representing the input formats which may be used to parse the date. If not specified, the `DATETIME_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`.
+
+DateTime format strings may either be [python strftime formats][strftime] which explicitly specifiy the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style datetimes should be used. (eg `'2013-01-29T12:34:56.000000'`)
+
+## DateField
+
+A date representation.
+
+Corresponds to `django.db.models.fields.DateField`
+
+**Signature:** `DateField(format=None, input_formats=None)`
+
+* `format` - A string representing the output format.  If not specified, the `DATE_FORMAT` setting will be used, which defaults to `'iso-8601'`.
+* `input_formats` - A list of strings representing the input formats which may be used to parse the date. If not specified, the `DATE_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`. 
+
+Date format strings may either be [python strftime formats][strftime] which explicitly specifiy the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style dates should be used. (eg `'2013-01-29'`)
+
 ## TimeField
 
 A time representation.
 
+Optionally takes `format` as parameter to replace the matching pattern.
+
 Corresponds to `django.db.models.fields.TimeField`
 
+**Signature:** `TimeField(format=None, input_formats=None)`
+
+* `format` - A string representing the output format.  If not specified, the `TIME_FORMAT` setting will be used, which defaults to `'iso-8601'`.
+* `input_formats` - A list of strings representing the input formats which may be used to parse the date. If not specified, the `TIME_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`.
+
+Time format strings may either be [python strftime formats][strftime] which explicitly specifiy the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style times should be used. (eg `'12:34:56.000000'`)
+
 ## IntegerField
 
 An integer representation.
@@ -252,3 +275,5 @@ Django's regular [FILE_UPLOAD_HANDLERS] are used for handling uploaded files.
 
 [cite]: https://docs.djangoproject.com/en/dev/ref/forms/api/#django.forms.Form.cleaned_data
 [FILE_UPLOAD_HANDLERS]: https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-FILE_UPLOAD_HANDLERS
+[strftime]: http://docs.python.org/2/library/datetime.html#strftime-and-strptime-behavior
+[iso8601]: http://www.w3.org/TR/NOTE-datetime

docs/api-guide/filtering.md

@@ -140,6 +140,14 @@ For more details on using filter sets see the [django-filter documentation][djan
 
 ---
 
+### Filtering and object lookups
+
+Note that if a filter backend is configured for a view, then as well as being used to filter list views, it will also be used to filter the querysets used for returning a single object.
+
+For instance, given the previous example, and a product with an id of `4675`, the following URL would either return the corresponding object, or return a 404 response, depending on if the filtering conditions were met by the given product instance:
+
+    http://example.com/api/products/4675/?category=clothing&max_price=10.00
+
 ## Overriding the initial queryset
  
 Note that you can use both an overridden `.get_queryset()` and generic filtering together, and everything will work as expected.  For example, if `Product` had a many-to-many relationship with `User`, named `purchase`, you might want to write a view like this:

docs/api-guide/permissions.md

@@ -90,12 +90,17 @@ This permission is suitable if you want to your API to allow read permissions to
 
 ## DjangoModelPermissions
 
-This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth].  When applied to a view that has a `.model` property, authorization will only be granted if the user has the relevant model permissions assigned.
+This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth].  When applied to a view that has a `.model` property, authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned.
 
 * `POST` requests require the user to have the `add` permission on the model.
 * `PUT` and `PATCH` requests require the user to have the `change` permission on the model.
 * `DELETE` requests require the user to have the `delete` permission on the model.
  
+If you want to use `DjangoModelPermissions` but also allow unauthenticated users to have read permission, override the class and set the `authenticated_users_only` property to `False`.  For example:
+
+    class HasModelPermissionsOrReadOnly(DjangoModelPermissions):
+        authenticated_users_only = False
+
 The default behaviour can also be overridden to support custom model permissions.  For example, you might want to include a `view` model permission for `GET` requests.
 
 To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property.  Refer to the source code for details.

docs/api-guide/serializers.md

@@ -93,6 +93,8 @@ To serialize a queryset instead of an object instance, you should pass the `many
 
 When deserializing data, you always need to call `is_valid()` before attempting to access the deserialized object.  If any validation errors occur, the `.errors` and `.non_field_errors` properties will contain the resulting error messages.
 
+When deserialising a list of items, errors will be returned as a list of tuples. The first item in an error tuple will be the index of the item with the error in the original data; The second item in the tuple will be a dict with the individual errors for that item.
+
 ### Field-level validation
 
 You can specify custom field-level validation by adding `.validate_<fieldname>` methods to your `Serializer` subclass. These are analagous to `.clean_<fieldname>` methods on Django forms, but accept slightly different arguments.

docs/api-guide/settings.md

@@ -34,7 +34,11 @@ The `api_settings` object will check for any user-defined settings, and otherwis
 
 # API Reference
 
-## DEFAULT_RENDERER_CLASSES
+## API policy settings
+
+*The following settings control the basic API policies, and are applied to every `APIView` class based view, or `@api_view` function based view.*
+
+#### DEFAULT_RENDERER_CLASSES
 
 A list or tuple of renderer classes, that determines the default set of renderers that may be used when returning a `Response` object.
 
@@ -45,7 +49,7 @@ Default:
         'rest_framework.renderers.BrowsableAPIRenderer',
     )
 
-## DEFAULT_PARSER_CLASSES
+#### DEFAULT_PARSER_CLASSES
 
 A list or tuple of parser classes, that determines the default set of parsers used when accessing the `request.DATA` property.
 
@@ -57,7 +61,7 @@ Default:
         'rest_framework.parsers.MultiPartParser'
     )
 
-## DEFAULT_AUTHENTICATION_CLASSES
+#### DEFAULT_AUTHENTICATION_CLASSES
 
 A list or tuple of authentication classes, that determines the default set of authenticators used when accessing the `request.user` or `request.auth` properties.
 
@@ -68,7 +72,7 @@ Default:
         'rest_framework.authentication.BasicAuthentication'
     )
 
-## DEFAULT_PERMISSION_CLASSES
+#### DEFAULT_PERMISSION_CLASSES
 
 A list or tuple of permission classes, that determines the default set of permissions checked at the start of a view.
 
@@ -78,59 +82,77 @@ Default:
         'rest_framework.permissions.AllowAny',
     )
 
-## DEFAULT_THROTTLE_CLASSES
+#### DEFAULT_THROTTLE_CLASSES
 
 A list or tuple of throttle classes, that determines the default set of throttles checked at the start of a view.
 
 Default: `()`
 
-## DEFAULT_CONTENT_NEGOTIATION_CLASS
+#### DEFAULT_CONTENT_NEGOTIATION_CLASS
 
 A content negotiation class, that determines how a renderer is selected for the response, given an incoming request.
 
 Default: `'rest_framework.negotiation.DefaultContentNegotiation'`
 
-## DEFAULT_MODEL_SERIALIZER_CLASS
+---
+
+## Generic view settings
+
+*The following settings control the behavior of the generic class based views.*
+
+#### DEFAULT_MODEL_SERIALIZER_CLASS
 
 A class that determines the default type of model serializer that should be used by a generic view if `model` is specified, but `serializer_class` is not provided.
 
 Default: `'rest_framework.serializers.ModelSerializer'`
 
-## DEFAULT_PAGINATION_SERIALIZER_CLASS
+#### DEFAULT_PAGINATION_SERIALIZER_CLASS
 
 A class the determines the default serialization style for paginated responses.
 
 Default: `rest_framework.pagination.PaginationSerializer`
 
-## FILTER_BACKEND
+#### FILTER_BACKEND
 
 The filter backend class that should be used for generic filtering.  If set to `None` then generic filtering is disabled.
 
-## PAGINATE_BY
+#### PAGINATE_BY
 
 The default page size to use for pagination.  If set to `None`, pagination is disabled by default.
 
 Default: `None`
 
-## PAGINATE_BY_PARAM
+#### PAGINATE_BY_PARAM
 
 The name of a query parameter, which can be used by the client to overide the default page size to use for pagination.  If set to `None`, clients may not override the default page size.
 
 Default: `None`
 
-## UNAUTHENTICATED_USER
+---
+
+## Authentication settings
+
+*The following settings control the behavior of unauthenticated requests.*
+
+#### UNAUTHENTICATED_USER
 
 The class that should be used to initialize `request.user` for unauthenticated requests.
 
 Default: `django.contrib.auth.models.AnonymousUser`
 
-## UNAUTHENTICATED_TOKEN
+#### UNAUTHENTICATED_TOKEN
 
 The class that should be used to initialize `request.auth` for unauthenticated requests.
 
 Default: `None`
 
-## FORM_METHOD_OVERRIDE
+---
+
+## Browser overrides
+
+*The following settings provide URL or form-based overrides of the default browser behavior.*
+
+#### FORM_METHOD_OVERRIDE
 
 The name of a form field that may be used to override the HTTP method of the form.
 
@@ -138,7 +160,7 @@ If the value of this setting is `None` then form method overloading will be disa
 
 Default: `'_method'`
 
-## FORM_CONTENT_OVERRIDE
+#### FORM_CONTENT_OVERRIDE
 
 The name of a form field that may be used to override the content of the form payload.  Must be used together with `FORM_CONTENTTYPE_OVERRIDE`.
 
@@ -146,7 +168,7 @@ If either setting is `None` then form content overloading will be disabled.
 
 Default: `'_content'`
 
-## FORM_CONTENTTYPE_OVERRIDE
+#### FORM_CONTENTTYPE_OVERRIDE
 
 The name of a form field that may be used to override the content type of the form payload.  Must be used together with `FORM_CONTENT_OVERRIDE`.
 
@@ -154,7 +176,7 @@ If either setting is `None` then form content overloading will be disabled.
 
 Default: `'_content_type'`
 
-## URL_ACCEPT_OVERRIDE
+#### URL_ACCEPT_OVERRIDE
 
 The name of a URL parameter that may be used to override the HTTP `Accept` header.
 
@@ -162,13 +184,59 @@ If the value of this setting is `None` then URL accept overloading will be disab
 
 Default: `'accept'`
 
-## URL_FORMAT_OVERRIDE
+#### URL_FORMAT_OVERRIDE
 
 The name of a URL parameter that may be used to override the default `Accept` header based content negotiation.
 
 Default: `'format'`
 
-## FORMAT_SUFFIX_KWARG
+---
+
+## Date/Time formatting
+
+*The following settings are used to control how date and time representations may be parsed and rendered.*
+
+#### DATETIME_FORMAT
+
+A format string that should be used by default for rendering the output of `DateTimeField` serializer fields.
+
+Default: `'iso-8601'`
+
+#### DATETIME_INPUT_FORMATS
+
+A list of format strings that should be used by default for parsing inputs to `DateTimeField` serializer fields.
+
+Default: `['iso-8601']`
+
+#### DATE_FORMAT
+
+A format string that should be used by default for rendering the output of `DateField` serializer fields.
+
+Default: `'iso-8601'`
+
+#### DATE_INPUT_FORMATS
+
+A list of format strings that should be used by default for parsing inputs to `DateField` serializer fields.
+
+Default: `['iso-8601']`
+
+#### TIME_FORMAT
+
+A format string that should be used by default for rendering the output of `TimeField` serializer fields.
+
+Default: `'iso-8601'`
+
+#### TIME_INPUT_FORMATS
+
+A list of format strings that should be used by default for parsing inputs to `TimeField` serializer fields.
+
+Default: `['iso-8601']`
+
+---
+
+## Miscellaneous settings
+
+#### FORMAT_SUFFIX_KWARG
 
 The name of a parameter in the URL conf that may be used to provide a format suffix.
 

docs/css/default.css

@@ -47,7 +47,7 @@ body.index-page #main-content iframe.twitter-share-button {
 body.index-page #main-content img.travis-build-image {
     float: right;
     margin-right: 8px;
-    margin-top: -9px;
+    margin-top: -11px;
     margin-bottom: 0px;
 }
 

docs/index.md

@@ -133,6 +133,10 @@ Run the tests:
 
     ./rest_framework/runtests/runtests.py
 
+To run the tests against all supported configurations, first install [the tox testing tool][tox] globally, using `pip install tox`, then simply run `tox`: 
+
+    tox
+
 ## Support
 
 For support please see the [REST framework discussion group][group], try the  `#restframework` channel on `irc.freenode.net`, or raise a  question on [Stack Overflow][stack-overflow], making sure to include the ['django-rest-framework'][django-rest-framework-tag] tag.
@@ -218,6 +222,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 [release-notes]: topics/release-notes.md
 [credits]: topics/credits.md
 
+[tox]: http://testrun.org/tox/latest/
+
 [group]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework
 [stack-overflow]: http://stackoverflow.com/
 [django-rest-framework-tag]: http://stackoverflow.com/questions/tagged/django-rest-framework

docs/topics/credits.md

@@ -107,6 +107,8 @@ The following people have helped make REST framework great.
 * Ryan Detzel - [ryanrdetzel]
 * Omer Katz - [thedrow]
 * Wiliam Souza - [waa]
+* Jonas Braun - [iekadou]
+* Ian Dash - [bitmonkey]
 
 Many thanks to everyone who's contributed to the project.
 
@@ -248,3 +250,5 @@ You can also contact [@_tomchristie][twitter] directly on twitter.
 [ryanrdetzel]: https://github.com/ryanrdetzel
 [thedrow]: https://github.com/thedrow
 [waa]: https://github.com/wiliamsouza
+[iekadou]: https://github.com/iekadou
+[bitmonkey]: https://github.com/bitmonkey

docs/topics/release-notes.md

@@ -42,9 +42,26 @@ You can determine your currently installed version using `pip freeze`:
 
 ### Master
 
-* Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior.  Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view.
+* Filtering backends are now applied to the querysets for object lookups as well as lists.  (Eg you can use a filtering backend to control which objects should 404)
+* Deal with error data nicely when deserializing lists of objects.
+* Extra override hook to configure `DjangoModelPermissions` for unauthenticated users.
+* Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed.
+
+### 2.2.3
+
+**Date**: 7th March 2013
+
+* Bugfix: Fix None values for for `DateField`, `DateTimeField` and `TimeField`.
+
+### 2.2.2
+
+**Date**: 6th March 2013
+
+* Support for custom input and output formats for `DateField`, `DateTimeField` and `TimeField`.
+* Cleanup: Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior.  Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view.
 * Bugfix for serializer data being uncacheable with pickle protocol 0.
 * Bugfixes for model field validation edge-cases.
+* Bugfix for authtoken migration while using a custom user model and south.
 
 ### 2.2.1
 

rest_framework/__init__.py

@@ -1,6 +1,9 @@
-__version__ = '2.2.1'
+__version__ = '2.2.3'
 
 VERSION = __version__  # synonym
 
 # Header encoding (see RFC5987)
 HTTP_HEADER_ENCODING = 'iso-8859-1'
+
+# Default datetime input and output formats
+ISO_8601 = 'iso-8601'

rest_framework/authtoken/migrations/0001_initial.py

@@ -4,6 +4,8 @@ from south.db import db
 from south.v2 import SchemaMigration
 from django.db import models
 
+from rest_framework.settings import api_settings
+
 
 try:
     from django.contrib.auth import get_user_model
@@ -45,20 +47,7 @@ class Migration(SchemaMigration):
             'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
         },
         "%s.%s" % (User._meta.app_label, User._meta.module_name): {
-            'Meta': {'object_name': 'User'},
-            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
-            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
-            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
-            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
-            'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
-            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
-            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
-            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
-            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
-            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
-            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
-            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': "orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
-            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+            'Meta': {'object_name': User._meta.module_name},
         },
         'authtoken.token': {
             'Meta': {'object_name': 'Token'},

rest_framework/authtoken/models.py

@@ -2,6 +2,7 @@ import uuid
 import hmac
 from hashlib import sha1
 from rest_framework.compat import User
+from django.conf import settings
 from django.db import models
 
 
@@ -13,6 +14,14 @@ class Token(models.Model):
     user = models.OneToOneField(User, related_name='auth_token')
     created = models.DateTimeField(auto_now_add=True)
 
+    class Meta:
+        # Work around for a bug in Django:
+        # https://code.djangoproject.com/ticket/19422
+        #
+        # Also see corresponding ticket:
+        # https://github.com/tomchristie/django-rest-framework/issues/705
+        abstract = 'rest_framework.authtoken' not in settings.INSTALLED_APPS
+
     def save(self, *args, **kwargs):
         if not self.key:
             self.key = self.generate_key()

rest_framework/fields.py

@@ -13,12 +13,13 @@ from django import forms
 from django.forms import widgets
 from django.utils.encoding import is_protected_type
 from django.utils.translation import ugettext_lazy as _
-from rest_framework.compat import parse_date, parse_datetime
-from rest_framework.compat import timezone
+
+from rest_framework import ISO_8601
+from rest_framework.compat import timezone, parse_date, parse_datetime, parse_time
 from rest_framework.compat import BytesIO
 from rest_framework.compat import six
 from rest_framework.compat import smart_text
-from rest_framework.compat import parse_time
+from rest_framework.settings import api_settings
 
 
 def is_simple_callable(obj):
@@ -50,6 +51,46 @@ def get_component(obj, attr_name):
     return val
 
 
+def readable_datetime_formats(formats):
+    format = ', '.join(formats).replace(ISO_8601, 'YYYY-MM-DDThh:mm[:ss[.uuuuuu]][+HHMM|-HHMM|Z]')
+    return humanize_strptime(format)
+
+
+def readable_date_formats(formats):
+    format = ', '.join(formats).replace(ISO_8601, 'YYYY[-MM[-DD]]')
+    return humanize_strptime(format)
+
+
+def readable_time_formats(formats):
+    format = ', '.join(formats).replace(ISO_8601, 'hh:mm[:ss[.uuuuuu]]')
+    return humanize_strptime(format)
+
+
+def humanize_strptime(format_string):
+    # Note that we're missing some of the locale specific mappings that
+    # don't really make sense.
+    mapping = {
+        "%Y": "YYYY",
+        "%y": "YY",
+        "%m": "MM",
+        "%b": "[Jan-Dec]",
+        "%B": "[January-December]",
+        "%d": "DD",
+        "%H": "hh",
+        "%I": "hh",  # Requires '%p' to differentiate from '%H'.
+        "%M": "mm",
+        "%S": "ss",
+        "%f": "uuuuuu",
+        "%a": "[Mon-Sun]",
+        "%A": "[Monday-Sunday]",
+        "%p": "[AM|PM]",
+        "%z": "[+HHMM|-HHMM]"
+    }
+    for key, val in mapping.items():
+        format_string = format_string.replace(key, val)
+    return format_string
+
+
 class Field(object):
     read_only = True
     creation_counter = 0
@@ -447,12 +488,16 @@ class DateField(WritableField):
     form_field_class = forms.DateField
 
     default_error_messages = {
-        'invalid': _("'%s' value has an invalid date format. It must be "
-                     "in YYYY-MM-DD format."),
-        'invalid_date': _("'%s' value has the correct format (YYYY-MM-DD) "
-                          "but it is an invalid date."),
+        'invalid': _("Date has wrong format. Use one of these formats instead: %s"),
     }
     empty = None
+    input_formats = api_settings.DATE_INPUT_FORMATS
+    format = api_settings.DATE_FORMAT
+
+    def __init__(self, input_formats=None, format=None, *args, **kwargs):
+        self.input_formats = input_formats if input_formats is not None else self.input_formats
+        self.format = format if format is not None else self.format
+        super(DateField, self).__init__(*args, **kwargs)
 
     def from_native(self, value):
         if value in validators.EMPTY_VALUES:
@@ -468,17 +513,37 @@ class DateField(WritableField):
         if isinstance(value, datetime.date):
             return value
 
-        try:
-            parsed = parse_date(value)
-            if parsed is not None:
-                return parsed
-        except (ValueError, TypeError):
-            msg = self.error_messages['invalid_date'] % value
-            raise ValidationError(msg)
+        for format in self.input_formats:
+            if format.lower() == ISO_8601:
+                try:
+                    parsed = parse_date(value)
+                except (ValueError, TypeError):
+                    pass
+                else:
+                    if parsed is not None:
+                        return parsed
+            else:
+                try:
+                    parsed = datetime.datetime.strptime(value, format)
+                except (ValueError, TypeError):
+                    pass
+                else:
+                    return parsed.date()
 
-        msg = self.error_messages['invalid'] % value
+        msg = self.error_messages['invalid'] % readable_date_formats(self.input_formats)
         raise ValidationError(msg)
 
+    def to_native(self, value):
+        if value is None:
+            return None
+
+        if isinstance(value, datetime.datetime):
+            value = value.date()
+
+        if self.format.lower() == ISO_8601:
+            return value.isoformat()
+        return value.strftime(self.format)
+
 
 class DateTimeField(WritableField):
     type_name = 'DateTimeField'
@@ -486,15 +551,16 @@ class DateTimeField(WritableField):
     form_field_class = forms.DateTimeField
 
     default_error_messages = {
-        'invalid': _("'%s' value has an invalid format. It must be in "
-                     "YYYY-MM-DD HH:MM[:ss[.uuuuuu]][TZ] format."),
-        'invalid_date': _("'%s' value has the correct format "
-                          "(YYYY-MM-DD) but it is an invalid date."),
-        'invalid_datetime': _("'%s' value has the correct format "
-                              "(YYYY-MM-DD HH:MM[:ss[.uuuuuu]][TZ]) "
-                              "but it is an invalid date/time."),
+        'invalid': _("Datetime has wrong format. Use one of these formats instead: %s"),
     }
     empty = None
+    input_formats = api_settings.DATETIME_INPUT_FORMATS
+    format = api_settings.DATETIME_FORMAT
+
+    def __init__(self, input_formats=None, format=None, *args, **kwargs):
+        self.input_formats = input_formats if input_formats is not None else self.input_formats
+        self.format = format if format is not None else self.format
+        super(DateTimeField, self).__init__(*args, **kwargs)
 
     def from_native(self, value):
         if value in validators.EMPTY_VALUES:
@@ -516,25 +582,34 @@ class DateTimeField(WritableField):
                 value = timezone.make_aware(value, default_timezone)
             return value
 
-        try:
-            parsed = parse_datetime(value)
-            if parsed is not None:
-                return parsed
-        except (ValueError, TypeError):
-            msg = self.error_messages['invalid_datetime'] % value
-            raise ValidationError(msg)
+        for format in self.input_formats:
+            if format.lower() == ISO_8601:
+                try:
+                    parsed = parse_datetime(value)
+                except (ValueError, TypeError):
+                    pass
+                else:
+                    if parsed is not None:
+                        return parsed
+            else:
+                try:
+                    parsed = datetime.datetime.strptime(value, format)
+                except (ValueError, TypeError):
+                    pass
+                else:
+                    return parsed
 
-        try:
-            parsed = parse_date(value)
-            if parsed is not None:
-                return datetime.datetime(parsed.year, parsed.month, parsed.day)
-        except (ValueError, TypeError):
-            msg = self.error_messages['invalid_date'] % value
-            raise ValidationError(msg)
-
-        msg = self.error_messages['invalid'] % value
+        msg = self.error_messages['invalid'] % readable_datetime_formats(self.input_formats)
         raise ValidationError(msg)
 
+    def to_native(self, value):
+        if value is None:
+            return None
+
+        if self.format.lower() == ISO_8601:
+            return value.isoformat()
+        return value.strftime(self.format)
+
 
 class TimeField(WritableField):
     type_name = 'TimeField'
@@ -542,10 +617,16 @@ class TimeField(WritableField):
     form_field_class = forms.TimeField
 
     default_error_messages = {
-        'invalid': _("'%s' value has an invalid format. It must be a valid "
-                     "time in the HH:MM[:ss[.uuuuuu]] format."),
+        'invalid': _("Time has wrong format. Use one of these formats instead: %s"),
     }
     empty = None
+    input_formats = api_settings.TIME_INPUT_FORMATS
+    format = api_settings.TIME_FORMAT
+
+    def __init__(self, input_formats=None, format=None, *args, **kwargs):
+        self.input_formats = input_formats if input_formats is not None else self.input_formats
+        self.format = format if format is not None else self.format
+        super(TimeField, self).__init__(*args, **kwargs)
 
     def from_native(self, value):
         if value in validators.EMPTY_VALUES:
@@ -554,13 +635,36 @@ class TimeField(WritableField):
         if isinstance(value, datetime.time):
             return value
 
-        try:
-            parsed = parse_time(value)
-            assert parsed is not None
-            return parsed
-        except (ValueError, TypeError):
-            msg = self.error_messages['invalid'] % value
-            raise ValidationError(msg)
+        for format in self.input_formats:
+            if format.lower() == ISO_8601:
+                try:
+                    parsed = parse_time(value)
+                except (ValueError, TypeError):
+                    pass
+                else:
+                    if parsed is not None:
+                        return parsed
+            else:
+                try:
+                    parsed = datetime.datetime.strptime(value, format)
+                except (ValueError, TypeError):
+                    pass
+                else:
+                    return parsed.time()
+
+        msg = self.error_messages['invalid'] % readable_time_formats(self.input_formats)
+        raise ValidationError(msg)
+
+    def to_native(self, value):
+        if value is None:
+            return None
+
+        if isinstance(value, datetime.datetime):
+            value = value.time()
+
+        if self.format.lower() == ISO_8601:
+            return value.isoformat()
+        return value.strftime(self.format)
 
 
 class IntegerField(WritableField):

rest_framework/generics.py

@@ -18,6 +18,16 @@ class GenericAPIView(views.APIView):
     model = None
     serializer_class = None
     model_serializer_class = api_settings.DEFAULT_MODEL_SERIALIZER_CLASS
+    filter_backend = api_settings.FILTER_BACKEND
+
+    def filter_queryset(self, queryset):
+        """
+        Given a queryset, filter it with whichever filter backend is in use.
+        """
+        if not self.filter_backend:
+            return queryset
+        backend = self.filter_backend()
+        return backend.filter_queryset(self.request, queryset, self)
 
     def get_serializer_context(self):
         """
@@ -81,16 +91,6 @@ class MultipleObjectAPIView(MultipleObjectMixin, GenericAPIView):
     paginate_by = api_settings.PAGINATE_BY
     paginate_by_param = api_settings.PAGINATE_BY_PARAM
     pagination_serializer_class = api_settings.DEFAULT_PAGINATION_SERIALIZER_CLASS
-    filter_backend = api_settings.FILTER_BACKEND
-
-    def filter_queryset(self, queryset):
-        """
-        Given a queryset, filter it with whichever filter backend is in use.
-        """
-        if not self.filter_backend:
-            return queryset
-        backend = self.filter_backend()
-        return backend.filter_queryset(self.request, queryset, self)
 
     def get_pagination_serializer(self, page=None):
         """

rest_framework/mixins.py

@@ -97,7 +97,9 @@ class RetrieveModelMixin(object):
     Should be mixed in with `SingleObjectAPIView`.
     """
     def retrieve(self, request, *args, **kwargs):
-        self.object = self.get_object()
+        queryset = self.get_queryset()
+        filtered_queryset = self.filter_queryset(queryset)
+        self.object = self.get_object(filtered_queryset)
         serializer = self.get_serializer(self.object)
         return Response(serializer.data)
 

rest_framework/permissions.py

@@ -102,6 +102,8 @@ class DjangoModelPermissions(BasePermission):
         'DELETE': ['%(app_label)s.delete_%(model_name)s'],
     }
 
+    authenticated_users_only = True
+
     def get_required_permissions(self, method, model_cls):
         """
         Given a model and an HTTP method, return the list of permission
@@ -115,13 +117,18 @@ class DjangoModelPermissions(BasePermission):
 
     def has_permission(self, request, view):
         model_cls = getattr(view, 'model', None)
-        if not model_cls:
-            return True
+        queryset = getattr(view, 'queryset', None)
+
+        if model_cls is None and queryset is not None:
+            model_cls = queryset.model
+
+        assert model_cls, ('Cannot apply DjangoModelPermissions on a view that'
+                           ' does not have `.model` or `.queryset` property.')
 
         perms = self.get_required_permissions(request.method, model_cls)
 
         if (request.user and
-            request.user.is_authenticated() and
+            (request.user.is_authenticated() or not self.authenticated_users_only) and
             request.user.has_perms(perms)):
             return True
         return False

rest_framework/serializers.py

@@ -7,8 +7,7 @@ from django.core.paginator import Page
 from django.db import models
 from django.forms import widgets
 from django.utils.datastructures import SortedDict
-from rest_framework.compat import get_concrete_model
-from rest_framework.compat import six
+from rest_framework.compat import get_concrete_model, six
 
 # Note: We do the following so that users of the framework can use this style:
 #
@@ -289,10 +288,6 @@ class BaseSerializer(WritableField):
         """
         Deserialize primitives -> objects.
         """
-        if hasattr(data, '__iter__') and not isinstance(data, (dict, six.text_type)):
-            # TODO: error data when deserializing lists
-            return [self.from_native(item, None) for item in data]
-
         self._errors = {}
         if data is not None or files is not None:
             attrs = self.restore_fields(data, files)
@@ -334,7 +329,7 @@ class BaseSerializer(WritableField):
         if self.many is not None:
             many = self.many
         else:
-            many = hasattr(obj, '__iter__') and not isinstance(obj, (Page, dict))
+            many = hasattr(obj, '__iter__') and not isinstance(obj, (Page, dict, six.text_type))
 
         if many:
             return [self.to_native(item) for item in obj]
@@ -352,19 +347,25 @@ class BaseSerializer(WritableField):
             if self.many is not None:
                 many = self.many
             else:
-                many = hasattr(data, '__iter__') and not isinstance(data, (Page, dict))
+                many = hasattr(data, '__iter__') and not isinstance(data, (Page, dict, six.text_type))
                 if many:
                     warnings.warn('Implict list/queryset serialization is due to be deprecated. '
                                   'Use the `many=True` flag when instantiating the serializer.',
                                   PendingDeprecationWarning, stacklevel=3)
 
-            # TODO: error data when deserializing lists
             if many:
-                ret = [self.from_native(item, None) for item in data]
-            ret = self.from_native(data, files)
+                ret = []
+                errors = []
+                for item in data:
+                    ret.append(self.from_native(item, None))
+                    errors.append(self._errors)
+                self._errors = any(errors) and errors or []
+            else:
+                ret = self.from_native(data, files)
 
             if not self._errors:
                 self.object = ret
+
         return self._errors
 
     def is_valid(self):
@@ -394,11 +395,17 @@ class BaseSerializer(WritableField):
 
         return self._data
 
+    def save_object(self, obj):
+        obj.save()
+
     def save(self):
         """
         Save the deserialized object and return it.
         """
-        self.object.save()
+        if isinstance(self.object, list):
+            [self.save_object(item) for item in self.object]
+        else:
+            self.save_object(self.object)
         return self.object
 
 
@@ -643,15 +650,18 @@ class ModelSerializer(Serializer):
         if instance:
             return self.full_clean(instance)
 
-    def _save(self, parent=None, fk_field=None):
+    def save_object(self, obj, parent=None, fk_field=None):
+        """
+        Save the deserialized object and return it.
+        """
         if self._delete:
-            self.object.delete()
+            obj.delete()
             return
 
         if parent and fk_field:
-            setattr(self.object, fk_field, parent)
+            setattr(obj, fk_field, parent)
 
-        self.object.save()
+        obj.save()
 
         if getattr(self, 'm2m_data', None):
             for accessor_name, object_list in self.m2m_data.items():
@@ -662,17 +672,10 @@ class ModelSerializer(Serializer):
             for accessor_name, object_list in self.related_data.items():
                 if isinstance(object_list, ModelSerializer):
                     fk_field = self.object._meta.get_field_by_name(accessor_name)[0].field.name
-                    object_list._save(parent=self.object, fk_field=fk_field)
+                    object_list.save_object(object_list.object, parent=self.object, fk_field=fk_field)
                 else:
                     setattr(self.object, accessor_name, object_list)
             self.related_data = {}
-            
-    def save(self):
-        """
-        Save the deserialized object and return it.
-        """
-        self._save()
-        return self.object
 
 
 class HyperlinkedModelSerializerOptions(ModelSerializerOptions):

rest_framework/settings.py

@@ -18,8 +18,11 @@ REST framework settings, checking for user settings first, then falling
 back to the defaults.
 """
 from __future__ import unicode_literals
+
 from django.conf import settings
 from django.utils import importlib
+
+from rest_framework import ISO_8601
 from rest_framework.compat import six
 
 
@@ -76,6 +79,22 @@ DEFAULTS = {
     'URL_FORMAT_OVERRIDE': 'format',
 
     'FORMAT_SUFFIX_KWARG': 'format',
+
+    # Input and output formats
+    'DATE_INPUT_FORMATS': (
+        ISO_8601,
+    ),
+    'DATE_FORMAT': ISO_8601,
+
+    'DATETIME_INPUT_FORMATS': (
+        ISO_8601,
+    ),
+    'DATETIME_FORMAT': ISO_8601,
+
+    'TIME_INPUT_FORMATS': (
+        ISO_8601,
+    ),
+    'TIME_FORMAT': ISO_8601,
 }
 
 

rest_framework/tests/fields.py

@@ -3,9 +3,11 @@ General serializer field tests.
 """
 from __future__ import unicode_literals
 import datetime
+
 from django.db import models
 from django.test import TestCase
 from django.core import validators
+
 from rest_framework import serializers
 
 
@@ -59,37 +61,384 @@ class BasicFieldTests(TestCase):
         serializer = CharPrimaryKeyModelSerializer()
         self.assertEqual(serializer.fields['id'].read_only, False)
 
-    def test_TimeField_from_native(self):
+
+class DateFieldTest(TestCase):
+    """
+    Tests for the DateFieldTest from_native() and to_native() behavior
+    """
+
+    def test_from_native_string(self):
+        """
+        Make sure from_native() accepts default iso input formats.
+        """
+        f = serializers.DateField()
+        result_1 = f.from_native('1984-07-31')
+
+        self.assertEqual(datetime.date(1984, 7, 31), result_1)
+
+    def test_from_native_datetime_date(self):
+        """
+        Make sure from_native() accepts a datetime.date instance.
+        """
+        f = serializers.DateField()
+        result_1 = f.from_native(datetime.date(1984, 7, 31))
+
+        self.assertEqual(result_1, datetime.date(1984, 7, 31))
+
+    def test_from_native_custom_format(self):
+        """
+        Make sure from_native() accepts custom input formats.
+        """
+        f = serializers.DateField(input_formats=['%Y -- %d'])
+        result = f.from_native('1984 -- 31')
+
+        self.assertEqual(datetime.date(1984, 1, 31), result)
+
+    def test_from_native_invalid_default_on_custom_format(self):
+        """
+        Make sure from_native() don't accept default formats if custom format is preset
+        """
+        f = serializers.DateField(input_formats=['%Y -- %d'])
+
+        try:
+            f.from_native('1984-07-31')
+        except validators.ValidationError as e:
+            self.assertEqual(e.messages, ["Date has wrong format. Use one of these formats instead: YYYY -- DD"])
+        else:
+            self.fail("ValidationError was not properly raised")
+
+    def test_from_native_empty(self):
+        """
+        Make sure from_native() returns None on empty param.
+        """
+        f = serializers.DateField()
+        result = f.from_native('')
+
+        self.assertEqual(result, None)
+
+    def test_from_native_none(self):
+        """
+        Make sure from_native() returns None on None param.
+        """
+        f = serializers.DateField()
+        result = f.from_native(None)
+
+        self.assertEqual(result, None)
+
+    def test_from_native_invalid_date(self):
+        """
+        Make sure from_native() raises a ValidationError on passing an invalid date.
+        """
+        f = serializers.DateField()
+
+        try:
+            f.from_native('1984-13-31')
+        except validators.ValidationError as e:
+            self.assertEqual(e.messages, ["Date has wrong format. Use one of these formats instead: YYYY[-MM[-DD]]"])
+        else:
+            self.fail("ValidationError was not properly raised")
+
+    def test_from_native_invalid_format(self):
+        """
+        Make sure from_native() raises a ValidationError on passing an invalid format.
+        """
+        f = serializers.DateField()
+
+        try:
+            f.from_native('1984 -- 31')
+        except validators.ValidationError as e:
+            self.assertEqual(e.messages, ["Date has wrong format. Use one of these formats instead: YYYY[-MM[-DD]]"])
+        else:
+            self.fail("ValidationError was not properly raised")
+
+    def test_to_native(self):
+        """
+        Make sure to_native() returns isoformat as default.
+        """
+        f = serializers.DateField()
+
+        result_1 = f.to_native(datetime.date(1984, 7, 31))
+
+        self.assertEqual('1984-07-31', result_1)
+
+    def test_to_native_custom_format(self):
+        """
+        Make sure to_native() returns correct custom format.
+        """
+        f = serializers.DateField(format="%Y - %m.%d")
+
+        result_1 = f.to_native(datetime.date(1984, 7, 31))
+
+        self.assertEqual('1984 - 07.31', result_1)
+
+    def test_to_native_none(self):
+        """
+        Make sure from_native() returns None on None param.
+        """
+        f = serializers.DateField(required=False)
+        self.assertEqual(None, f.to_native(None))
+
+
+class DateTimeFieldTest(TestCase):
+    """
+    Tests for the DateTimeField from_native() and to_native() behavior
+    """
+
+    def test_from_native_string(self):
+        """
+        Make sure from_native() accepts default iso input formats.
+        """
+        f = serializers.DateTimeField()
+        result_1 = f.from_native('1984-07-31 04:31')
+        result_2 = f.from_native('1984-07-31 04:31:59')
+        result_3 = f.from_native('1984-07-31 04:31:59.000200')
+
+        self.assertEqual(datetime.datetime(1984, 7, 31, 4, 31), result_1)
+        self.assertEqual(datetime.datetime(1984, 7, 31, 4, 31, 59), result_2)
+        self.assertEqual(datetime.datetime(1984, 7, 31, 4, 31, 59, 200), result_3)
+
+    def test_from_native_datetime_datetime(self):
+        """
+        Make sure from_native() accepts a datetime.datetime instance.
+        """
+        f = serializers.DateTimeField()
+        result_1 = f.from_native(datetime.datetime(1984, 7, 31, 4, 31))
+        result_2 = f.from_native(datetime.datetime(1984, 7, 31, 4, 31, 59))
+        result_3 = f.from_native(datetime.datetime(1984, 7, 31, 4, 31, 59, 200))
+
+        self.assertEqual(result_1, datetime.datetime(1984, 7, 31, 4, 31))
+        self.assertEqual(result_2, datetime.datetime(1984, 7, 31, 4, 31, 59))
+        self.assertEqual(result_3, datetime.datetime(1984, 7, 31, 4, 31, 59, 200))
+
+    def test_from_native_custom_format(self):
+        """
+        Make sure from_native() accepts custom input formats.
+        """
+        f = serializers.DateTimeField(input_formats=['%Y -- %H:%M'])
+        result = f.from_native('1984 -- 04:59')
+
+        self.assertEqual(datetime.datetime(1984, 1, 1, 4, 59), result)
+
+    def test_from_native_invalid_default_on_custom_format(self):
+        """
+        Make sure from_native() don't accept default formats if custom format is preset
+        """
+        f = serializers.DateTimeField(input_formats=['%Y -- %H:%M'])
+
+        try:
+            f.from_native('1984-07-31 04:31:59')
+        except validators.ValidationError as e:
+            self.assertEqual(e.messages, ["Datetime has wrong format. Use one of these formats instead: YYYY -- hh:mm"])
+        else:
+            self.fail("ValidationError was not properly raised")
+
+    def test_from_native_empty(self):
+        """
+        Make sure from_native() returns None on empty param.
+        """
+        f = serializers.DateTimeField()
+        result = f.from_native('')
+
+        self.assertEqual(result, None)
+
+    def test_from_native_none(self):
+        """
+        Make sure from_native() returns None on None param.
+        """
+        f = serializers.DateTimeField()
+        result = f.from_native(None)
+
+        self.assertEqual(result, None)
+
+    def test_from_native_invalid_datetime(self):
+        """
+        Make sure from_native() raises a ValidationError on passing an invalid datetime.
+        """
+        f = serializers.DateTimeField()
+
+        try:
+            f.from_native('04:61:59')
+        except validators.ValidationError as e:
+            self.assertEqual(e.messages, ["Datetime has wrong format. Use one of these formats instead: "
+                                          "YYYY-MM-DDThh:mm[:ss[.uuuuuu]][+HHMM|-HHMM|Z]"])
+        else:
+            self.fail("ValidationError was not properly raised")
+
+    def test_from_native_invalid_format(self):
+        """
+        Make sure from_native() raises a ValidationError on passing an invalid format.
+        """
+        f = serializers.DateTimeField()
+
+        try:
+            f.from_native('04 -- 31')
+        except validators.ValidationError as e:
+            self.assertEqual(e.messages, ["Datetime has wrong format. Use one of these formats instead: "
+                                          "YYYY-MM-DDThh:mm[:ss[.uuuuuu]][+HHMM|-HHMM|Z]"])
+        else:
+            self.fail("ValidationError was not properly raised")
+
+    def test_to_native(self):
+        """
+        Make sure to_native() returns isoformat as default.
+        """
+        f = serializers.DateTimeField()
+
+        result_1 = f.to_native(datetime.datetime(1984, 7, 31))
+        result_2 = f.to_native(datetime.datetime(1984, 7, 31, 4, 31))
+        result_3 = f.to_native(datetime.datetime(1984, 7, 31, 4, 31, 59))
+        result_4 = f.to_native(datetime.datetime(1984, 7, 31, 4, 31, 59, 200))
+
+        self.assertEqual('1984-07-31T00:00:00', result_1)
+        self.assertEqual('1984-07-31T04:31:00', result_2)
+        self.assertEqual('1984-07-31T04:31:59', result_3)
+        self.assertEqual('1984-07-31T04:31:59.000200', result_4)
+
+    def test_to_native_custom_format(self):
+        """
+        Make sure to_native() returns correct custom format.
+        """
+        f = serializers.DateTimeField(format="%Y - %H:%M")
+
+        result_1 = f.to_native(datetime.datetime(1984, 7, 31))
+        result_2 = f.to_native(datetime.datetime(1984, 7, 31, 4, 31))
+        result_3 = f.to_native(datetime.datetime(1984, 7, 31, 4, 31, 59))
+        result_4 = f.to_native(datetime.datetime(1984, 7, 31, 4, 31, 59, 200))
+
+        self.assertEqual('1984 - 00:00', result_1)
+        self.assertEqual('1984 - 04:31', result_2)
+        self.assertEqual('1984 - 04:31', result_3)
+        self.assertEqual('1984 - 04:31', result_4)
+
+    def test_to_native_none(self):
+        """
+        Make sure from_native() returns None on None param.
+        """
+        f = serializers.DateTimeField(required=False)
+        self.assertEqual(None, f.to_native(None))
+
+
+class TimeFieldTest(TestCase):
+    """
+    Tests for the TimeField from_native() and to_native() behavior
+    """
+
+    def test_from_native_string(self):
+        """
+        Make sure from_native() accepts default iso input formats.
+        """
         f = serializers.TimeField()
-        result = f.from_native('12:34:56.987654')
+        result_1 = f.from_native('04:31')
+        result_2 = f.from_native('04:31:59')
+        result_3 = f.from_native('04:31:59.000200')
 
-        self.assertEqual(datetime.time(12, 34, 56, 987654), result)
+        self.assertEqual(datetime.time(4, 31), result_1)
+        self.assertEqual(datetime.time(4, 31, 59), result_2)
+        self.assertEqual(datetime.time(4, 31, 59, 200), result_3)
 
-    def test_TimeField_from_native_datetime_time(self):
+    def test_from_native_datetime_time(self):
         """
         Make sure from_native() accepts a datetime.time instance.
         """
         f = serializers.TimeField()
-        result = f.from_native(datetime.time(12, 34, 56))
-        self.assertEqual(result, datetime.time(12, 34, 56))
+        result_1 = f.from_native(datetime.time(4, 31))
+        result_2 = f.from_native(datetime.time(4, 31, 59))
+        result_3 = f.from_native(datetime.time(4, 31, 59, 200))
 
-    def test_TimeField_from_native_empty(self):
-        f = serializers.TimeField()
-        result = f.from_native('')
-        self.assertEqual(result, None)
+        self.assertEqual(result_1, datetime.time(4, 31))
+        self.assertEqual(result_2, datetime.time(4, 31, 59))
+        self.assertEqual(result_3, datetime.time(4, 31, 59, 200))
 
-    def test_TimeField_from_native_invalid_time(self):
-        f = serializers.TimeField()
+    def test_from_native_custom_format(self):
+        """
+        Make sure from_native() accepts custom input formats.
+        """
+        f = serializers.TimeField(input_formats=['%H -- %M'])
+        result = f.from_native('04 -- 31')
+
+        self.assertEqual(datetime.time(4, 31), result)
+
+    def test_from_native_invalid_default_on_custom_format(self):
+        """
+        Make sure from_native() don't accept default formats if custom format is preset
+        """
+        f = serializers.TimeField(input_formats=['%H -- %M'])
 
         try:
-            f.from_native('12:69:12')
+            f.from_native('04:31:59')
         except validators.ValidationError as e:
-            self.assertEqual(e.messages, ["'12:69:12' value has an invalid "
-                                          "format. It must be a valid time "
-                                          "in the HH:MM[:ss[.uuuuuu]] format."])
+            self.assertEqual(e.messages, ["Time has wrong format. Use one of these formats instead: hh -- mm"])
         else:
             self.fail("ValidationError was not properly raised")
 
-    def test_TimeFieldModelSerializer(self):
-        serializer = TimeFieldModelSerializer()
-        self.assertTrue(isinstance(serializer.fields['clock'], serializers.TimeField))
+    def test_from_native_empty(self):
+        """
+        Make sure from_native() returns None on empty param.
+        """
+        f = serializers.TimeField()
+        result = f.from_native('')
+
+        self.assertEqual(result, None)
+
+    def test_from_native_none(self):
+        """
+        Make sure from_native() returns None on None param.
+        """
+        f = serializers.TimeField()
+        result = f.from_native(None)
+
+        self.assertEqual(result, None)
+
+    def test_from_native_invalid_time(self):
+        """
+        Make sure from_native() raises a ValidationError on passing an invalid time.
+        """
+        f = serializers.TimeField()
+
+        try:
+            f.from_native('04:61:59')
+        except validators.ValidationError as e:
+            self.assertEqual(e.messages, ["Time has wrong format. Use one of these formats instead: "
+                                          "hh:mm[:ss[.uuuuuu]]"])
+        else:
+            self.fail("ValidationError was not properly raised")
+
+    def test_from_native_invalid_format(self):
+        """
+        Make sure from_native() raises a ValidationError on passing an invalid format.
+        """
+        f = serializers.TimeField()
+
+        try:
+            f.from_native('04 -- 31')
+        except validators.ValidationError as e:
+            self.assertEqual(e.messages, ["Time has wrong format. Use one of these formats instead: "
+                                          "hh:mm[:ss[.uuuuuu]]"])
+        else:
+            self.fail("ValidationError was not properly raised")
+
+    def test_to_native(self):
+        """
+        Make sure to_native() returns isoformat as default.
+        """
+        f = serializers.TimeField()
+        result_1 = f.to_native(datetime.time(4, 31))
+        result_2 = f.to_native(datetime.time(4, 31, 59))
+        result_3 = f.to_native(datetime.time(4, 31, 59, 200))
+
+        self.assertEqual('04:31:00', result_1)
+        self.assertEqual('04:31:59', result_2)
+        self.assertEqual('04:31:59.000200', result_3)
+
+    def test_to_native_custom_format(self):
+        """
+        Make sure to_native() returns correct custom format.
+        """
+        f = serializers.TimeField(format="%H - %S [%f]")
+        result_1 = f.to_native(datetime.time(4, 31))
+        result_2 = f.to_native(datetime.time(4, 31, 59))
+        result_3 = f.to_native(datetime.time(4, 31, 59, 200))
+
+        self.assertEqual('04 - 00 [000000]', result_1)
+        self.assertEqual('04 - 59 [000000]', result_2)
+        self.assertEqual('04 - 59 [000200]', result_3)

rest_framework/tests/filterset.py

@@ -65,8 +65,8 @@ class IntegrationTestFiltering(TestCase):
 
         self.objects = FilterableItem.objects
         self.data = [
-        {'id': obj.id, 'text': obj.text, 'decimal': obj.decimal, 'date': obj.date}
-        for obj in self.objects.all()
+            {'id': obj.id, 'text': obj.text, 'decimal': obj.decimal, 'date': obj.date.isoformat()}
+            for obj in self.objects.all()
         ]
 
     @unittest.skipUnless(django_filters, 'django-filters not installed')
@@ -95,7 +95,7 @@ class IntegrationTestFiltering(TestCase):
         request = factory.get('/?date=%s' % search_date)  # search_date str: '2012-09-22'
         response = view(request).render()
         self.assertEqual(response.status_code, status.HTTP_200_OK)
-        expected_data = [f for f in self.data if f['date'] == search_date]
+        expected_data = [f for f in self.data if datetime.datetime.strptime(f['date'], '%Y-%m-%d').date() == search_date]
         self.assertEqual(response.data, expected_data)
 
     @unittest.skipUnless(django_filters, 'django-filters not installed')
@@ -125,7 +125,7 @@ class IntegrationTestFiltering(TestCase):
         request = factory.get('/?date=%s' % search_date)  # search_date str: '2012-10-02'
         response = view(request).render()
         self.assertEqual(response.status_code, status.HTTP_200_OK)
-        expected_data = [f for f in self.data if f['date'] > search_date]
+        expected_data = [f for f in self.data if datetime.datetime.strptime(f['date'], '%Y-%m-%d').date() > search_date]
         self.assertEqual(response.data, expected_data)
 
         # Tests that the text filter set with 'icontains' in the filter class works.
@@ -142,8 +142,9 @@ class IntegrationTestFiltering(TestCase):
         request = factory.get('/?decimal=%s&date=%s' % (search_decimal, search_date))
         response = view(request).render()
         self.assertEqual(response.status_code, status.HTTP_200_OK)
-        expected_data = [f for f in self.data if f['date'] > search_date and
-                                                  f['decimal'] < search_decimal]
+        expected_data = [f for f in self.data if
+                         datetime.datetime.strptime(f['date'], '%Y-%m-%d').date() > search_date and
+                         f['decimal'] < search_decimal]
         self.assertEqual(response.data, expected_data)
 
     @unittest.skipUnless(django_filters, 'django-filters not installed')

rest_framework/tests/generics.py

@@ -350,3 +350,78 @@ class TestM2MBrowseableAPI(TestCase):
         view = ExampleView().as_view()
         response = view(request).render()
         self.assertEqual(response.status_code, status.HTTP_200_OK)
+
+
+class InclusiveFilterBackend(object):
+    def filter_queryset(self, request, queryset, view):
+        return queryset.filter(text='foo')
+
+
+class ExclusiveFilterBackend(object):
+    def filter_queryset(self, request, queryset, view):
+        return queryset.filter(text='other')
+
+
+class TestFilterBackendAppliedToViews(TestCase):
+
+    def setUp(self):
+        """
+        Create 3 BasicModel instances to filter on.
+        """
+        items = ['foo', 'bar', 'baz']
+        for item in items:
+            BasicModel(text=item).save()
+        self.objects = BasicModel.objects
+        self.data = [
+            {'id': obj.id, 'text': obj.text}
+            for obj in self.objects.all()
+        ]
+        self.root_view = RootView.as_view()
+        self.instance_view = InstanceView.as_view()
+        self.original_root_backend = getattr(RootView, 'filter_backend')
+        self.original_instance_backend = getattr(InstanceView, 'filter_backend')
+
+    def tearDown(self):
+        setattr(RootView, 'filter_backend', self.original_root_backend)
+        setattr(InstanceView, 'filter_backend', self.original_instance_backend)
+
+    def test_get_root_view_filters_by_name_with_filter_backend(self):
+        """
+        GET requests to ListCreateAPIView should return filtered list.
+        """
+        setattr(RootView, 'filter_backend', InclusiveFilterBackend)
+        request = factory.get('/')
+        response = self.root_view(request).render()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(len(response.data), 1)
+        self.assertEqual(response.data, [{'id': 1, 'text': 'foo'}])
+
+    def test_get_root_view_filters_out_all_models_with_exclusive_filter_backend(self):
+        """
+        GET requests to ListCreateAPIView should return empty list when all models are filtered out.
+        """
+        setattr(RootView, 'filter_backend', ExclusiveFilterBackend)
+        request = factory.get('/')
+        response = self.root_view(request).render()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data, [])
+
+    def test_get_instance_view_filters_out_name_with_filter_backend(self):
+        """
+        GET requests to RetrieveUpdateDestroyAPIView should raise 404 when model filtered out.
+        """
+        setattr(InstanceView, 'filter_backend', ExclusiveFilterBackend)
+        request = factory.get('/1')
+        response = self.instance_view(request, pk=1).render()
+        self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
+        self.assertEqual(response.data, {'detail': 'Not found'})
+
+    def test_get_instance_view_will_return_single_object_when_filter_does_not_exclude_it(self):
+        """
+        GET requests to RetrieveUpdateDestroyAPIView should return a single object when not excluded
+        """
+        setattr(InstanceView, 'filter_backend', InclusiveFilterBackend)
+        request = factory.get('/1')
+        response = self.instance_view(request, pk=1).render()
+        self.assertEqual(response.status_code, status.HTTP_200_OK)
+        self.assertEqual(response.data, {'id': 1, 'text': 'foo'})

rest_framework/tests/pagination.py

@@ -112,8 +112,8 @@ class IntegrationTestPaginationAndFiltering(TestCase):
 
         self.objects = FilterableItem.objects
         self.data = [
-        {'id': obj.id, 'text': obj.text, 'decimal': obj.decimal, 'date': obj.date}
-        for obj in self.objects.all()
+            {'id': obj.id, 'text': obj.text, 'decimal': obj.decimal, 'date': obj.date.isoformat()}
+            for obj in self.objects.all()
         ]
         self.view = FilterFieldsRootView.as_view()
 

rest_framework/tests/serializer.py

@@ -112,7 +112,7 @@ class BasicTests(TestCase):
         self.expected = {
             'email': 'tom@example.com',
             'content': 'Happy new year!',
-            'created': datetime.datetime(2012, 1, 1),
+            'created': '2012-01-01T00:00:00',
             'sub_comment': 'And Merry Christmas!'
         }
         self.person_data = {'name': 'dwight', 'age': 35}
@@ -268,7 +268,16 @@ class ValidationTests(TestCase):
         data = ['i am', 'a', 'list']
         serializer = CommentSerializer(self.comment, data=data, many=True)
         self.assertEqual(serializer.is_valid(), False)
-        self.assertEqual(serializer.errors, {'non_field_errors': ['Invalid data']})
+        self.assertTrue(isinstance(serializer.errors, list))
+
+        self.assertEqual(
+            serializer.errors,
+            [
+                {'non_field_errors': ['Invalid data']},
+                {'non_field_errors': ['Invalid data']},
+                {'non_field_errors': ['Invalid data']}
+            ]
+        )
 
         data = 'and i am a string'
         serializer = CommentSerializer(self.comment, data=data)
@@ -1072,3 +1081,32 @@ class NestedSerializerContextTests(TestCase):
 
         # This will raise RuntimeError if context doesn't get passed correctly to the nested Serializers
         AlbumCollectionSerializer(album_collection, context={'context_item': 'album context'}).data
+
+
+class DeserializeListTestCase(TestCase):
+
+    def setUp(self):
+        self.data = {
+            'email': 'nobody@nowhere.com',
+            'content': 'This is some test content',
+            'created': datetime.datetime(2013, 3, 7),
+        }
+
+    def test_no_errors(self):
+        data = [self.data.copy() for x in range(0, 3)]
+        serializer = CommentSerializer(data=data)
+        self.assertTrue(serializer.is_valid())
+        self.assertTrue(isinstance(serializer.object, list))
+        self.assertTrue(
+            all((isinstance(item, Comment) for item in serializer.object))
+        )
+
+    def test_errors_return_as_list(self):
+        invalid_item = self.data.copy()
+        invalid_item['email'] = ''
+        data = [self.data.copy(), invalid_item, self.data.copy()]
+
+        serializer = CommentSerializer(data=data)
+        self.assertFalse(serializer.is_valid())
+        expected = [{}, {'email': ['This field is required.']}, {}]
+        self.assertEqual(serializer.errors, expected)

tox.ini

@@ -1,6 +1,6 @@
 [tox]
 downloadcache = {toxworkdir}/cache/
-envlist = py3.3-django1.5,py3.2-django1.5,py2.7-django1.5,py2.7-django1.4,py2.7-django1.3,py2.6-django1.5,py2.6-django1.4,py2.6-django1.3
+envlist = py3.3-django1.5,py3.2-django1.5,py2.7-django1.5,py2.6-django1.5,py2.7-django1.4,py2.6-django1.4,py2.7-django1.3,py2.6-django1.3
 
 [testenv]
 commands = {envpython} rest_framework/runtests/runtests.py