Propagate the nullability of underlying model fields in ModelSerializer
when those fields are marked as read only. This ensures the correct
generation of OpenAPI schemas.
Fix#8041.
* Add distinction between request and response serializers
* Add docs
* document new functions in schemas.md
* add a test case for different request vs response objects
* Correct formatting for flake8
Co-authored-by: Shaun Gosse <shaun.gosse@emburse.com>
* Use `--strict-markers` instead of `--strict`, as per this warning:
```
/.../_pytest/config/__init__.py:1183: PytestDeprecationWarning: The --strict option is deprecated, use --strict-markers instead.
```
* Remove config option 'testspath' - pytest is logging a warning about this being unknown:
```
/.../_pytest/config/__init__.py:1233: PytestConfigWarning: Unknown config option: testspath
```
I can't find any reference to it in the pytest docs or changelog.
The template has not been maintained for six years, so it's out of date on versions and various "best practices" (e.g. pre-commit). I also think any template should be documented on its own repo rather than here, especially if it's not an official maintained project.
The contributing guide from `docs/community/contributing.md` was copy-pasted to `CONTRIBUTING.md` and the two have drifted apart over time. The docs page seems to have been updated a bit more so let's leave only that version.
HTML responses generated by the Browsable API otherwise generate
inconsistent ETAGs -- due to the presence of CSRF tokens in the response
-- even when the API is read-only, (and as such when the response
contains no resource-modifying forms, i.e. neither POST nor PUT forms,
which might require the CSRF token).
While the template was appropriately including CSRF tokens only within
POST and PUT forms, its AJAX overlay included the CSRF token in *every*
response, regardless of whether it would be needed.
This change brings the logic of the `script` block into line with that
of the rest of the template -- and such that read-only APIs (and really
the Browsable API pages of *any* read-only resources) will not
needlessly include the CSRF token, and will now be safely cachable -- by
both back-end systems and by the user agent.
* Add failing tests for ordering filter with model property
* Fix get_default_valid_fields of OrderingFilter
* Filter model properties in get_default_valid_fields of OrderingFilter
* Fix JSONBoundField usage on nested serializers (#6211)
* Unify JSONBoundField as_form_field output between py2 and py3
When using json.dumps with indenting, in python2 the default formatting
prints whitespace after commas (,) and python3 does not. This can be
unified with the separators keyword argument.
* Document the limitation that object level permissions do not apply to object creation. See for example #6409.
* Add overview of three different ways to restrict access