Commit Graph

3372 Commits

Author SHA1 Message Date
Carlton Gibson
ac4c78967a Update version for v3.9.2 release. 2019-03-03 20:16:16 +01:00
Jon Dufresne
7eac86688a Remove executable bit from static assets (#6484)
These files are simply static assets and do not require an executable
bit. They are never intended to be executed as standalone scripts.
2019-03-03 18:39:08 +00:00
Carlton Gibson
94593b3a50
Introduce RemovedInDRF…Warning classes to simplify deprecations. (#6480)
Closes #6290.
2019-03-03 09:20:45 +01:00
Jon Dufresne
a216d02ce0 Merge multiple isinstance() calls to one (#6481)
https://docs.python.org/3/library/functions.html#isinstance

> If classinfo is a tuple of type objects (or recursively, other such
> tuples), return true if object is an instance of any of the types.
2019-03-02 20:48:03 +00:00
Andrzej Górski
317174b163 Avoided calling distinct on annotated fields in SearchFilter. (#6240)
Fixes #6094
2019-02-25 16:59:25 +01:00
Adrien Brunet
2daf6f1341 Add negation ~ operator to permissions composition (#6361) 2019-02-25 15:33:40 +01:00
Frédéric Massart
94fbfcb6fd Added lazy evaluation to composed permissions. (#6463)
Refs #6402.
2019-02-25 13:47:02 +01:00
Carlton Gibson
8a29c53226 Allowed Q objects in limit_choices_to introspection. (#6472)
Closes #6470.
2019-02-25 10:49:29 +00:00
Charlie Hornsby
07c5c968ce Fix DeprecationWarning when accessing collections.abc classes via collections (#6268)
* Use compat version of collections.abc.Mapping

Since the Mapping class will no longer be available to import directly
from the collections module in Python 3.8, we should use the
compatibility helper introduced in #6154 in the fields module.

* Alias and use compat version of collections.abc.MutableMapping

Since the MutableMapping class will no longer be available to import
directly from the collections module in Python 3.8, we should create an
alias for it in the compat module and use that instead.
2019-02-25 09:17:04 +01:00
Allan Reyes
d110454d4c Added SearchFilter.get_search_fields() hook. (#6279) 2019-02-19 17:18:14 +01:00
Si Feng
1ece516d2d Adjusted field validators to accept iterables. (#6282)
Closes 6280.
2019-02-19 16:38:20 +01:00
jeffrey k eliasen
eb3180173e Made templates compatible with session-based CSRF. (#6207) 2019-02-19 12:15:03 +01:00
Carlton Gibson
190f6201cb
Update Django Guardian dependency. (#6430)
* Update Django Guardian dependency.
* Skip testing Guardian on PY2. See https://github.com/django-guardian/django-guardian/issues/602
2019-01-31 15:59:19 +01:00
Carlton Gibson
bd9a799e16
Fixed SchemaView to reset renderer on exception. (#6429)
Fixes #6258.
2019-01-31 15:28:01 +01:00
Carlton Gibson
f54a220d8f
Corrected coreapi CLI code example generation. (#6428)
Remove “> “ when rendering template.
Closes #6333.
2019-01-31 11:36:40 +01:00
Andy Babic
87ade870c3 Added 'request_forms' block to base.html (#6340) 2019-01-24 16:30:46 +01:00
Carlton Gibson
8d20e10218
Deferred schema renderer creation to avoid requiring pyyaml. (#6416)
Closes #6366.
2019-01-24 16:01:06 +01:00
Carlton Gibson
f539c0dbd1
Removed incorrect DictField docstring. (#6417)
Closes #6363.
2019-01-24 15:18:22 +01:00
Sébastien Diemer
822b85ac36 routers: invalidate _urls cache on register (#6407)
see https://github.com/encode/django-rest-framework/issues/5660

Trying to register new routes on a router after having accessed the
router `urls` attribute leads to surprising results.
The route is added without error to the router's `registry` but the urls
are not updated, because they are cached in `_urls`.
This commit invalidates the cache after each new registration.
2019-01-17 13:07:57 +00:00
Tom Christie
453196e9c3
Version 3.9.1 (#6405)
* Version 3.9.1

* Upgrade bootstrap

* Release notes for 3.9.1
2019-01-16 13:27:35 +00:00
Yury V. Zaytsev
4bb9a3c484 Fix XSS caused by disabled autoescaping in the default DRF Browsable API view templates (#6330)
* Add test that verifies that HTML is correctly escaped in Browsable API views

* Fix `urlize_quoted_links` tag to avoid double escaping in autoescape mode

* Fix XSS in default DRF Browsable API template by re-enabling autoescape
2019-01-16 12:36:25 +00:00
Adrien Brunet
e3bd4b9048 Fix #1811: take limit_choices_to into account with FK (#6371)
* Fix issue1811: take limit_choices_to into account with FK

* Issue 1811: Add tests to illustrate issue

* Filter queryset only if limit_choices_to exists

* Move test_relations_with_limited_querysets file within test_relations_pk

* move limit_choices_to logic from relations.py to utils/field_mapping.py

* move limit_choices_to above other check to avoid conflicts
2019-01-08 13:49:47 +00:00
Stephen Finucane
c052a86c7b compat: (py2) urlparse = urllib.parse (py3) (#6262)
* compat: (py2) urlparse = urllib.parse (py3)

We were mistakenly importing the 'urlparse' function from the Python 2
'urlparse' module, as opposed to the module itself. Correct this.

Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #6261

* compat: Remove 'compat.urlparse'

We can just use Django's vendored six library, like we do everywhere
else.

Signed-off-by: Stephen Finucane <stephen@that.guru>
2019-01-08 12:03:02 +00:00
Carlton Gibson
587058e3c2 Allow run_validators() to handle non-dict types. (#6365)
Fixes #6053.

Original test case thanks to Vincent Delaitre in #6242.
2019-01-08 11:39:30 +00:00
Yaser Khahani
0cf18c4163 Use Default Version in URLPathVersioning if 'version' Didn't Specified by Client (#6380)
* Use Default Version in URLPathVersioning if 'version' Didn't Passed

* Clean Code
2019-01-08 11:34:54 +00:00
Alf
963ce306f3 Added "allow_unicode" to generated kwargs for ModelSerializer SlugField (#6315) 2018-12-19 15:37:52 +01:00
HoangYell
b61806e3b3 add "js-tooltip" class to "POST" button (#6344)
the tool tip of "POST" button is different from other buttons, since it loses the "js-tooltip" class.
2018-12-03 12:10:05 +00:00
Benjamin Pereto
5a54f897ec FIX: openapi schema title should be a string not a tuple (#6259) 2018-11-28 12:45:26 +00:00
Xavier Ordoquy
74574217a4 Fix composable permissions
In some cases we end with an operation between two `OperandHolder`.
This didn't work as it didn't knew how to deal with | or &
This fixes by adding those operations.
2018-11-27 15:29:44 +01:00
takaaki shimbo
0f5dfe8b3c Fix typo in schemas (#6332)
* Fix typo in generators.py

* Fix typo in inspectors.py

* message line too long

* Change backslash to multiline strings

* Removed trailing whitespace from assertion message
2018-11-26 10:14:59 -08:00
Mark Davidoff
6f2c0dbf4d
permissions must return a boolean
`x and y` actually returns object y when both are true. the means P & IsAuthenticated will fail with TypeError: unsupported operand type(s) for &: 'instance' and 'bool' as IsAuthenticated now returns a CallableBool which does not overload __ror__
2018-10-28 14:12:39 -07:00
Tom Christie
2c9c0f1b7f
Version 3.9 (#6247)
* Release notes to 5174a26ec9

* Update version for v3.9.0

* Removed exclude_from_schema per deprecation policy.

* Updated list_route() and detail_route() deprecations.

* Weakened to PendingDeprecationWarning for `base_name`

cc @rpkilby.

* Add (beginning of) 3.9 release announcement.

@tomchristie: Input on OpenAPI and What’s Next very welcome! :)

* Add announcement section for Extra Actions in Browsable API

* Update release notes and add deprecation note for Django Guardian backend.

* Add release note for #6073

* Add release notes to dd19a44583

* Adding release notes

* Update 3.9 announcement

* Add Oct 18 release date
2018-10-18 10:38:46 +01:00
Dennis Kliban
dd19a44583 Problem: autoescape not getting passed to urlize_quoted_links filter (#6191)
Solution: set needs_autoescape=True when registering the filter

Without this patch, the disabling autoescape in the template does not work.
2018-10-10 10:36:04 +02:00
Daniel Bate
5feb835929 Feature/action docs sections (#6060)
* added ability to add sections to custom action documentation

* added tests to cover docs sections in custom actions

* added method specific docs test for action mapping

* added docs for custom action documentation
2018-10-10 10:29:29 +02:00
Tom Christie
6522d4ae20
Add OpenAPIRenderer by default, and add schema docs. (#6233)
* Add OpenAPIRenderer as a default for get_schema_view, and start adding schema docs

* Add optional pyyaml

* Updating schema docs
2018-10-04 14:05:55 +01:00
Xavier Ordoquy
b41a6cfa38 permissions: Allow permissions to be composed (#5753)
* permissions: Allow permissions to be composed

Implement a system to compose permissions with and / or.
This is performed by returning an `OperationHolder` instance that keeps the
permission classes and type of composition (and / or).
When called it will return a AND/OR instance that will then delegate the
permission check to the operands.

* permissions: Add documentation about composed permissions

* Fix documentation typo in permissions
2018-10-03 15:36:24 +01:00
Tom Christie
8908934928
Add OpenAPIRenderer and generate_schema management command. (#6229)
* Add OpenAPIRenderer and generate_schema command

* Add both OpenAPIRenderer and JSONOpenAPIRenderer

* Add flags to generate_schema command

* Fix syntax error

* Pull coreschema references into method, so they are only used if 'OpenAPIRenderer' is in use.

* generate_schema -> generateschema, and fix to OpenAPIRenderer

* Ensure that renderers generate bytes and generateschema outputs text

* Drop unused import
2018-10-03 15:28:04 +01:00
Jerome Leclanche
0eb2dc1137 Prohibit null characters in CharField by default (#6073)
* Implement an allow_null_bytes argument to CharField (default True)
* Switch to using native ProhibitNullCharactersValidator instead
2018-10-02 16:54:15 +02:00
Ryan P Kilby
66183389f6 Deprecate DjangoObjectPermissionsFilter (#6075) 2018-10-02 16:34:25 +02:00
Ryan P Kilby
903204cd79 Fix action support for ViewSet suffixes (#6081)
* Add suffix support for actions

Removes the newly introduced `action.name` in favor of leveraging the
View's `.get_view_name()` method, which supports both name and suffix.

* Fix view description func docstrings

* Test action decorator name & suffix kwargs

* Adjust 'extra action' docs
2018-10-02 16:22:21 +02:00
Jon Dufresne
878f9d2783 Prefer https:// for URLs when available throughout project (#6208) 2018-10-02 08:28:58 +02:00
Jon Dufresne
ed6340ee76 Remove unnecessary use of compat shim six.binary_type (#6189)
The type bytes is available on all supported Pythons. On Python 2.7, it
is an alias for str, same as six.binary_type. Makes the code more
forward compatible with Python 3.
2018-09-17 10:39:59 +02:00
Ryan P Kilby
fc6cbb5b26 Allow nullable BooleanField in Django 2.1 (#6183)
* Add tests for BooleanField when nullable

* Allow nullable BooleanField in Django 2.1

* Drop 'BooleanField.allow_null' check

* Remove conflicting false/null values
2018-09-13 17:25:03 +01:00
Jerome Leclanche
612a7b989f Fix Python 3.8 compatibility (#6154) 2018-09-10 21:12:32 -07:00
Jon Dufresne
4d57d46bf8 Prefer io.BytesIO over six; available on all supported Pythons (#6168)
On all supported Pythons, the io.BytesIO is always a stream
implementation using an in-memory bytes buffer.

Makes code slightly more forward compatible by reducing use of the six
module and promotes more forward compatible practices in the docs.
2018-09-09 11:53:41 +01:00
oliver
bcc565f387 Clean up unnecessary if statement (#6163) 2018-09-06 07:25:20 +01:00
Jon Dufresne
468cdd16ed Remove unnecessary models.py file (#6142)
Since Django 1.7, an empty models.py file is not required.

See
https://docs.djangoproject.com/en/dev/releases/1.7/#app-loading-refactor

> It is possible to omit models.py entirely if an application doesn’t
> have any models.
2018-08-28 09:51:28 +02:00
Craig de Stigter
81fa4b4f75 Fix CSRF cookie check failure when using session auth with django 1.11.6+ (#6113)
Test included. Fixes #6088
2018-08-07 08:18:56 +01:00
Oleg
2fab7838ef Improve ModelSerializer.create() error message. (#6112) 2018-08-06 20:11:55 +02:00
Oleg
8b5e830bce Handle models without .objects manager in ModelSerializer. (#6111)
* Handle models without .objects manager in ModelSerializer.

* Improvements according to review comments.
2018-08-06 14:30:43 +02:00
Ryan P Kilby
38b3d0109b Only catch TypeError/ValueError for object lookups (#6028)
* Only catch TypeError/ValueError for object lookups

* Test wrapped TypeError/ValueError handling

* Raise NotImplementedError in tests instead of pass
2018-07-06 12:18:17 +02:00
Ryan P Kilby
a628a2dbce Drop Django 1.10 support (#5657)
* Remove Django 1.10 from CI

* Remove Django 1.10 compat code
2018-07-06 12:14:31 +02:00
Ryan P Kilby
9b8af04e7f Move guardian imports out of compat (#6054) 2018-07-06 11:32:02 +02:00
Ryan P Kilby
7095021db7 Rename base_name => basename for consistency's sake (#5990)
* Rename base_name => basename for consistency

* Update tests to use basename
2018-07-06 11:03:12 +02:00
Ryan P Kilby
f89cc066bc Admin renderer urls (#5988)
* Make admin detail link have small width

* Disable admin detail link when no URL

* Add 'AdminRenderer.get_result_url'

Attempts to reverse the result's detail view URL.
2018-07-06 10:58:26 +02:00
Daniel Hahler
3578bd6883 get_error_detail: use error_dict/error_list (#5785) 2018-07-06 10:44:58 +02:00
Ryan P Kilby
6511b52cca Fix schemas for extra actions (#5992)
* Add failing test for extra action schemas

* Add ViewInspector setter to store instances

* Fix schema disabling for extra actions

* Add docs note about disabling schemas for actions
2018-07-06 10:35:36 +02:00
Ryan P Kilby
0148a9f8da Improvements to ViewSet extra actions (#5605)
* View suffix already set by initializer

* Add 'name' and 'description' attributes to ViewSet

ViewSets may now provide their `name` and `description` attributes
directly, instead of relying on view introspection to derive them.
These attributes may also be provided with the view's initkwargs.

The ViewSet `name` and `suffix` initkwargs are mutually exclusive.

The `action` decorator now provides the `name` and `description` to
the view's initkwargs. By default, these values are derived from the
method name and its docstring. The `name` may be overridden by providing
it as an argument to the decorator.

The `get_view_name` and `get_view_description` hooks now provide the
view instance to the handler, instead of the view class. The default
implementations of these handlers now respect the `name`/`description`.

* Add 'extra actions' to ViewSet & browsable APIs

* Update simple router tests

Removed old test logic around link/action decorators from `v2.3`. Also
simplified the test by making the results explicit instead of computed.

* Add method mapping to ViewSet actions

* Document extra action method mapping
2018-07-06 10:33:10 +02:00
Eduardo GP
ff4429fad4 fix e.indexOf is not a function error (#5982) 2018-05-11 21:49:29 +01:00
Craig de Stigter
9629886915 Fixed AttributeError from items filter when value is None (#5981) 2018-05-11 08:50:08 +02:00
Ryan O’Hara
a11938ce96 Fixed instance being overwritten in pk-only optimization try/except block (#5747) 2018-04-24 16:15:38 +02:00
Noam
7268643b25 min_value/max_value support in DurationField (#5643)
* Added min_value/max_value field arguments to DurationField.
* Made field mapping use mix/max kwargs for DurationField validators.
2018-04-24 09:24:05 +02:00
Sascha P
7d64b7016d Removed input value from deault_error_message (#5881) 2018-04-20 16:00:27 +02:00
Jimmy Merrild Krag
4260531b6c Render descriptions (from help_text) using safe (#5869)
To allow embedded HTML, and make consistent with other usages.

Fixes #5715.
2018-04-20 15:51:27 +02:00
Jimmy Merrild Krag
5ee0e5df83 Correct schema parsing for JSONField (#5878)
Fixes #5873.
* Use Object type. 
* Add test for field_to_schema
2018-04-20 15:47:20 +02:00
Craig Anderson
2ebd479759 Allow hashing of ErrorDetail to fix #5919 (#5932) 2018-04-20 15:32:37 +02:00
Christian Kreuzberger
f148e4e259 Ensure that html forms (multipart form data) respect optional fields (#5927) 2018-04-20 15:11:52 +02:00
Tom Christie
7e705246ca
Ensure docs sidebar can scroll to bottom. (#5949)
Closes #5948
2018-04-20 12:11:48 +01:00
Ryan P Kilby
7078afa42c Change ISO 8601 date format to exclude year/month (#5936) 2018-04-14 05:23:31 +01:00
Carlton Gibson
fb802c0910
Update version and notes for 3.8.2 release. (#5923) 2018-04-06 15:41:11 +02:00
Carlton Gibson
42eb5a4342
Fix read_only + default unique_together validation. (#5922)
* Add test for read_only + default unique_together validation.
* Fix read_only + default validation
2018-04-06 15:20:54 +02:00
gsvr
32caca4dd3 Import coreapi from rest_framework.compat, not directly. (#5921) 2018-04-05 15:07:49 +02:00
Carlton Gibson
bc353452f4
Bump version and release notes for 3.8.1 (#5916) 2018-04-04 21:10:34 +02:00
Ryan P Kilby
cba426b34c Use old url_name behavior in route decorators (#5915)
* Wrap action decorator for old url_name behavior
2018-04-04 20:50:42 +02:00
Carlton Gibson
fc588f539b
Version 3.8 Release (#5769) 2018-04-03 15:35:26 +02:00
Carlton Gibson
1befab795a
Added generic 500 and 400 JSON error handlers. (#5904)
* Added generic 500 and 400 JSON error handlers.
* Docs for generic error views.
2018-04-03 09:16:36 +02:00
Andrew Tallos
36119cad31 Enable OrderingFilter to handle an empty tuple (or list) for the 'ordering' field. (#5899) 2018-03-26 12:22:45 +01:00
Craig de Stigter
a5072778e9 Don't show hidden fields in metadata (#5854)
HiddenField is meant to be hidden, but we discovered it showing up in OPTIONS requests
2018-03-23 22:47:10 +00:00
Charlie McBride
a7e2a7bfcd Add LimitOffsetPagination.get_count to allow method override (#5846)
* Add LimitOffsetPagination.get_count to allow method override

* Format method docstring
2018-03-23 22:25:43 +00:00
George-Cristian Bîrzan
85c588b0c1 #5848 Allow traversing nullable related fields (#5849) 2018-03-20 22:02:22 +01:00
Carlton Gibson
6c0c69ed65
Correct allow_null behaviour when required=False (#5888)
* Revert "Non-required fields with 'allow_null=True' should not imply a default value (#5639)"
    This reverts commit 905a5579df.
    Closes #5708

* Add test for allow_null + required=False
    Ref #5708: allow_null should imply default=None, even for non-required fields.

* Re-order allow_null and default in field docs
    default is prior to allow_null. allow_null implies an outgoing default=None.

* Adjust allow_null note.
2018-03-20 21:24:39 +01:00
Carlton Gibson
c2b24f83a3
Alter read_only+default behaviour (#5886)
* Always exclude read_only fields from _writable_fields

* Remove `read_only` from `CreateOnlyDefault` example.
      In this context (without mentioning `save`) now slightly misleading.
2018-03-20 21:09:31 +01:00
gthieleb
9e08a7cbec Fixed schema for UUIDField in SimpleMetadata. (#5872)
* fix schema for UUIDField

* Add unit test for d4c8f2db
2018-03-13 15:49:15 +01:00
Oliver Newman
d2994e0596 Fix comment typo in ModelSerializer (#5844) 2018-02-21 16:39:53 +01:00
Carlton Gibson
e34fd995cd
Made TemplateHTMLRenderer render IntegerField inputs when value is 0. (#5834)
* Fix 0 value IntegerField in TemplateHTMLRenderer

Signed-off-by: Nikhil Sheoran <nikhilsheoran96@gmail.com>

* Remove unnecessary `field.value != “”` check

* Adjust test case

Uses `vertical` templates only.
2018-02-16 16:48:20 +01:00
Carlton Gibson
da535d31dd
Fixed active timezone handling for non ISO8601 datetimes. (#5833)
* Add failing test for to_representation with explicit default timezone

See discussion here:
    https://github.com/encode/django-rest-framework/pull/5435#issuecomment-364054509

* Always run enforce_timezone
2018-02-16 16:47:49 +01:00
Daniel Hahler
2854679f56 Upgrade isort (#5817)
* Fix isort

* runtests: add --diff to ISORT_ARGS

* requirements-codestyle: bump isort to 4.3.3

* isort: move config to setup.cfg
2018-02-14 20:12:14 +00:00
Kent Kawashima
d82b332a09 Changes ternary conditionals to be PEP308 compliant (#5827) 2018-02-14 14:06:09 +00:00
Carlton Gibson
7d0d22ffaa Use single copy of static assets. Update jQuery (#5823)
* Move font-awesome to top level.

* Use top-level jQuery & Bootstrap

* Update to jQuery v3.3.1

Compatible with Bootstrap v3.3.7
c.f. https://github.com/twbs/bootstrap/issues/16834#issuecomment-251996660

* Re-add bootstrap-theme
2018-02-12 14:14:44 +00:00
Ryan P Kilby
1bc826e6fd
Fix authtoken views imports (#5818) 2018-02-07 14:46:17 -05:00
Ryan P Kilby
c456b3c510 Fix request formdata handling (#5800)
* Rename 'wsgi' request test to more accurate 'http'

* Test duplicate request stream parsing

* Fix setting post/files on the underlying request
2018-02-05 16:24:13 +01:00
Paulo Scardine
0d5a3a00b0 Add schema to ObtainAuthToken
Add encoding parameter to ManualSchema

Closes #5676

* Fixed lint errors
* Added docs for ManualSchema encoding parameter
2018-02-05 16:16:42 +01:00
Jeremy Lainé
a8d129b7da Represent serializer DictField as an Object in schema
DictFields were incorrectly being output as String in the schema.
This pull request outputs an Object instead and adds a unit test.

Update s/detail_route/action/ after rebase
2018-02-01 16:23:24 +01:00
Jeremy Lainé
27f32faee4 Fix schema generation for PrimaryKeyRelatedField (#5764)
By default all subclasses of RelatedField are output as string fields in
the schema, which works well for StringRelatedField, SlugRelatedField or
HyperlinkedRelatedField.

Handle the common case of a PrimaryKeyRelatedField pointing to an
AutoField.
2018-02-01 16:14:35 +01:00
Si Feng
df77f7bb9d Make 404 & 403 responses consistent with exceptions.APIException output (#5763) 2018-01-30 22:10:02 +00:00
Daniel Hahler
769bc1336f ErrorDetail: add __eq__/__ne__ and __repr__ (#5787)
This adds `__eq__` to handle `code` in comparisons.

When comparing an ErrorDetail to a string (missing `code` there) the
ErrorDetail's `code` is ignored, but otherwise it is taken into account.
2018-01-30 08:45:09 +01:00
Jon Dufresne
052a20cd7b Load 'static' instead of 'staticfiles' in templates (#5773) 2018-01-26 00:43:55 -05:00
Ryan P Kilby
73203e6b59 Rework dynamic list/detail actions (#5705)
* Merge list/detail route decorators into 'action'

* Merge dynamic routes, add 'detail' attribute

* Add 'ViewSet.get_extra_actions()'

* Refactor dynamic route checking & collection

* Refactor dynamic route generation

* Add 'ViewSet.detail' initkwarg

* Fixup schema test

* Add release notes for dynamic action changes

* Replace list/detail route decorators in tests

* Convert tabs to spaces in router docs

* Update docs

* Make 'detail' a required argument of 'action'

* Improve router docs
2018-01-25 09:40:49 +01:00
Carlton Gibson
a540acdc95
Allowed customising API documentation code samples (#5752)
* Allowed additional languages in API documentation

* Documented renderer_classes parameter and customising languages.
2018-01-25 09:39:03 +01:00
Jeremy Lainé
588b61e171 Remove unreachable code from ManualSchema (#5766)
ManualSchema.get_link had two return statements. Prune the second
(unreachable) return.
2018-01-24 08:52:33 +01:00