I might just be misunderstanding something (always a strong possibility!), but it seems to me that the table on the Permissions page is slightly inaccurate.
For `permission_classes`, wouldn't it have global-level permissions for list actions (rather than no permission control, as is currently listed)?
* docs updated to highlight use of select_related and prefetch related to avoid n+1 problems
* Apply suggestions from code review
cosmetic changes
Co-authored-by: Xavier Ordoquy <xordoquy@linovia.com>
* cosmetic changes
Co-authored-by: Xavier Ordoquy <xordoquy@linovia.com>
* Add distinction between request and response serializers
* Add docs
* document new functions in schemas.md
* add a test case for different request vs response objects
* Correct formatting for flake8
Co-authored-by: Shaun Gosse <shaun.gosse@emburse.com>
* Document the limitation that object level permissions do not apply to object creation. See for example #6409.
* Add overview of three different ways to restrict access
Added a sentence describing the use of a dictionary as the `detail` argument of a ValidationError, and how it can be used to add field-level errors during object-level validation.
There were recent updates to the `@action` decorator calling a little more attention to the kwargs it accepts.
I thought it would be useful to also provide an example in the throttling section of how those kwargs can be used to define/override throttle_classes through the action decorator as well.
* Add drf-psq to third party packages
* Add drf-psq to permissions.md
this package is an extension that gives support for having action-based **permission_classes**, **serializer_class**, and **queryset** dependent on permission-based rules.
Co-authored-by: Salar Nasiri <salarnasiri@users.noreply.github.com>
* url() is deprecated in Django 3.1
* update given feedbacks on url() is deprecated in Django 3.1
* Fix test_urlpatterns.py to continue testing mixed re_path() and path()
* Fix one missed reference
Co-authored-by: sanjusci <sanju.sci9@gmail.com>
