Commit Graph

3625 Commits

Author SHA1 Message Date
Tom Christie
51f1aff162
Revert 8552 (#8661) 2022-09-21 14:03:39 +01:00
Cihan Eran
3401ef56f8
Add --version CLI option to generateschema (#8552) 2022-09-21 13:08:21 +01:00
David Smith
4aea8dd65a
Change semantic of OR of two permission classes (#7522)
* Change semantic of OR of two permission classes

The original semantic of OR is defined as: the request pass either of the two has_permission() check, and pass either of the two has_object_permission() check, which could lead to situations that a request passes has_permission() but fails on has_object_permission() of Permission Class A, fails has_permission() but passes has_object_permission() of Permission Class B, passes the OR permission check. This should not be the desired permission check semantic in applications, because such a request should fail on either Permission Class (on Django object permission) alone, but passes the OR or the two.

My code fix this by changing the semantic so that the request has to pass either class's has_permission() and has_object_permission() to get the Django object permission of the OR check.

* Update rest_framework/permissions.py

* Update setup.cfg

Co-authored-by: Mark Yu <markyu98@outlook.com>
Co-authored-by: Tom Christie <tom@tomchristie.com>
2022-09-21 12:19:33 +01:00
willbeaufoy
354ae73ffb
Make APIClient.force_authenticate() work with user=None (#8212)
* Fix testing with token

* Add unit test

* Split unit test into 3

* Fix linting error
2022-09-15 09:35:48 +01:00
gabn88
54d52c66fd
Fixes that namespaced views now also appear in the extra actions (#8598)
* Fixes that namespaced views now also appear in the extra actions

Before this fix, namespaced views would not appear in the extra actions. With this fix they do.

* Flake fix
2022-08-31 11:17:19 +01:00
Jonas Lundberg
df584350b4
Prevent head method mapping to coerce action name (#7729) 2022-08-12 12:00:55 +01:00
ProstoMaxim
791d48c690
Enforce is_valid(raise_exception=False) as a keyword-only argument. (#7952)
* make raise_exception a keyword-only argument

* make raise_exception keyword-only in metaclass
2022-08-10 14:00:30 +01:00
Adam Johnson
20d106d8a3
Upgraded Bootstrap to 3.4.1 and added CSS source maps (#8591) 2022-08-10 11:53:21 +01:00
David Cain
8b2ccccbe5
Stop calling set_context, planned for 3.13 drop (#8589)
Per the deprecation warnings (which have been raised since DRF 3.11),
`set_context()` was planned not to be supported in DRF 3.13. I think we
can safely delete it, in favor of `requires_context`.

From the 3.11 announcement:

> Previous our approach to this was that implementations could include a
> `set_context` method, which would be called prior to validation. However
> this approach had issues with potential race conditions. We have now
> move this approach into a pending deprecation state. It will continue to
> function, but will be escalated to a deprecated state in 3.12, and
> removed entirely in 3.13.

Why keep `RemovedInDRF313Warning` around?
=========================================
It's a bit odd that version 3.13 includes an exception class describing
things which are to be deleted in 3.13, but I've opted to keep the (now
unreferenced) class around, for fear of breaking others' setup.

(For example, if projects have a `filterwarnings` setup meant to
intercept `rest_framework.RemovedInDRF313Warning`, an error will be
thrown due to an unresolvable reference).
2022-08-08 11:18:49 +01:00
Łukasz Wieczorek
fd8adb32ce
Refactor short names in exceptions (#8585) 2022-08-01 16:28:05 +01:00
Allan Lewis
224168a28f
exceptions.ErrorDetail: Handle NotImplemented correctly in __ne__ (#8538)
PR #7531 resolved issue #7433 by updating `ErrorDetails.__eq__` to correctly
handle the `NotImplemented` case. However, Python 3.9 continues to issue the
following warning:

    DeprecationWarning: NotImplemented should not be used in a boolean context

This is because `__ne__` still doesn't handle the `NotImplemented` case
correctly. In order to avoid this warning, this commit makes the same change
for `__ne__` as previously made for `__eq__`.
2022-08-01 15:18:22 +01:00
Carlton Gibson
ad282da97c
Replaced parse_header with parse_header_parameters. (#8556)
Add a backwards compatibility shim for Django versions that have no (or an incompatible)
django.utils.http.parse_header_parameters implementation.

Thanks to Shai Berger for review. 

Co-authored-by: Jaap Roes <jroes@leukeleu.nl>
2022-07-14 14:20:36 +02:00
Stanislav Khlud
101aff6c43
Make autogenerated read only fields to be able to be nullable (#8536) 2022-06-28 15:22:46 +01:00
Felix Viernickel
129890ab1b
Fix error in throttling when request.user is None (#8370)
Check to see if request.user is set before proceeding with further
authentication checks.
2022-06-24 13:02:11 +01:00
Yuekui
2051a79da3
Fix "`" typo (#8529) 2022-06-24 12:08:18 +01:00
Stian Jensen
dba9493a90
Don't evaluate default_timezone unless needed (#8531)
If you set a custom timezone for a DateTimeField, the function
self.default_timezone() is still called, since fallback params to
getattr are still evaluated.

This rewrites to use hasattr, so the fallback case is only executed if
it will actually be used. If you render a lot of DateTimeFields in a
serializer, the time spent evaluating default_timezone() once for each
of them can accumulate to quite a bit, which is just unused work in the
case where timezone is already specified on the field.
2022-06-24 11:28:00 +01:00
Alessandro
82475c232b
Made relative URLs clickable as well. (#8464) 2022-06-08 15:03:00 +01:00
Stephen Finucane
5185cc9348
Handle unset fields with 'many=True' (#7574)
* Handle unset fields with 'many=True'

The docs note:

  When serializing fields with dotted notation, it may be necessary to
  provide a `default` value if any object is not present or is empty
  during attribute traversal.

However, this doesn't work for fields with 'many=True'. When using
these, the default is simply ignored.

The solution is simple: do in 'ManyRelatedField' what we were already
doing for 'Field', namely, catch possible 'AttributeError' and
'KeyError' exceptions and return the default if there is one set.

Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #7550

* Add test cases for #7550

Signed-off-by: Stephen Finucane <stephen@that.guru>
2022-06-08 14:46:19 +01:00
Grigory
1396f6886a
Respect model error_messages for relation (#7599) 2022-06-06 13:53:42 +01:00
Alan Crosswell
563a20a040
make get_reference public (#7515) 2022-06-06 13:44:02 +01:00
Krukov D
281fc074ba
improve performance for noncallble attributes (#8502)
Co-authored-by: Dima Kryukov <dmitry.kryukov@pandadoc.com>
2022-06-06 12:54:57 +01:00
Mariusz Felisiak
333f1ffb94
Confirmed support for Django 4.1. (#8498) 2022-06-06 12:39:06 +01:00
hashlash
df92e57ad6
Added test client support for HTTP 307 and 308 redirects (#8419)
* Add retain test data on follow=True

* Simplify TestAPITestClient.test_follow_redirect

Inspired from Django's ClientTest.test_follow_307_and_308_redirect

* Add 307 308 follow redirect test
2022-03-24 09:57:42 +00:00
Partho Kumar Rajvor
5bea22f321
Added http 102, 103, 421, and 425 status codes (#8350) 2022-02-03 11:57:47 +00:00
Tom Christie
a5d741aba4
Update renderers.py 2022-02-01 09:42:43 +00:00
Sevdimali
f378f98a40
if else optimization (#8340)
Removed redundant parentheses
2022-01-27 15:02:20 +00:00
Luke Plant
bce9df9b5e
Make ReturnDict support dict union operators on Python 3.9 and later (#8302)
Fixes issue #8301
2021-12-22 15:08:58 +00:00
Tom Christie
f4cf0260bf Version 3.13.1 2021-12-15 15:18:24 +00:00
Tom Christie
a780e80deb
Revert "Make api_view respect standard wrapper assignments (#8291)" (#8297)
This reverts commit 9c97946531.
2021-12-15 15:16:38 +00:00
Jameel Al-Aziz
b3beb15b00
Fix CursorPagination parameter schema type (#7708)
The CursorPagination's cursor query parameter expects a string and not
an integer.

Fixes #7691
2021-12-13 14:03:09 +00:00
Tom Christie
7a84dc749c
Version 3.13 (#8285)
* Version 3.12.5

* Version 3.13

* Version 3.13
2021-12-13 13:10:17 +00:00
tim-mccurrach
9c97946531
Make api_view respect standard wrapper assignments (#8291) 2021-12-13 13:08:40 +00:00
Alexander Klimenko
b0d407fd63
Made api_setting.UNICODE_JSON/ensure_ascii affecting json schema (#7991) 2021-12-08 14:37:32 +00:00
Yecine Megdiche
380ac8e79d
Remove old-style super calls (#8226) 2021-12-06 15:32:33 +00:00
Carlton Gibson
2d9eee5d02 Adjusted URLPatternsTestCase to use addClassCleanup() from Django 4.0.
Refs faba5b702a.

addClassCleanup() is available from Python 3.8, which is the minimum supported
Python from Django 4.0.
2021-09-22 10:23:47 +02:00
Dan Lousqui
f0a5b958a1
Add max_length and min_length options to ListSerializer (#8165) 2021-09-14 13:45:55 +01:00
Peter Uittenbroek
655e803adf
#7157: Fix RemoteUserAuthentication calling django authenticate with request argument (#7158) 2021-09-03 14:37:03 +01:00
Juan Benitez
cb206e4701
fix: change View class to Throttle class on SimpleRateThrottle Docstring (#8147) 2021-09-03 13:00:23 +01:00
Aarni Koskela
fdb4931475
Make Field constructors keyword-only (#7632) 2021-08-06 10:14:52 +01:00
Nikhil Benesch
b215375125
Propagate nullability in ModelSerializer (#8116)
Propagate the nullability of underlying model fields in ModelSerializer
when those fields are marked as read only. This ensures the correct
generation of OpenAPI schemas.

Fix #8041.
2021-08-06 10:10:58 +01:00
Evgeny Panfilov
98e56e0327
fix empty string as a value for a validated DecimalField (#8064) (#8067) 2021-07-01 15:04:44 +01:00
Ian De Bie
61e7a993bd
fix comments by using correct css comment syntax (#8019)
these intended comments were causing errors in sonarqube scans due to using wrong css comment syntax
2021-06-07 10:30:23 +01:00
Denis Orehovsky
8812394ed8
Add distinction between request and response serializers for OpenAPI (#7424)
* Add distinction between request and response serializers

* Add docs

* document new functions in schemas.md

* add a test case for different request vs response objects

* Correct formatting for flake8

Co-authored-by: Shaun Gosse <shaun.gosse@emburse.com>
2021-04-20 15:03:16 +01:00
Tom Christie
0323d6f895
Linting fixes (#7874)
* Fixed code quality issues

- Added '.deepsource.toml' file for continuous analysis on bug risk

- Remove `return` from `__init__()` method

- Remove duplicate dictionary key(s)

- Use `max` built-in to get the maximum of two values

- Remove redundant `None` default

- Remove unnecessary comprehension

Signed-off-by: ankitdobhal <dobhal.ankit@protonmail.com>

* Delete .deepsource.toml

* Delete test_fields.py

* Reintroduce file from accidental deletion

Co-authored-by: ankitdobhal <dobhal.ankit@protonmail.com>
2021-03-26 12:27:10 +00:00
Tom Christie
f83620dcc9
Version 3.12.4 (#7873)
* Version 3.12.4

* Tweak release notes
2021-03-26 09:27:01 +00:00
Tom Christie
72c155d8f4
Revert "pick deque instead of list (#7849)" (#7872)
This reverts commit ebcb8d5310.
2021-03-26 09:17:47 +00:00
Tom Christie
83ad265e13
Version 3.12.3 (#7866) 2021-03-25 12:23:23 +00:00
Jack
ebcb8d5310
pick deque instead of list (#7849)
Co-authored-by: Jack Zhang <jack.zhang@aspiraconnect.com>
2021-03-25 10:47:44 +00:00
Anton Zaslavskiy
b25ac6c5e3
Don't hit db to access user_id in TokenProxy (#7852) 2021-03-19 11:46:09 +00:00
Aristotelis Mikropoulos
67ebdd32cd
Reject PrimaryKeyRelatedField bool lookup values (#7597)
* Reject PrimaryKeyRelatedField bool lookup values

* Test PrimaryKeyRelatedField bool lookup rejection

* Fix indentation in test
2021-03-17 13:28:38 +00:00
Tom Christie
7b53960c3b
Revert "made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)" (#7847)
This reverts commit 9c9ffb18f4.
2021-03-17 13:24:55 +00:00
Tom Christie
3e274146fc
Fix WSGI signature for DjangoTestAdapter (#7846)
Closes https://github.com/encode/django-rest-framework/issues/7132
2021-03-17 13:24:38 +00:00
Jesse London
9c9ffb18f4
made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)
HTML responses generated by the Browsable API otherwise generate
inconsistent ETAGs -- due to the presence of CSRF tokens in the response
-- even when the API is read-only, (and as such when the response
contains no resource-modifying forms, i.e. neither POST nor PUT forms,
which might require the CSRF token).

While the template was appropriately including CSRF tokens only within
POST and PUT forms, its AJAX overlay included the CSRF token in *every*
response, regardless of whether it would be needed.

This change brings the logic of the `script` block into line with that
of the rest of the template -- and such that read-only APIs (and really
the Browsable API pages of *any* read-only resources) will not
needlessly include the CSRF token, and will now be safely cachable -- by
both back-end systems and by the user agent.
2021-03-16 13:25:21 +00:00
Ömer Faruk Abacı
ce1568322a
Ordering filter bug with model property serializer field (#7609)
* Add failing tests for ordering filter with model property

* Fix get_default_valid_fields of OrderingFilter

* Filter model properties in get_default_valid_fields of OrderingFilter
2021-03-16 12:53:39 +00:00
Alex Hedlund
b256c46cb1
Render JSON fields with proper indentation in browsable API forms. (#6243)
* Fix JSONBoundField usage on nested serializers (#6211)

* Unify JSONBoundField as_form_field output between py2 and py3

When using json.dumps with indenting, in python2 the default formatting
prints whitespace after commas (,) and python3 does not. This can be
unified with the separators keyword argument.
2021-03-15 10:44:03 +00:00
Tom Christie
39a98c80a6 Fix 'get_page_number' implementation 2021-03-11 09:21:22 +00:00
Tom Christie
c05cbe2da2
Update pagination.py
Include `last_page_strings` logic *inside* the `get_page_number method.
2021-03-10 12:50:59 +00:00
sarath ak
6f6d402d04
Allow 'get_page' method for overriding #7626 (#7652) 2021-03-10 12:32:10 +00:00
Pierre Chiquet
c603b98403
Fix OpenAPISchema rendering for timedelta (#7641)
* Add failing test when rendering to json a schema with timedelta

* Fix JSONOpenAPIRenderer for fields with default=timedelta()

* fix isort

* fix test for python 3.5

Co-authored-by: Pierre Chiquet <pierre.chiquet@ubikey.fr>
2021-03-10 12:03:15 +00:00
Dmitry Mugtasimov
a3ae8ea77e
Do not do SELECT count(*) FROM ... if pagination is not requested (#6098)
* Do not do `SELECT count(*) FROM ...` if pagination is not requested

* Update pagination.py

Co-authored-by: Tom Christie <tom@tomchristie.com>
2021-03-09 12:06:12 +00:00
Vitor Hugo
4e0d6c4118
Update default.css (#7643)
When I apply a theme to the bootstrap used in the project, boolean inputs are out of line with the rest of the form. With this small payment, this no longer occurs.
2021-03-09 11:54:58 +00:00
Berkant
95ae92ef23
Fix #7706 (#7724)
Handle non-dict values for NestedSerializer during BrowsableAPI
rendering.
2021-03-09 11:34:18 +00:00
David Kerkeslager
05512160ab
Respect allow_null=True on DecimalFields (#7718)
* Handle None in to_representation()
* Return None as '' in to_representation() when coerce_to_string=True
* Handle '' as None in to_internal_value(), for symmetry with
  to_representation(), and because the empty concept doesn't make sense
  for Decimal.
2021-03-09 10:49:03 +00:00
Cas Ebbers
393f867995
Overlooked translation in search.html (#7551) 2021-03-09 10:21:11 +00:00
kuter
e9a54e38e1
add support for Yes/No literals with BooleanField (#7701) 2021-03-09 10:17:30 +00:00
Jonathan Mortensen
de7468d0b4
support multi db atomic_requests (#7739) 2021-03-03 11:15:39 +00:00
Sebastian Jordan
19655edbf7
Handle tuples same as lists in ValidationError detail context (#7647) 2021-01-06 13:13:34 +00:00
Xavier Ordoquy
47cfbdac97 Translations updated from transifex and compiled 2020-10-13 22:05:24 +02:00
Tom Christie
3799633cde Version 3.12.2 2020-10-13 14:17:53 +01:00
Aarni Koskela
0bdd537cc4
Ignore derivations of BrowsableAPIRenderer in OpenAPI schema (#7497)
* Ignore derivations of BrowsableAPIRenderer in OpenAPI schema
* Improve test_renderer_mapping test

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-10-12 16:40:26 +02:00
Thomas Leese
eff97efa28
Don't catch exceptions in get_queryset (#7480)
In the `to_internal_value` method of the primary key and slug related fields, `TypeError`s and `ValueError`s are caught from `self.get_queryset().get(...)` and presented to the user. This works fine for most cases, but can cause problems if the exception is coming from `self.get_queryset()` rather than from the `.get(...)`.

It means errors in the `get_queryset` method can be hidden and presented back to the user as though, for example, the input provided to the `to_internal_value` was the wrong type, whereas in reality there's a bug in the `get_queryset` method and therefore it should bubble up and be exposed as a server error.

I've decided to fix this because twice now I've had to debug why I'm seeing `invalid_type` errors from my serializer (errors like `wrong pk type - int` when the `pk` type on my model is `int`) when the real problem was a bug in my custom `get_queryset` method.
2020-10-10 18:02:21 +01:00
David Smith
79c37d0dc3
Return NotImplemented sooner for ErrorDetail equality test (#7531)
The test suite raises warnings when tested against Python 3.9
`DeprecationWarning: NotImplemented should not be used in a boolean context`

Where `r` returns `NotImplemented` then this change returns `NotImplemented` first to avoid the comparison test.
2020-10-09 12:21:22 +01:00
Kryštof Pilnáček
79daf315c4
Fix: authtoken.TokenProxy cannot be proxy when not installed (#7571)
closes https://github.com/encode/django-rest-framework/issues/7442
2020-10-09 12:16:15 +01:00
Adam Johnson
7921e9af43
Fix RemovedInDjango40Warning for middleware get_resopnse() (#7513)
Fixes #7417.

Fixes all these issues seen with `tox -e py38-django31`:

```
  /Users/chainz/Documents/Projects/django-rest-framework/tests/test_request.py:208: RemovedInDjango40Warning: Passing None for the middleware get_response argument is deprecated.
    SessionMiddleware().process_request(self.wrapped_request)

tests/test_requests_client.py: 1 test with warning
tests/test_testing.py: 4 tests with warnings
tests/test_throttling.py: 1 test with warning
tests/authentication/test_authentication.py: 4 tests with warnings
tests/browsable_api/test_browsable_api.py: 4 tests with warnings
  /Users/chainz/Documents/Projects/django-rest-framework/rest_framework/authentication.py:139: RemovedInDjango40Warning: Passing None for the middleware get_response argument is deprecated.
    check = CSRFCheck()
```
2020-10-09 10:48:03 +01:00
Xavier Ordoquy
ebc1ebf0c4
Merge pull request #7481 from smithdc1/app-config
default_app_config application variable is deprecated in Django 3.2
2020-10-06 22:16:29 +02:00
Adam Johnson
91916a4db1
Fix NullBooleanField warning (#7565)
The argument to Field is 'allow_null'.
2020-09-30 13:47:06 +01:00
Tom Christie
05b3865838 Version 3.12.1 2020-09-28 16:18:23 +01:00
Hugo Rodger-Brown
995188f8c5
Add missing TokenProxy migration (#7557)
Fixes #7554
2020-09-28 16:16:18 +01:00
Tom Christie
6f7aad8ffa
Placeholder for 3.12 release (#7379)
* Placeholder for 3.12 release

* Updating release notes

* Updating release notes

* Updating release notes

* Update release notes

* Fix typo

* Basic structure for release announcement

* 3.12 release notes

* Version 3.12.0
2020-09-28 10:47:50 +01:00
Esieboma Jeremiah
9ee67bbff7
corrects typographical error in line 118 (#7553) 2020-09-28 08:52:17 +01:00
Tom Christie
ae649336b1
Drop urlize_quoted_links (#7548) 2020-09-23 15:39:06 +01:00
Francisco Couzo
6b632c15b1
Remove unnecessary type conversions (#7526) 2020-09-08 15:42:01 +01:00
Adam Johnson
410575dace
Replace all url() calls with path() or re_path() (#7512)
* url() is deprecated in Django 3.1

* update given feedbacks on url() is deprecated in Django 3.1

* Fix test_urlpatterns.py to continue testing mixed re_path() and path()

* Fix one missed reference

Co-authored-by: sanjusci <sanju.sci9@gmail.com>
2020-09-08 15:32:27 +01:00
David Smith
d5461e93fe
Bump flake8 to 3.8.3 (#7521) 2020-09-05 10:02:27 +02:00
David Smith
b8ab30683a default_app_config application variable is deprecated in Django 3.2 2020-09-03 21:57:41 +01:00
Charles
35c0abf24e
Change Token.generate_key to a Classmethod (#7502)
* adds classmethod decorator to generate_key and test to confirm change is acceptable

* self -> cls
2020-09-03 11:51:03 +01:00
Ryan P Kilby
f323049ecc
Fix pk-only optimization for properties (#7142)
* Add callable/prop tests for pk-only optimization

* Fix related field pk-only optimization for props
2020-09-03 11:49:15 +01:00
Bob Thomas
b3e02592d0
Add support for Django 3.1 JSONField (#7467)
Django 3.1 adds a new generic JSONField to replace the PostgreSQL-specific one. This adds support for the new field type, which should behave the same as the existing PostgreSQL field.

Django's new JSONField also includes support for a custom "decoder", so add support for that in the serializer field.
2020-09-03 11:47:11 +01:00
Vlad
e215db206a
Updated url()'s with path() and re_path() (#7492) 2020-08-25 13:50:02 +02:00
Justin Duke
48c327c681
Fix schema typo (#7491) 2020-08-24 03:44:34 -07:00
David Smith
355afcf64b
isort v5 (#7484) 2020-08-17 13:26:56 -07:00
Ryan P Kilby
1e383f103a
Check extra action func.__name__ (#7098) 2020-08-05 21:29:47 -07:00
Michael K
0d2bbd3177
Fix Request docstring kwarg names (#7443) 2020-08-05 16:51:06 -07:00
John Vandenberg
599e2b183d
urlpatterns: Remove unnecessary branching (#7405)
Functions path and register_converter are constants.
2020-07-23 19:26:35 +02:00
Anton Agestam
76232437d4
Allow type checkers to make serializers generic (#7385) 2020-07-07 10:05:36 +01:00
Minjae Kim
d46d5cbaaa
Not include charset when charset is None (#7400) 2020-07-07 09:58:32 +01:00
Xavier Ordoquy
28983cb28b
Merge pull request #7290 from encode/xordoquy/fix_action_namespace
Fix viewsets action urls with namespaces (#7287)
2020-07-03 20:18:18 +02:00
Dhaval Mehta
5ce237e004
Corrected regex serialization for OpenAPI. (#7389)
* replace \Z by \z in regex

* fix test cases for Django >= 3.0

* fix isort

* Added comment for why `\z`.

Co-authored-by: Carlton Gibson <carlton@noumenal.es>
2020-06-28 14:28:59 +02:00
Carlton Gibson
e2bd3b6a57
Adjusted token admin to map to user ID. (#7341)
Closes #6131.

* Adds a proxy model for Token that uses the user.pk, rather than it's own.
* Adjusts Admin to map back from User ID to token instance.
2020-06-15 11:43:09 +01:00
Jair Henrique
bb795674f8
Drop all compat support to Django < 2 urls (#7337) 2020-05-14 20:31:38 +02:00