see https://github.com/encode/django-rest-framework/issues/5660
Trying to register new routes on a router after having accessed the
router `urls` attribute leads to surprising results.
The route is added without error to the router's `registry` but the urls
are not updated, because they are cached in `_urls`.
This commit invalidates the cache after each new registration.
* Add test that verifies that HTML is correctly escaped in Browsable API views
* Fix `urlize_quoted_links` tag to avoid double escaping in autoescape mode
* Fix XSS in default DRF Browsable API template by re-enabling autoescape
* Fix issue1811: take limit_choices_to into account with FK
* Issue 1811: Add tests to illustrate issue
* Filter queryset only if limit_choices_to exists
* Move test_relations_with_limited_querysets file within test_relations_pk
* move limit_choices_to logic from relations.py to utils/field_mapping.py
* move limit_choices_to above other check to avoid conflicts
In some cases we end with an operation between two `OperandHolder`.
This didn't work as it didn't knew how to deal with | or &
This fixes by adding those operations.
* Release notes to 5174a26ec9
* Update version for v3.9.0
* Removed exclude_from_schema per deprecation policy.
* Updated list_route() and detail_route() deprecations.
* Weakened to PendingDeprecationWarning for `base_name`
cc @rpkilby.
* Add (beginning of) 3.9 release announcement.
@tomchristie: Input on OpenAPI and What’s Next very welcome! :)
* Add announcement section for Extra Actions in Browsable API
* Update release notes and add deprecation note for Django Guardian backend.
* Add release note for #6073
* Add release notes to dd19a44583
* Adding release notes
* Update 3.9 announcement
* Add Oct 18 release date
* added ability to add sections to custom action documentation
* added tests to cover docs sections in custom actions
* added method specific docs test for action mapping
* added docs for custom action documentation
* permissions: Allow permissions to be composed
Implement a system to compose permissions with and / or.
This is performed by returning an `OperationHolder` instance that keeps the
permission classes and type of composition (and / or).
When called it will return a AND/OR instance that will then delegate the
permission check to the operands.
* permissions: Add documentation about composed permissions
* Fix documentation typo in permissions
* Add suffix support for actions
Removes the newly introduced `action.name` in favor of leveraging the
View's `.get_view_name()` method, which supports both name and suffix.
* Fix view description func docstrings
* Test action decorator name & suffix kwargs
* Adjust 'extra action' docs
On all supported Pythons, the io.BytesIO is always a stream
implementation using an in-memory bytes buffer.
Makes code slightly more forward compatible by reducing use of the six
module and promotes more forward compatible practices in the docs.
* Make admin detail link have small width
* Disable admin detail link when no URL
* Add 'AdminRenderer.get_result_url'
Attempts to reverse the result's detail view URL.
* Add failing test for extra action schemas
* Add ViewInspector setter to store instances
* Fix schema disabling for extra actions
* Add docs note about disabling schemas for actions
* View suffix already set by initializer
* Add 'name' and 'description' attributes to ViewSet
ViewSets may now provide their `name` and `description` attributes
directly, instead of relying on view introspection to derive them.
These attributes may also be provided with the view's initkwargs.
The ViewSet `name` and `suffix` initkwargs are mutually exclusive.
The `action` decorator now provides the `name` and `description` to
the view's initkwargs. By default, these values are derived from the
method name and its docstring. The `name` may be overridden by providing
it as an argument to the decorator.
The `get_view_name` and `get_view_description` hooks now provide the
view instance to the handler, instead of the view class. The default
implementations of these handlers now respect the `name`/`description`.
* Add 'extra actions' to ViewSet & browsable APIs
* Update simple router tests
Removed old test logic around link/action decorators from `v2.3`. Also
simplified the test by making the results explicit instead of computed.
* Add method mapping to ViewSet actions
* Document extra action method mapping
* Revert "Non-required fields with 'allow_null=True' should not imply a default value (#5639)"
This reverts commit 905a5579df.
Closes#5708
* Add test for allow_null + required=False
Ref #5708: allow_null should imply default=None, even for non-required fields.
* Re-order allow_null and default in field docs
default is prior to allow_null. allow_null implies an outgoing default=None.
* Adjust allow_null note.
* Always exclude read_only fields from _writable_fields
* Remove `read_only` from `CreateOnlyDefault` example.
In this context (without mentioning `save`) now slightly misleading.
The tests look for the "admin" app in the list of apps. If not present, running `runtests.py` gives the following error:
```
LookupError: No installed app with label 'admin'.
```
Adding admin to `INSTALLED_APPS` fixes it.
DictFields were incorrectly being output as String in the schema.
This pull request outputs an Object instead and adds a unit test.
Update s/detail_route/action/ after rebase
By default all subclasses of RelatedField are output as string fields in
the schema, which works well for StringRelatedField, SlugRelatedField or
HyperlinkedRelatedField.
Handle the common case of a PrimaryKeyRelatedField pointing to an
AutoField.
This adds `__eq__` to handle `code` in comparisons.
When comparing an ErrorDetail to a string (missing `code` there) the
ErrorDetail's `code` is ignored, but otherwise it is taken into account.
Calling dict.keys() is unnecessary. The two are functionally equivalent
on modern Pythons.
Inspired by Lennart Regebro's talk "Prehistoric Patterns in Python" from
PyCon 2017.
https://www.youtube.com/watch?v=V5-JH23Vk0I
* Add failing test for #5672
* Add get_original_route to complement get_regex_pattern
* [WIP] Fix path handling
* needs more tests
* maybe needs some refactoring
* Add django 2 variant for all tests and fix trailing slash bug
* Add more combinations to mixed path test
* Extract method for `manual_fields` processing
Allows reuse of logic to replace Field instances in a field list by `Field.name`.
Adds a utility function for the logic plus a wrapper method on `AutoSchema`.
Closes#5632
* Manual fields suggestions (#2)
* Use OrderedDict in inspectors
* Move empty check to 'update_fields()'
* Make 'update_fields()' an AutoSchema staticmethod
* Add 'AutoSchema.get_manual_fields()'
* Conform '.get_manual_fields()' to other methods
* Add test for update_fields
* Make sure `manual_fields` is a list.
(As documented to be)
* Add docs for new AutoSchema methods.
* `get_manual_fields`
* `update_fields`
* Add release notes for PR.
* Update assertion style in user logout test
* Apply middlewares to django request object
* Fix test for request auth hiding AttributeErrors
* Re-raise/wrap auth attribute errors
* Fix test for py2k
* Add docs for WrappedAttributeError
* SchemaJSRenderer renders invalid Javascript
Under Py3 the base64.b64encode() method returns a binary object, which gets rendered as `b'...'` in schema.js. This results in the output becoming:
var coreJSON = window.atob('b'eyJf...'');
which is invalid Javascript. Because base64 only uses ASCII characters it is safe to decode('ascii') it. Under Py2 this will result in a unicode object, which is fine. Under Py3 it results in a string, which is also fine. This solves the problem and results in a working schema.js output.
* Add regression test for #5608
* Add regression test for #5608
* Apparently the linter on Travis wants the imports in a different order than on my box...
