* Use subquery to remove duplicates in SearchFilter
* Align SearchFilter behaviour to django.contrib.admin
* Add compatibility with older django/python versions
* Allow search to split also by comma after smart split
* Use generator to build search conditions to reduce iterations
* Improve search documentation
* Update docs/api-guide/filtering.md
---------
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
`IsAuthenticatedOrReadOnly` authorizes users that are not
authenticated for read-only access to resources.
Therefore, they are unauthenticated users, not unauthorized users.
Apart from a few exceptions, django-rest-framework uses the American
English spelling "authorization"/"authorized".
$ git grep -oi authorised | wc -l
2
$ git grep -oi authorized | wc -l
30
Replace the few occurences of the British English spelling with the
American English one.
* Allow usage of Django 2.x path in SimpleRouter
* Use path in Default router
* Update docs/api-guide/routers.md
Co-authored-by: Éric <merwok@netwok.org>
* Update docs/api-guide/routers.md
Co-authored-by: Éric <merwok@netwok.org>
* Add tests also for default router with path
* Use a more relevant attribute for lookup when using path converters
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>
* Added normalize parameter to DecimalField to be able to strip trailing zeros. Fixes#6151.
* Updated docs to include normalize option on DecimalField
* Fixed linting error in test_fields
* Removed comment and renamed normalize to normalize_output as suggested in code review
Co-authored-by: Tom Christie <tom@tomchristie.com>
* Version 3.14.0
* Update docs/community/release-notes.md to use proper links.
Co-authored-by: Adam Johnson <me@adamj.eu>
* Add community announcement page for version 3.14
* Remove deprecated NullBooleanField.
* Change openapi _get_reference removal to 3.15
This deprecation was never released in the 3.13.x series and therefore
can't be removed at the same time the replacement is released.
* Removing deprecated openapi methods.
Co-authored-by: Adam Johnson <me@adamj.eu>
In the "Creating custom mixins" documentation, the code example recommends using
```python
if self.kwargs[field]
```
However, if the correct field is not present in kwargs, a KeyError arises.
A more secure option is tu use .get() to validate that the field is contained in the kwargs dictionary:
```python
if self.kwargs.get(field)
```
I found it unclear how the model was determined for `DjangoModelPermissions`. The docs say you need a `queryset` or `get_queryset`, but not that the value returned from those is what determines the model that is used.
* Fixed missing "fields" meta argument in docs, leading to an assertion error
* Update docs/api-guide/serializers.md
Co-authored-by: Tom Christie <tom@tomchristie.com>
Co-authored-by: Tom Christie <tom@tomchristie.com>
I might just be misunderstanding something (always a strong possibility!), but it seems to me that the table on the Permissions page is slightly inaccurate.
For `permission_classes`, wouldn't it have global-level permissions for list actions (rather than no permission control, as is currently listed)?
* docs updated to highlight use of select_related and prefetch related to avoid n+1 problems
* Apply suggestions from code review
cosmetic changes
Co-authored-by: Xavier Ordoquy <xordoquy@linovia.com>
* cosmetic changes
Co-authored-by: Xavier Ordoquy <xordoquy@linovia.com>
* Add distinction between request and response serializers
* Add docs
* document new functions in schemas.md
* add a test case for different request vs response objects
* Correct formatting for flake8
Co-authored-by: Shaun Gosse <shaun.gosse@emburse.com>
* Document the limitation that object level permissions do not apply to object creation. See for example #6409.
* Add overview of three different ways to restrict access
Added a sentence describing the use of a dictionary as the `detail` argument of a ValidationError, and how it can be used to add field-level errors during object-level validation.
There were recent updates to the `@action` decorator calling a little more attention to the kwargs it accepts.
I thought it would be useful to also provide an example in the throttling section of how those kwargs can be used to define/override throttle_classes through the action decorator as well.
* Add drf-psq to third party packages
* Add drf-psq to permissions.md
this package is an extension that gives support for having action-based **permission_classes**, **serializer_class**, and **queryset** dependent on permission-based rules.
Co-authored-by: Salar Nasiri <salarnasiri@users.noreply.github.com>
* url() is deprecated in Django 3.1
* update given feedbacks on url() is deprecated in Django 3.1
* Fix test_urlpatterns.py to continue testing mixed re_path() and path()
* Fix one missed reference
Co-authored-by: sanjusci <sanju.sci9@gmail.com>
