Commit Graph

3680 Commits

Author SHA1 Message Date
Seokchan Yoon
3b41f01241
Fix potential XSS vulnerability in break_long_headers template filter (#9435)
The header input is now properly escaped before splitting and joining with <br> tags. This prevents potential XSS attacks if the header contains unsanitized user input.
2024-06-14 10:52:02 +01:00
Ivan Studinsky
fe92f0dd0d
Add __hash__ method for permissions.OperandHolder class (#9417)
`OperandHolder` is not hashable, so need to add `__hash__` method
2024-06-10 12:19:06 +06:00
Peter Thomassen
d58b8da591
Update deprecation hints 2024-04-30 18:28:23 +02:00
Peter Thomassen
d38aab39e4
Remove unused code 2024-04-30 18:28:22 +02:00
Terence Honles
e596f43c4e
use warnings rather than logging a warning for DecimalField warnings (#9367) 2024-04-27 17:15:06 +06:00
Max Muoto
7f18ec1b53
Revert "Ensure CursorPagination respects nulls in the ordering field (#8912)" (#9381)
This reverts commit b1cec517ff.
2024-04-27 17:07:05 +06:00
John-Anthony G. Thevos
f4194c4684
Update docstring (#9340) 2024-03-22 19:37:20 +00:00
Tom Christie
328591693d
Version 3.15.1 (#9339)
* Version 3.15.1
2024-03-22 11:47:50 +00:00
Tom Christie
eb361d289d
SearchFilter.get_search_terms returns list. (#9338) 2024-03-22 10:52:43 +00:00
Asif Saif Uddin
400b4c5441
Revert "Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespac…" (#9335)
This reverts commit 71f87a5864.
2024-03-22 09:39:30 +00:00
Tom Christie
4ef3aaf0ad
Revert #9030 (#9333)
* Revert #9030

* Fix test case
2024-03-22 09:40:34 +01:00
Tom Christie
4f10c4e43e
Revert "Fix Respect can_read_model permission in DjangoModelPermissions (#8…" (#9332)
This reverts commit 0618fa88e1.
2024-03-21 22:45:12 +00:00
Asif Saif Uddin
da78a147f2
Revert "Re-prefetch related objects after updating (#8043)" (#9327)
This reverts commit 2b34aa4291.
2024-03-21 22:23:30 +00:00
Asif Saif Uddin
0e4ed81627
Revert "feat: Add some changes to ValidationError to support django style vad…" (#9326)
This reverts commit 4abfa28e08.

Co-authored-by: Tom Christie <tom@tomchristie.com>
2024-03-21 17:09:43 +01:00
Alex Laird
d7c8dcfc7e
Revert PR that adds autocomplete_fields to TokenAdmin, as this break some use cases. (#9301) 2024-03-21 12:46:06 +00:00
Bruno Alla
2f66c294e3
Make inflection package truly optional (#9303)
* Make inflection package truly optional

Fix #9291

* Make inflection compat layer consistent with the others

Co-authored-by: T. Franzel <13507857+tfranzel@users.noreply.github.com>

---------

Co-authored-by: T. Franzel <13507857+tfranzel@users.noreply.github.com>
2024-03-18 23:29:02 +01:00
Nguyễn Anh Bình
337ba211e8
- Update the message to be consistent with the Django HttpResponseBase class. (#9287) 2024-03-17 14:22:03 +01:00
Tom Christie
2d8e9ad819
3.15 Release (#9210)
* Release Notes for 3.15

- Add docs/community/3.15-announcement.md
- Update docs/community/release-notes.md
- Update mkdocs.yml

Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>

* Release date pending

bump

* Changes to docs should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Fix typo

* Changes to tests should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to tests should not be included in release notes.

* Changes to tests should not be included in release notes.

* Fix typo in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to tests should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Improve changelog entry

* Changes to docs should not be included in release notes.

* Changes to docs should not be included in release notes.

* Changes to project workflow should not be included in release notes.

* Changes to docs should not be included in release notes.

* Update docs/community/3.15-announcement.md

Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>

* Update docs/community/3.15-announcement.md

* Update docs/community/3.15-announcement.md

* Update docs/community/release-notes.md

* Update docs/community/release-notes.md

Co-authored-by: Christian Clauss <cclauss@me.com>

* Update docs/community/release-notes.md

Co-authored-by: Christian Clauss <cclauss@me.com>

* Update docs/community/3.15-announcement.md

Co-authored-by: JAEGYUN JUNG <twicegoddessana1229@gmail.com>

* Update docs/community/release-notes.md

* Update docs/community/release-notes.md

Co-authored-by: JAEGYUN JUNG <twicegoddessana1229@gmail.com>

* Update release version

* Update supported Python and Django versions

---------

Co-authored-by: Rodrigo <rodrigo@crowdbotics.com>
Co-authored-by: Bruno Alla <browniebroke@users.noreply.github.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Christian Clauss <cclauss@me.com>
Co-authored-by: JAEGYUN JUNG <twicegoddessana1229@gmail.com>
2024-03-16 17:21:02 +00:00
Asif Saif Uddin
a677b09729
Revert "Fix validation for ListSerializer (#8979)" (#9283)
This reverts commit e2a4559c03.
2024-03-13 15:15:43 +00:00
JAEGYUN JUNG
730d216794
fix: Remove the _delegate_text attribute, which is being removed in django 5.0 (#9278) 2024-03-08 13:14:27 +00:00
şuayip üzülmez
a2eabfc867
Improve integration with Django Debug Toolbar (#9213) 2024-03-07 10:58:59 +01:00
willeM_ Van Onsem
a45432b54d
refactor removing parameters from kwargs when creating a ListSerializer (#9245)
* refactor removing parameters from kwargs when creating a ListSerializer

* insert child

* small rewrite

---------

Co-authored-by: Willem Van Onsem <willem.vanonsem@prosafco.be>
2024-02-20 15:08:19 +01:00
şuayip üzülmez
2ef77b1833
Use POST method instead of GET to perform logout in browsable API (#9208)
* Use POST method instead of GET to perform logout in browsable API

* Add a test that checks the presence of the logout form
2024-02-19 23:28:04 +01:00
Yuekui
41edb3b9dd
Avoid unnecessary unique together checking (#9154) 2024-01-26 11:36:18 +01:00
Christian Clauss
ab694eccde
Fix typo (#9231) 2024-01-24 23:17:01 +01:00
Christian Clauss
74689b1f44
pre-commit autoupdate (#9232) 2024-01-24 22:47:46 +01:00
Kien Dang
21bb21b65b
Fix use of ip_address_validators for Django 5.1+ (#9180)
* Fix use of ip_address_validators for Django 5.0+

* Change affected django version to 5.1
2024-01-11 13:34:46 +01:00
Viicos
d32346bae5
Fix type name of FieldInfo namedtuple (#9124)
* Fix type name of `FieldInfo` namedtuple

* Add test
2023-10-04 23:03:10 +06:00
Asif Saif Uddin
b6e3a22f7c
added jQuery 3.7.1 support & dropped previous version (#9094)
* added jQuery 3.7.1 support & dropped previous version

* added jQuery 3.7.1 support & dropped previous version
2023-09-09 13:51:05 +06:00
Devid
5c07060ce0
Use str as default path converter (#9066) 2023-08-16 20:11:50 +06:00
Denis Orehovsky
da9288878b
Partial serializer should not have required fields (#7563) 2023-08-13 10:36:19 +06:00
rizwanshaikh
7a9db57eaf
Propagate 'default' from model_field to serializer field. (#9030)
* Propagate 'default' from model_field to serializer field

Fix #7469.

Co-authored-by: Nikhil Benesch <nikhil.benesch@gmail.com>

* updated field default on serializer according to openapi generation and added that to options action response

* added notes regarding default value propagation from model to serializer field

* updated note

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

* Update docs/api-guide/fields.md

---------

Co-authored-by: John Parton <john.parton.iv@gmail.com>
Co-authored-by: Nikhil Benesch <nikhil.benesch@gmail.com>
Co-authored-by: Rizwan Shaikh <rshaikh@ces-ltd.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
2023-08-07 12:35:54 +06:00
Pierre Chiquet
589b5dca9e
Allow to override child.run_validation call in ListSerializer (#8035)
* Separated run_child_validation method in ListSerializer

* fix typo

* Add test_update_allow_custom_child_validation

---------

Co-authored-by: Pierre Chiquet <pierre.chiquet@ubikey.fr>
2023-07-26 10:27:49 +06:00
Devid
b99df0cf78
Align SearchFilter behaviour to django.contrib.admin search (#9017)
* Use subquery to remove duplicates in SearchFilter

* Align SearchFilter behaviour to django.contrib.admin

* Add compatibility with older django/python versions

* Allow search to split also by comma after smart split

* Use generator to build search conditions to reduce iterations

* Improve search documentation

* Update docs/api-guide/filtering.md

---------

Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
2023-07-25 19:01:23 +06:00
Amin Aminian
5c3b6e496c
class name added to unkown field error (#9019) 2023-07-25 13:51:25 +06:00
Sergey Klyuykov
7658ffd71d
Fix: Pagination response schemas. (#9049) 2023-07-15 15:26:56 +06:00
Burson
66d86d0177
Fix choices in ChoiceField to support IntEnum (#8955)
Python support Enum in version 3.4, but changed __str__ to int.__str__ until version 3.11 to better support the replacement of existing constants use-case.
[https://docs.python.org/3/library/enum.html#enum.IntEnum](https://docs.python.org/3/library/enum.html#enum.IntEnum)

rest_frame work support Python 3.6+, this commit will support the Enum in choices of Field.
2023-07-13 18:50:49 +06:00
Andrew
4f7e9ed3bb
Fix SearchFilter renders field with invalid value (#9023)
Co-authored-by: Andrii Tarasenko <andrii.tarasenko@py-t.com>
2023-07-02 13:57:20 +06:00
Samiul Sk
8dd4250d02
remove unnecessary line which was causing isort error (#9014) 2023-06-21 11:05:44 +06:00
rizwanshaikh
9cfa4bd7cc
Fix OpenAPI Schema yaml rendering for timedelta (#9007)
* fix OpenAPIRenderer for timedelta

* added test for rendering openapi with timedelta

* fix OpenAPIRenderer for timedelta

* added test for rendering openapi with timedelta

* Removed usage of field.choices that triggered full table load (#8950)

Removed the `{{ field.choices|yesno:",disabled" }}` block because this triggers the loading of full database table worth of objects just to determine whether the multi-select widget should be set as disabled or not.

Since this "disabled" marking feature is not present in the normal select field, then I propose to remove it also from the multi-select.

* Added Deprecation Warnings for CoreAPI (#7519)

* Added Deprecation Warnings for CoreAPI

* Bumped removal to DRF315

* Update rest_framework/__init__.py

* Update rest_framework/filters.py

* Update rest_framework/filters.py

* Update tests/schemas/test_coreapi.py

* Update rest_framework/filters.py

* Update rest_framework/filters.py

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update setup.cfg

* Update rest_framework/pagination.py

---------

Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>

* Update copy right timeline

* Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespaces (#7278)

* Fix the case where if the namespace is not None and there's no match,
  NamespaceVersioning always raises NotFound even if DEFAULT_VERSION
  is set or None is in ALLOWED_VERSIONS

* Add test cases

* fix OpenAPIRenderer for timedelta

* added test for rendering openapi with timedelta

* added testcase for rendering yaml with minvalidator for duration field (timedelta)

---------

Co-authored-by: Rizwan Shaikh <rshaikh@ces-ltd.com>
Co-authored-by: Lenno Nagel <lenno@namespace.ee>
Co-authored-by: David Smith <39445562+smithdc1@users.noreply.github.com>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Konstantin Kuchkov <konstantin.kuchkov@gmail.com>
2023-06-17 09:18:25 +06:00
Konstantin Kuchkov
71f87a5864
Fix NamespaceVersioning ignoring DEFAULT_VERSION on non-None namespaces (#7278)
* Fix the case where if the namespace is not None and there's no match,
  NamespaceVersioning always raises NotFound even if DEFAULT_VERSION
  is set or None is in ALLOWED_VERSIONS

* Add test cases
2023-06-14 19:24:09 +06:00
Asif Saif Uddin
aed7761a8d
Update copy right timeline 2023-06-13 15:01:29 +06:00
David Smith
a16dbfd110
Added Deprecation Warnings for CoreAPI (#7519)
* Added Deprecation Warnings for CoreAPI

* Bumped removal to DRF315

* Update rest_framework/__init__.py

* Update rest_framework/filters.py

* Update rest_framework/filters.py

* Update tests/schemas/test_coreapi.py

* Update rest_framework/filters.py

* Update rest_framework/filters.py

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update rest_framework/pagination.py

* Update rest_framework/pagination.py

* Update rest_framework/pagination.py

* Update rest_framework/pagination.py

* Update rest_framework/schemas/coreapi.py

* Update rest_framework/schemas/coreapi.py

* Update rest_framework/schemas/coreapi.py

* Update rest_framework/schemas/coreapi.py

* Update rest_framework/schemas/coreapi.py

* Update tests/schemas/test_coreapi.py

* Update setup.cfg

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update tests/schemas/test_coreapi.py

* Update rest_framework/pagination.py

---------

Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
2023-06-13 12:55:22 +06:00
Lenno Nagel
833313496c
Removed usage of field.choices that triggered full table load (#8950)
Removed the `{{ field.choices|yesno:",disabled" }}` block because this triggers the loading of full database table worth of objects just to determine whether the multi-select widget should be set as disabled or not.

Since this "disabled" marking feature is not present in the normal select field, then I propose to remove it also from the multi-select.
2023-06-13 10:27:37 +06:00
Nancy Eckenthal
a180bde0fd
Permit mixed casing of string values for BooleanField validation (#8970)
* be more permissive of mixed casing in validating strings for BooleanField values

* undo unnecessary change

* lint
2023-06-12 21:21:18 +06:00
Niyaz
02d9bfc2dd
Fixes BrowsableAPIRenderer for usage with ListSerializer. (#7530)
Renders list of items in raw_data_form and does not renders form in
template while using with `ListSerializer` (`many=True`).
2023-06-12 19:28:28 +06:00
Mathieu Dupuy
376a5cbbba
remove dependency on pytz (#8984)
* remove pytz

* Revert "remove pytz"

This reverts commit 393609dfaa.

* remove pytz, more subtly
2023-06-04 11:24:07 +06:00
Saad Aleem
e2a4559c03
Fix validation for ListSerializer (#8979)
* fix: Make the instance variable of child serializer point to the correct list object instead of the entire list when validating ListSerializer

* fix formatting issues for list serializer validation fix

* fix imports sorting for list serializer tests

* remove django 2.2 from docs index (#8982)

* Declared Django 4.2 support in README.md (#8985)

* Fix Links in Documentation to Django `reverse` and `reverse_lazy` (#8986)

* Fix Django Docs url in reverse.md

Django URLs of the documentation of `reverse` and `reverse_lazy` were wrong.

* Update reverse.md

* fix URLPathVersioning reverse fallback (#7247)

* fix URLPathVersioning reverse fallback

* add test for URLPathVersioning reverse fallback

* Update tests/test_versioning.py

---------

Co-authored-by: Jorn van Wier <jorn.van.wier@thunderbyte.ai>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>

* Make set_value a method within `Serializer` (#8001)

* Make set_value a static method for Serializers

As an alternative to #7671, let the method be overridden if needed. As
the function is only used for serializers, it has a better place in the
Serializer class.

* Set `set_value` as an object (non-static) method

* Add tests for set_value()

These tests follow the examples given in the method.

* fix: Make the instance variable of child serializer point to the correct list object instead of the entire list when validating ListSerializer

* Make set_value a method within `Serializer` (#8001)

* Make set_value a static method for Serializers

As an alternative to #7671, let the method be overridden if needed. As
the function is only used for serializers, it has a better place in the
Serializer class.

* Set `set_value` as an object (non-static) method

* Add tests for set_value()

These tests follow the examples given in the method.

* fix: Make the instance variable of child serializer point to the correct list object instead of the entire list when validating ListSerializer

* fix: Make the instance variable of child serializer point to the correct list object instead of the entire list when validating ListSerializer

* fix formatting issues for list serializer validation fix

* fix: Make the instance variable of child serializer point to the correct list object instead of the entire list when validating ListSerializer

* fix formatting issues for list serializer validation fix

* fix linting

* Update rest_framework/serializers.py

Co-authored-by: Sergei Shishov <sshishov@users.noreply.github.com>

* Update rest_framework/serializers.py

Co-authored-by: Sergei Shishov <sshishov@users.noreply.github.com>

* fix: instance variable in list serializer, remove commented code

---------

Co-authored-by: Mathieu Dupuy <deronnax@gmail.com>
Co-authored-by: Mehraz Hossain Rumman <59512321+MehrazRumman@users.noreply.github.com>
Co-authored-by: Dominik Bruhn <dominik@dbruhn.de>
Co-authored-by: jornvanwier <mail@jornvanwier.com>
Co-authored-by: Jorn van Wier <jorn.van.wier@thunderbyte.ai>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Étienne Beaulé <beauleetienne0@gmail.com>
Co-authored-by: Sergei Shishov <sshishov@users.noreply.github.com>
2023-05-29 20:03:11 +06:00
Étienne Beaulé
d252d22343
Make set_value a method within Serializer (#8001)
* Make set_value a static method for Serializers

As an alternative to #7671, let the method be overridden if needed. As
the function is only used for serializers, it has a better place in the
Serializer class.

* Set `set_value` as an object (non-static) method

* Add tests for set_value()

These tests follow the examples given in the method.
2023-05-24 19:59:42 +06:00
jornvanwier
a25aac7d67
fix URLPathVersioning reverse fallback (#7247)
* fix URLPathVersioning reverse fallback

* add test for URLPathVersioning reverse fallback

* Update tests/test_versioning.py

---------

Co-authored-by: Jorn van Wier <jorn.van.wier@thunderbyte.ai>
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
2023-05-18 09:46:40 +06:00