Commit Graph

1085 Commits

Author SHA1 Message Date
Tom Christie
f8b3f38b57
Update supported versions for 3.14 release (#8662)
* Update supported versions for 3.14 release

* Fix up test case for Django 3.0
2022-09-21 14:32:02 +01:00
Tim Schilling
b658915846
Version 3.14.0 proposal (#8599)
* Version 3.14.0

* Update docs/community/release-notes.md to use proper links.

Co-authored-by: Adam Johnson <me@adamj.eu>

* Add community announcement page for version 3.14

* Remove deprecated NullBooleanField.

* Change openapi _get_reference removal to 3.15

This deprecation was never released in the 3.13.x series and therefore
can't be removed at the same time the replacement is released.

* Removing deprecated openapi methods.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-09-21 14:08:12 +01:00
David Smith
4aea8dd65a
Change semantic of OR of two permission classes (#7522)
* Change semantic of OR of two permission classes

The original semantic of OR is defined as: the request pass either of the two has_permission() check, and pass either of the two has_object_permission() check, which could lead to situations that a request passes has_permission() but fails on has_object_permission() of Permission Class A, fails has_permission() but passes has_object_permission() of Permission Class B, passes the OR permission check. This should not be the desired permission check semantic in applications, because such a request should fail on either Permission Class (on Django object permission) alone, but passes the OR or the two.

My code fix this by changing the semantic so that the request has to pass either class's has_permission() and has_object_permission() to get the Django object permission of the OR check.

* Update rest_framework/permissions.py

* Update setup.cfg

Co-authored-by: Mark Yu <markyu98@outlook.com>
Co-authored-by: Tom Christie <tom@tomchristie.com>
2022-09-21 12:19:33 +01:00
willbeaufoy
354ae73ffb
Make APIClient.force_authenticate() work with user=None (#8212)
* Fix testing with token

* Add unit test

* Split unit test into 3

* Fix linting error
2022-09-15 09:35:48 +01:00
Jonas Lundberg
df584350b4
Prevent head method mapping to coerce action name (#7729) 2022-08-12 12:00:55 +01:00
David Cain
8b2ccccbe5
Stop calling set_context, planned for 3.13 drop (#8589)
Per the deprecation warnings (which have been raised since DRF 3.11),
`set_context()` was planned not to be supported in DRF 3.13. I think we
can safely delete it, in favor of `requires_context`.

From the 3.11 announcement:

> Previous our approach to this was that implementations could include a
> `set_context` method, which would be called prior to validation. However
> this approach had issues with potential race conditions. We have now
> move this approach into a pending deprecation state. It will continue to
> function, but will be escalated to a deprecated state in 3.12, and
> removed entirely in 3.13.

Why keep `RemovedInDRF313Warning` around?
=========================================
It's a bit odd that version 3.13 includes an exception class describing
things which are to be deleted in 3.13, but I've opted to keep the (now
unreferenced) class around, for fear of breaking others' setup.

(For example, if projects have a `filterwarnings` setup meant to
intercept `rest_framework.RemovedInDRF313Warning`, an error will be
thrown due to an unresolvable reference).
2022-08-08 11:18:49 +01:00
Sergey Lyapustin
a1b35bb44b
Use example.com domain in tests. (#8571)
* Use example.com domain for the samples.

* Fixed typo.
2022-07-25 10:28:41 +01:00
Tom Christie
fa9d516ee2
Update docstring test for more recent pygments version (#8530)
* Update docstring test for more recent pygments version

* Drop unused import
2022-06-20 10:44:27 +01:00
Stephen Finucane
5185cc9348
Handle unset fields with 'many=True' (#7574)
* Handle unset fields with 'many=True'

The docs note:

  When serializing fields with dotted notation, it may be necessary to
  provide a `default` value if any object is not present or is empty
  during attribute traversal.

However, this doesn't work for fields with 'many=True'. When using
these, the default is simply ignored.

The solution is simple: do in 'ManyRelatedField' what we were already
doing for 'Field', namely, catch possible 'AttributeError' and
'KeyError' exceptions and return the default if there is one set.

Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #7550

* Add test cases for #7550

Signed-off-by: Stephen Finucane <stephen@that.guru>
2022-06-08 14:46:19 +01:00
Marti Raudsepp
26830c3d2d
Fix QueryDict type error in test (#8475)
QueryDict takes a `str` argument. Discovered while working on
djangorestframework-stubs.
2022-06-08 14:37:46 +01:00
itsdkey
e7af8d662b
tests for #5127 (#7715)
* tests for #5127

* Resolves #5127
2022-06-08 13:41:26 +01:00
Grigory
1396f6886a
Respect model error_messages for relation (#7599) 2022-06-06 13:53:42 +01:00
Krukov D
281fc074ba
improve performance for noncallble attributes (#8502)
Co-authored-by: Dima Kryukov <dmitry.kryukov@pandadoc.com>
2022-06-06 12:54:57 +01:00
Mariusz Felisiak
333f1ffb94
Confirmed support for Django 4.1. (#8498) 2022-06-06 12:39:06 +01:00
hashlash
df92e57ad6
Added test client support for HTTP 307 and 308 redirects (#8419)
* Add retain test data on follow=True

* Simplify TestAPITestClient.test_follow_redirect

Inspired from Django's ClientTest.test_follow_307_and_308_redirect

* Add 307 308 follow redirect test
2022-03-24 09:57:42 +00:00
Luke Plant
bce9df9b5e
Make ReturnDict support dict union operators on Python 3.9 and later (#8302)
Fixes issue #8301
2021-12-22 15:08:58 +00:00
Tom Christie
a780e80deb
Revert "Make api_view respect standard wrapper assignments (#8291)" (#8297)
This reverts commit 9c97946531.
2021-12-15 15:16:38 +00:00
tim-mccurrach
9c97946531
Make api_view respect standard wrapper assignments (#8291) 2021-12-13 13:08:40 +00:00
Tom Christie
d0bb4d877f
Tweak test_description (#8293) 2021-12-13 09:33:03 +00:00
Carlton Gibson
f46c33e4e2 Fixed TestDefaultTZDateTimeField to allow multiple tzinfo implementations.
zoneinfo was made the default time zone implementation in
306607d5b9.
2021-09-23 11:57:03 +02:00
Carlton Gibson
19b6091554 Adjusted authentication test for internal CSRF changes.
Private _get_new_csrf_token() was removed in
231de683d8.
2021-09-23 11:57:03 +02:00
Carlton Gibson
4916854492 Removed USE_L10N setting from Django 4.0.
USE_L10N defaults to True from Django 4.0, and will be removed in Django 5.0.
2021-09-23 11:57:03 +02:00
Carlton Gibson
2d9eee5d02 Adjusted URLPatternsTestCase to use addClassCleanup() from Django 4.0.
Refs faba5b702a.

addClassCleanup() is available from Python 3.8, which is the minimum supported
Python from Django 4.0.
2021-09-22 10:23:47 +02:00
Dan Lousqui
f0a5b958a1
Add max_length and min_length options to ListSerializer (#8165) 2021-09-14 13:45:55 +01:00
Aarni Koskela
fdb4931475
Make Field constructors keyword-only (#7632) 2021-08-06 10:14:52 +01:00
Nikhil Benesch
b215375125
Propagate nullability in ModelSerializer (#8116)
Propagate the nullability of underlying model fields in ModelSerializer
when those fields are marked as read only. This ensures the correct
generation of OpenAPI schemas.

Fix #8041.
2021-08-06 10:10:58 +01:00
Evgeny Panfilov
98e56e0327
fix empty string as a value for a validated DecimalField (#8064) (#8067) 2021-07-01 15:04:44 +01:00
Denis Orehovsky
8812394ed8
Add distinction between request and response serializers for OpenAPI (#7424)
* Add distinction between request and response serializers

* Add docs

* document new functions in schemas.md

* add a test case for different request vs response objects

* Correct formatting for flake8

Co-authored-by: Shaun Gosse <shaun.gosse@emburse.com>
2021-04-20 15:03:16 +01:00
Terence Honles
a0a2c5cb37
Fix tests with mock timezone (#7911)
After django/django#13877, Django no longer checks for `hasattr(timezone, 'localize')` and instead does an inheritance check.
2021-04-16 17:27:22 +01:00
David Smith
d82519bf8a
Updated dependencies (#7589) 2021-04-05 10:28:03 +01:00
David Smith
96885dd9a7
Fixed markdown test (#7892)
The pygments rendering of invalid json changed in  pygments>=2.7.3
2021-04-01 09:49:47 +01:00
Aristotelis Mikropoulos
67ebdd32cd
Reject PrimaryKeyRelatedField bool lookup values (#7597)
* Reject PrimaryKeyRelatedField bool lookup values

* Test PrimaryKeyRelatedField bool lookup rejection

* Fix indentation in test
2021-03-17 13:28:38 +00:00
Tom Christie
7b53960c3b
Revert "made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)" (#7847)
This reverts commit 9c9ffb18f4.
2021-03-17 13:24:55 +00:00
Jesse London
9c9ffb18f4
made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)
HTML responses generated by the Browsable API otherwise generate
inconsistent ETAGs -- due to the presence of CSRF tokens in the response
-- even when the API is read-only, (and as such when the response
contains no resource-modifying forms, i.e. neither POST nor PUT forms,
which might require the CSRF token).

While the template was appropriately including CSRF tokens only within
POST and PUT forms, its AJAX overlay included the CSRF token in *every*
response, regardless of whether it would be needed.

This change brings the logic of the `script` block into line with that
of the rest of the template -- and such that read-only APIs (and really
the Browsable API pages of *any* read-only resources) will not
needlessly include the CSRF token, and will now be safely cachable -- by
both back-end systems and by the user agent.
2021-03-16 13:25:21 +00:00
Ömer Faruk Abacı
ce1568322a
Ordering filter bug with model property serializer field (#7609)
* Add failing tests for ordering filter with model property

* Fix get_default_valid_fields of OrderingFilter

* Filter model properties in get_default_valid_fields of OrderingFilter
2021-03-16 12:53:39 +00:00
Alex Hedlund
b256c46cb1
Render JSON fields with proper indentation in browsable API forms. (#6243)
* Fix JSONBoundField usage on nested serializers (#6211)

* Unify JSONBoundField as_form_field output between py2 and py3

When using json.dumps with indenting, in python2 the default formatting
prints whitespace after commas (,) and python3 does not. This can be
unified with the separators keyword argument.
2021-03-15 10:44:03 +00:00
Pierre Chiquet
c603b98403
Fix OpenAPISchema rendering for timedelta (#7641)
* Add failing test when rendering to json a schema with timedelta

* Fix JSONOpenAPIRenderer for fields with default=timedelta()

* fix isort

* fix test for python 3.5

Co-authored-by: Pierre Chiquet <pierre.chiquet@ubikey.fr>
2021-03-10 12:03:15 +00:00
Berkant
95ae92ef23
Fix #7706 (#7724)
Handle non-dict values for NestedSerializer during BrowsableAPI
rendering.
2021-03-09 11:34:18 +00:00
David Kerkeslager
05512160ab
Respect allow_null=True on DecimalFields (#7718)
* Handle None in to_representation()
* Return None as '' in to_representation() when coerce_to_string=True
* Handle '' as None in to_internal_value(), for symmetry with
  to_representation(), and because the empty concept doesn't make sense
  for Decimal.
2021-03-09 10:49:03 +00:00
Jonathan Mortensen
de7468d0b4
support multi db atomic_requests (#7739) 2021-03-03 11:15:39 +00:00
Sebastian Jordan
19655edbf7
Handle tuples same as lists in ValidationError detail context (#7647) 2021-01-06 13:13:34 +00:00
David Smith
04e0c2b9ab
Bumped Markdown version to 3.3 (#7590) 2020-10-13 17:27:08 +01:00
Aarni Koskela
0bdd537cc4
Ignore derivations of BrowsableAPIRenderer in OpenAPI schema (#7497)
* Ignore derivations of BrowsableAPIRenderer in OpenAPI schema
* Improve test_renderer_mapping test

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-10-12 16:40:26 +02:00
Kryštof Pilnáček
79daf315c4
Fix: authtoken.TokenProxy cannot be proxy when not installed (#7571)
closes https://github.com/encode/django-rest-framework/issues/7442
2020-10-09 12:16:15 +01:00
Adam Johnson
7921e9af43
Fix RemovedInDjango40Warning for middleware get_resopnse() (#7513)
Fixes #7417.

Fixes all these issues seen with `tox -e py38-django31`:

```
  /Users/chainz/Documents/Projects/django-rest-framework/tests/test_request.py:208: RemovedInDjango40Warning: Passing None for the middleware get_response argument is deprecated.
    SessionMiddleware().process_request(self.wrapped_request)

tests/test_requests_client.py: 1 test with warning
tests/test_testing.py: 4 tests with warnings
tests/test_throttling.py: 1 test with warning
tests/authentication/test_authentication.py: 4 tests with warnings
tests/browsable_api/test_browsable_api.py: 4 tests with warnings
  /Users/chainz/Documents/Projects/django-rest-framework/rest_framework/authentication.py:139: RemovedInDjango40Warning: Passing None for the middleware get_response argument is deprecated.
    check = CSRFCheck()
```
2020-10-09 10:48:03 +01:00
Tom Christie
a03c85225f
Update test_templatetags.py 2020-09-30 09:10:36 +01:00
Tom Christie
ae649336b1
Drop urlize_quoted_links (#7548) 2020-09-23 15:39:06 +01:00
Adam Johnson
410575dace
Replace all url() calls with path() or re_path() (#7512)
* url() is deprecated in Django 3.1

* update given feedbacks on url() is deprecated in Django 3.1

* Fix test_urlpatterns.py to continue testing mixed re_path() and path()

* Fix one missed reference

Co-authored-by: sanjusci <sanju.sci9@gmail.com>
2020-09-08 15:32:27 +01:00
David Smith
9990b59281
Dropped test compatibility shims for Django <2.2. (#7523) 2020-09-07 20:00:17 +02:00
David Smith
d5461e93fe
Bump flake8 to 3.8.3 (#7521) 2020-09-05 10:02:27 +02:00