* Update the http signature auth library ref link
It seems that the djangorestframework-httpsignature package is outdated
and there is updated fork named drf-httpsig.
* Fixing the link ref format in the http signature section
* Revert "Non-required fields with 'allow_null=True' should not imply a default value (#5639)"
This reverts commit 905a5579df.
Closes#5708
* Add test for allow_null + required=False
Ref #5708: allow_null should imply default=None, even for non-required fields.
* Re-order allow_null and default in field docs
default is prior to allow_null. allow_null implies an outgoing default=None.
* Adjust allow_null note.
* Always exclude read_only fields from _writable_fields
* Remove `read_only` from `CreateOnlyDefault` example.
In this context (without mentioning `save`) now slightly misleading.
Calling dict.keys() is unnecessary. The two are functionally equivalent
on modern Pythons.
Inspired by Lennart Regebro's talk "Prehistoric Patterns in Python" from
PyCon 2017.
https://www.youtube.com/watch?v=V5-JH23Vk0I
* Extract method for `manual_fields` processing
Allows reuse of logic to replace Field instances in a field list by `Field.name`.
Adds a utility function for the logic plus a wrapper method on `AutoSchema`.
Closes#5632
* Manual fields suggestions (#2)
* Use OrderedDict in inspectors
* Move empty check to 'update_fields()'
* Make 'update_fields()' an AutoSchema staticmethod
* Add 'AutoSchema.get_manual_fields()'
* Conform '.get_manual_fields()' to other methods
* Add test for update_fields
* Make sure `manual_fields` is a list.
(As documented to be)
* Add docs for new AutoSchema methods.
* `get_manual_fields`
* `update_fields`
* Add release notes for PR.
* Update assertion style in user logout test
* Apply middlewares to django request object
* Fix test for request auth hiding AttributeErrors
* Re-raise/wrap auth attribute errors
* Fix test for py2k
* Add docs for WrappedAttributeError
* Remove trailing whitespace from lines
* Remove trailing nad leading whitespace from files
Allows for cleaner diffs in future changes. For editors that
automatically clean up whitespace on save, will avoid unrelated line
changes in diffs.
* Adding rounding parameter to DecimalField.
* Using standard `assert` instead of `self.fail()`.
* add testcase and PEP8 multilines fix
* flake8 fixes
* Use decimal module constants in tests.
* Add docs note for `rounding` parameter.
* Set version number for 3.7.0 release
* Rename release notes section
Moved issue links to top for easier access.
(Can move back later)
* Add release note for #5273
* Add release note for #5440
* Add release note for #5265
Strict JSON handling
* Add release note for #5250
* Add release notes for #5170
* Add release notes for #5443
* Add release notes for #5448
* Add release notes for #5452
* Add release not for #5342
* Add release notes for 5454
* Add release notes for #5058 & #5457
Remove Django 1.8 & 1.9 from README and setup.py
* Release notes for merged 3.6.5 milestone tickets
Tickets migrated to 3.7.0 milestone.
* Add release notes for #5469
* Add release notes from AM 2ndOct
* Add final changes to the release notes.
* Add date and milestone link
Move issue links back to bottom.
* Update translations from transifex
* Begin releae anouncement
* Add release note for #5482
* 3.7 release announcement & related docs.
* Changes to the paginator defaults and settings
Require a default paginator be specified when using the page size
setting.
https://github.com/encode/django-rest-framework/issues/5168
* DRF-5168 import warnings
missed this in last commit
* Add a system checks file
Add a check for pagination settings for the 3.7 upgrade cycle.
* more compatible import approach
* missing bactic
* revised language and approach to import the system check
Adds a rest framework app config.
* Adjust doc wording
* Add tests for schema exclusions
* Move exclusion check to should_include_endpoint
* Update docs
* Switch to using `schema = None`
* Test PendingDeprecationWarnings
* Add note to release notes.
* s/deprecated/pending deprecation/
* Add PR link to release notes
* Correct typo in test class name
* Test 'exclude_from_schema' deprecation warning message (#1)
* Correct deprecation warning message
* Initial Refactor Step
* Add descriptor class
* call from generator
* proxy back to generator for implementation.
* Move `get_link` to descriptor
* Move `get_description` to descriptor
* Remove need for generator in get_description
* Move get_path_fields to descriptor
* Move `get_serializer_fields` to descriptor
* Move `get_pagination_fields` to descriptor
* Move `get_filter_fields` to descriptor
* Move `get_encoding` to descriptor.
* Pass just `url` from SchemaGenerator to descriptor
* Make `view` a property
Encapsulates check for a view instance.
* Adjust API Reference docs
* Add `ManualSchema` class
* Refactor to `ViewInspector` plus `AutoSchema`
The interface then is **just** `get_link()`
* Add `manual_fields` kwarg to AutoSchema
* Add schema decorator for FBVs
* Adjust comments
* Docs: Provide full params in example
Ref feedback b52e372f8f (r137254795)
* Add docstring for ViewInstpector.__get__ descriptor method.
Ref https://github.com/encode/django-rest-framework/pull/5354#discussion_r137265022
* Make `schemas` a package.
* Split generators, inspectors, views.
* Adjust imports
* Rename to EndpointEnumerator
* Adjust ManualSchema to take `fields`
… and `description`.
Allows `url` and `action` to remain dynamic
* Add package/module docstrings
* Update get_object() example in permissions.md
I'm a bit confused about the example that's provided in the 'Object level permissions' section. Other examples (e.g. Tutorial 3 - Class Based Views) provided a pk to get_object(). It doesn't seem like this example has any way of identifying a specific object.
Just in case I'm correct, I've prepared this pull request. But if I'm wrong, would it be possible for you to explain the example I modified?
Many Thanks...
* Adjust patch
* Remove unnecessary comma
* Remove the "and simple" copied from the line above.
* Add "entirely" to emphasize that this function bypasses the authentication step.
* Add test for disabling declared fields on child
* Check that declared base field is not in attrs
* Update meta inheritance docs to include serializer
* Test that meta fields cannot be declared as None
* Add docs example for declarative field disabling
* Start test case
* Added 'requests' test client
* Address typos
* Graceful fallback if requests is not installed.
* Add cookie support
* Tests for auth and CSRF
* Py3 compat
* py3 compat
* py3 compat
* Add get_requests_client
* Added SchemaGenerator.should_include_link
* add settings for html cutoff on related fields
* Router doesn't work if prefix is blank, though project urls.py handles prefix
* Fix Django 1.10 to-many deprecation
* Add django.core.urlresolvers compatibility
* Update django-filter & django-guardian
* Check for empty router prefix; adjust URL accordingly
It's easiest to fix this issue after we have made the regex. To try
to fix it before would require doing something different for List vs
Detail, which means we'd have to know which type of url we're
constructing before acting accordingly.
* Fix misc django deprecations
* Use TOC extension instead of header
* Fix deprecations for py3k
* Add py3k compatibility to is_simple_callable
* Add is_simple_callable tests
* Drop python 3.2 support (EOL, Dropped by Django)
* schema_renderers= should *set* the renderers, not append to them.
* API client (#4424)
* Fix release notes
* Add note about 'User account is disabled.' vs 'Unable to log in'
* Clean up schema generation (#4527)
* Handle multiple methods on custom action (#4529)
* RequestsClient, CoreAPIClient
* exclude_from_schema
* Added 'get_schema_view()' shortcut
* Added schema descriptions
* Better descriptions for schemas
* Add type annotation to schema generation
* Coerce schema 'pk' in path to actual field name
* Deprecations move into assertion errors
* Use get_schema_view in tests
* Updte CoreJSON media type
* Handle schema structure correctly when path prefixs exist. Closes#4401
* Add PendingDeprecation to Router schema generation.
* Added SCHEMA_COERCE_PATH_PK and SCHEMA_COERCE_METHOD_NAMES
* Renamed and documented 'get_schema_fields' interface.
1. The returns from the views needs to be a Response
2. I found that instantiating the generator at the module level caused an import error when starting Django, likely because it is executing before all the app load magic happened. Moving it into the view method solved this.
* lookup_type is deprecated in favor of lookup_expr
* assertEquals is deprecated in favor of assertEqual
* app_name is a required keyword as of Django 1.10
* Exclude read_only=True fields from unique_together validation
* Test to ensure that unique_together validators can be removed
* Do not add uniquness_extra_kwargs when validators are explicitly declared.
* Add docs on validation in complex cases
As per [their blog post of the 27th April](https://blog.readthedocs.com/securing-subdomains/) ‘Securing subdomains’:
> Starting today, Read the Docs will start hosting projects from subdomains on the domain readthedocs.io, instead of on readthedocs.org. This change addresses some security concerns around site cookies while hosting user generated data on the same domain as our dashboard.
Test Plan: Manually visited all the links I’ve modified.
ListSerializer fields or serializers that are passed many=True may also take an allow_empty=False argument to disallow empty lists as valid input.
Information about this was part of the 3.2 release announcement, but had not been part of the API docs until now.
This allows subclassing TokenAuthentication and setting custom keyword,
thus allowing the Authorization header to be for example:
Bearer 956e252a-513c-48c5-92dd-bfddc364e812
It doesn't change the behavior of TokenAuthentication itself,
it simply allows to reuse the logic of TokenAuthentication without
the need of copy pasting the class and changing one hardcoded string.
Related: #4080