* permissions: Allow permissions to be composed
Implement a system to compose permissions with and / or.
This is performed by returning an `OperationHolder` instance that keeps the
permission classes and type of composition (and / or).
When called it will return a AND/OR instance that will then delegate the
permission check to the operands.
* permissions: Add documentation about composed permissions
* Fix documentation typo in permissions
* Add suffix support for actions
Removes the newly introduced `action.name` in favor of leveraging the
View's `.get_view_name()` method, which supports both name and suffix.
* Fix view description func docstrings
* Test action decorator name & suffix kwargs
* Adjust 'extra action' docs
On all supported Pythons, the io.BytesIO is always a stream
implementation using an in-memory bytes buffer.
Makes code slightly more forward compatible by reducing use of the six
module and promotes more forward compatible practices in the docs.
* Add failing test for extra action schemas
* Add ViewInspector setter to store instances
* Fix schema disabling for extra actions
* Add docs note about disabling schemas for actions
* View suffix already set by initializer
* Add 'name' and 'description' attributes to ViewSet
ViewSets may now provide their `name` and `description` attributes
directly, instead of relying on view introspection to derive them.
These attributes may also be provided with the view's initkwargs.
The ViewSet `name` and `suffix` initkwargs are mutually exclusive.
The `action` decorator now provides the `name` and `description` to
the view's initkwargs. By default, these values are derived from the
method name and its docstring. The `name` may be overridden by providing
it as an argument to the decorator.
The `get_view_name` and `get_view_description` hooks now provide the
view instance to the handler, instead of the view class. The default
implementations of these handlers now respect the `name`/`description`.
* Add 'extra actions' to ViewSet & browsable APIs
* Update simple router tests
Removed old test logic around link/action decorators from `v2.3`. Also
simplified the test by making the results explicit instead of computed.
* Add method mapping to ViewSet actions
* Document extra action method mapping
* Update the http signature auth library ref link
It seems that the djangorestframework-httpsignature package is outdated
and there is updated fork named drf-httpsig.
* Fixing the link ref format in the http signature section
* Revert "Non-required fields with 'allow_null=True' should not imply a default value (#5639)"
This reverts commit 905a5579df.
Closes#5708
* Add test for allow_null + required=False
Ref #5708: allow_null should imply default=None, even for non-required fields.
* Re-order allow_null and default in field docs
default is prior to allow_null. allow_null implies an outgoing default=None.
* Adjust allow_null note.
* Always exclude read_only fields from _writable_fields
* Remove `read_only` from `CreateOnlyDefault` example.
In this context (without mentioning `save`) now slightly misleading.
Calling dict.keys() is unnecessary. The two are functionally equivalent
on modern Pythons.
Inspired by Lennart Regebro's talk "Prehistoric Patterns in Python" from
PyCon 2017.
https://www.youtube.com/watch?v=V5-JH23Vk0I
* Extract method for `manual_fields` processing
Allows reuse of logic to replace Field instances in a field list by `Field.name`.
Adds a utility function for the logic plus a wrapper method on `AutoSchema`.
Closes#5632
* Manual fields suggestions (#2)
* Use OrderedDict in inspectors
* Move empty check to 'update_fields()'
* Make 'update_fields()' an AutoSchema staticmethod
* Add 'AutoSchema.get_manual_fields()'
* Conform '.get_manual_fields()' to other methods
* Add test for update_fields
* Make sure `manual_fields` is a list.
(As documented to be)
* Add docs for new AutoSchema methods.
* `get_manual_fields`
* `update_fields`
* Add release notes for PR.
* Update assertion style in user logout test
* Apply middlewares to django request object
* Fix test for request auth hiding AttributeErrors
* Re-raise/wrap auth attribute errors
* Fix test for py2k
* Add docs for WrappedAttributeError
* Remove trailing whitespace from lines
* Remove trailing nad leading whitespace from files
Allows for cleaner diffs in future changes. For editors that
automatically clean up whitespace on save, will avoid unrelated line
changes in diffs.
* Adding rounding parameter to DecimalField.
* Using standard `assert` instead of `self.fail()`.
* add testcase and PEP8 multilines fix
* flake8 fixes
* Use decimal module constants in tests.
* Add docs note for `rounding` parameter.
* Set version number for 3.7.0 release
* Rename release notes section
Moved issue links to top for easier access.
(Can move back later)
* Add release note for #5273
* Add release note for #5440
* Add release note for #5265
Strict JSON handling
* Add release note for #5250
* Add release notes for #5170
* Add release notes for #5443
* Add release notes for #5448
* Add release notes for #5452
* Add release not for #5342
* Add release notes for 5454
* Add release notes for #5058 & #5457
Remove Django 1.8 & 1.9 from README and setup.py
* Release notes for merged 3.6.5 milestone tickets
Tickets migrated to 3.7.0 milestone.
* Add release notes for #5469
* Add release notes from AM 2ndOct
* Add final changes to the release notes.
* Add date and milestone link
Move issue links back to bottom.
* Update translations from transifex
* Begin releae anouncement
* Add release note for #5482
* 3.7 release announcement & related docs.
* Changes to the paginator defaults and settings
Require a default paginator be specified when using the page size
setting.
https://github.com/encode/django-rest-framework/issues/5168
* DRF-5168 import warnings
missed this in last commit
* Add a system checks file
Add a check for pagination settings for the 3.7 upgrade cycle.
* more compatible import approach
* missing bactic
* revised language and approach to import the system check
Adds a rest framework app config.
* Adjust doc wording
* Add tests for schema exclusions
* Move exclusion check to should_include_endpoint
* Update docs
* Switch to using `schema = None`
* Test PendingDeprecationWarnings
* Add note to release notes.
* s/deprecated/pending deprecation/
* Add PR link to release notes
* Correct typo in test class name
* Test 'exclude_from_schema' deprecation warning message (#1)
* Correct deprecation warning message
* Initial Refactor Step
* Add descriptor class
* call from generator
* proxy back to generator for implementation.
* Move `get_link` to descriptor
* Move `get_description` to descriptor
* Remove need for generator in get_description
* Move get_path_fields to descriptor
* Move `get_serializer_fields` to descriptor
* Move `get_pagination_fields` to descriptor
* Move `get_filter_fields` to descriptor
* Move `get_encoding` to descriptor.
* Pass just `url` from SchemaGenerator to descriptor
* Make `view` a property
Encapsulates check for a view instance.
* Adjust API Reference docs
* Add `ManualSchema` class
* Refactor to `ViewInspector` plus `AutoSchema`
The interface then is **just** `get_link()`
* Add `manual_fields` kwarg to AutoSchema
* Add schema decorator for FBVs
* Adjust comments
* Docs: Provide full params in example
Ref feedback b52e372f8f (r137254795)
* Add docstring for ViewInstpector.__get__ descriptor method.
Ref https://github.com/encode/django-rest-framework/pull/5354#discussion_r137265022
* Make `schemas` a package.
* Split generators, inspectors, views.
* Adjust imports
* Rename to EndpointEnumerator
* Adjust ManualSchema to take `fields`
… and `description`.
Allows `url` and `action` to remain dynamic
* Add package/module docstrings
* Update get_object() example in permissions.md
I'm a bit confused about the example that's provided in the 'Object level permissions' section. Other examples (e.g. Tutorial 3 - Class Based Views) provided a pk to get_object(). It doesn't seem like this example has any way of identifying a specific object.
Just in case I'm correct, I've prepared this pull request. But if I'm wrong, would it be possible for you to explain the example I modified?
Many Thanks...
* Adjust patch
* Remove unnecessary comma
* Remove the "and simple" copied from the line above.
* Add "entirely" to emphasize that this function bypasses the authentication step.
* Add test for disabling declared fields on child
* Check that declared base field is not in attrs
* Update meta inheritance docs to include serializer
* Test that meta fields cannot be declared as None
* Add docs example for declarative field disabling
* Start test case
* Added 'requests' test client
* Address typos
* Graceful fallback if requests is not installed.
* Add cookie support
* Tests for auth and CSRF
* Py3 compat
* py3 compat
* py3 compat
* Add get_requests_client
* Added SchemaGenerator.should_include_link
* add settings for html cutoff on related fields
* Router doesn't work if prefix is blank, though project urls.py handles prefix
* Fix Django 1.10 to-many deprecation
* Add django.core.urlresolvers compatibility
* Update django-filter & django-guardian
* Check for empty router prefix; adjust URL accordingly
It's easiest to fix this issue after we have made the regex. To try
to fix it before would require doing something different for List vs
Detail, which means we'd have to know which type of url we're
constructing before acting accordingly.
* Fix misc django deprecations
* Use TOC extension instead of header
* Fix deprecations for py3k
* Add py3k compatibility to is_simple_callable
* Add is_simple_callable tests
* Drop python 3.2 support (EOL, Dropped by Django)
* schema_renderers= should *set* the renderers, not append to them.
* API client (#4424)
* Fix release notes
* Add note about 'User account is disabled.' vs 'Unable to log in'
* Clean up schema generation (#4527)
* Handle multiple methods on custom action (#4529)
* RequestsClient, CoreAPIClient
* exclude_from_schema
* Added 'get_schema_view()' shortcut
* Added schema descriptions
* Better descriptions for schemas
* Add type annotation to schema generation
* Coerce schema 'pk' in path to actual field name
* Deprecations move into assertion errors
* Use get_schema_view in tests
* Updte CoreJSON media type
* Handle schema structure correctly when path prefixs exist. Closes#4401
* Add PendingDeprecation to Router schema generation.
* Added SCHEMA_COERCE_PATH_PK and SCHEMA_COERCE_METHOD_NAMES
* Renamed and documented 'get_schema_fields' interface.
1. The returns from the views needs to be a Response
2. I found that instantiating the generator at the module level caused an import error when starting Django, likely because it is executing before all the app load magic happened. Moving it into the view method solved this.
* lookup_type is deprecated in favor of lookup_expr
* assertEquals is deprecated in favor of assertEqual
* app_name is a required keyword as of Django 1.10
* Exclude read_only=True fields from unique_together validation
* Test to ensure that unique_together validators can be removed
* Do not add uniquness_extra_kwargs when validators are explicitly declared.
* Add docs on validation in complex cases
As per [their blog post of the 27th April](https://blog.readthedocs.com/securing-subdomains/) ‘Securing subdomains’:
> Starting today, Read the Docs will start hosting projects from subdomains on the domain readthedocs.io, instead of on readthedocs.org. This change addresses some security concerns around site cookies while hosting user generated data on the same domain as our dashboard.
Test Plan: Manually visited all the links I’ve modified.
ListSerializer fields or serializers that are passed many=True may also take an allow_empty=False argument to disallow empty lists as valid input.
Information about this was part of the 3.2 release announcement, but had not been part of the API docs until now.
This allows subclassing TokenAuthentication and setting custom keyword,
thus allowing the Authorization header to be for example:
Bearer 956e252a-513c-48c5-92dd-bfddc364e812
It doesn't change the behavior of TokenAuthentication itself,
it simply allows to reuse the logic of TokenAuthentication without
the need of copy pasting the class and changing one hardcoded string.
Related: #4080