encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-01-24 08:14:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

GitHub link in toolbar

Browse Source
This commit is contained in:
Tom Christie 2012-09-12 13:11:26 +01:00
parent 2469cd2c83
commit dac4cb9e8b
4 changed files with 27 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/api-guide/exceptions.md
View File

@ -8,7 +8,7 @@
## Exception handling in REST framework views ## Exception handling in REST framework views
REST framework's views handle various exceptions, and deal with returning appropriate error responses for you. REST framework's views handle various exceptions, and deal with returning appropriate error responses.
The handled exceptions are: The handled exceptions are:
@ -16,9 +16,9 @@ The handled exceptions are:
* Django's `Http404` exception. * Django's `Http404` exception.
* Django's `PermissionDenied` exception. * Django's `PermissionDenied` exception.
In each case, REST framework will return a response, rendering it to an appropriate content-type. In each case, REST framework will return a response with an appropriate status code and content-type. The body of the response will include any additional details regarding the nature of the error.
By default all error messages will include a key `details` in the body of the response, but other keys may also be included. By default all error responses will include a key `details` in the body of the response, but other keys may also be included.
For example, the following request: For example, the following request:

19
docs/api-guide/permissions.md
View File

@ -12,7 +12,7 @@ Permission checks are always run at the very start of the view, before any other
## How permissions are determined ## How permissions are determined
Permissions in REST framework are always defined as a list of permission classes. Before running the main body of the view, each permission in the list is checked. Permissions in REST framework are always defined as a list of permission classes. Before running the main body of the view each permission in the list is checked.
If any permission check fails an `exceptions.PermissionDenied` exception will be raised, and the main body of the view will not run. If any permission check fails an `exceptions.PermissionDenied` exception will be raised, and the main body of the view will not run.
@ -73,7 +73,18 @@ This permission is suitable if you want to your API to allow read permissions to
## DjangoModelPermissions ## DjangoModelPermissions
This permission class ties into Django's standard `django.contrib.auth` model permissions. When applied to a view that has a `.model` property, permission will only be granted if the user This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. When applied to a view that has a `.model` property, authorization will only be granted if the user has the relevant model permissions assigned.
* `POST` requests require the user to have the `add` permission on the model.
* `PUT` and `PATCH` requests require the user to have the `change` permission on the model.
* `DELETE` requests require the user to have the `delete` permission on the model.
The default behaviour can also be overridden to support custom model permissions. For example, you might want to include a `view` model permission for `GET` requests.
To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property. Refer to the source code for details.
The `DjangoModelPermissions` class also supports object-level permissions. Third-party authorization backends such as [django-guardian][guardian] should work just fine with `DjangoModelPermissions` without any custom configuration required.
## Custom permissions ## Custom permissions
@ -84,4 +95,6 @@ The method should return `True` if the request should be granted access, and `Fa
[cite]: https://developer.apple.com/library/mac/#documentation/security/Conceptual/AuthenticationAndAuthorizationGuide/Authorization/Authorization.html [cite]: https://developer.apple.com/library/mac/#documentation/security/Conceptual/AuthenticationAndAuthorizationGuide/Authorization/Authorization.html
[authentication]: authentication.md [authentication]: authentication.md
[throttling]: throttling.md [throttling]: throttling.md
[contribauth]: https://docs.djangoproject.com/en/1.0/topics/auth/#permissions
[guardian]: https://github.com/lukaszb/django-guardian

7
docs/static/css/drf-styles.css vendored
View File

@ -22,6 +22,13 @@ pre {
display: block; display: block;
} }
/* Header link to GitHub */
.repo-link {
float: right;
margin-right: 10px;
margin-top: 7px;
}
/* GitHub 'Star' badge */ /* GitHub 'Star' badge */
body.index #main-content iframe { body.index #main-content iframe {
float: right; float: right;

1
docs/template.html
View File

@ -21,6 +21,7 @@
<div class="navbar navbar-inverse navbar-fixed-top"> <div class="navbar navbar-inverse navbar-fixed-top">
<div class="navbar-inner"> <div class="navbar-inner">
<div class="container-fluid"> <div class="container-fluid">
<a class="repo-link btn btn-primary btn-small" href="https://github.com/tomchristie/django-rest-framework/tree/restframework2">GitHub</a>
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span> <span class="icon-bar"></span>
<span class="icon-bar"></span> <span class="icon-bar"></span>