Commit Graph

3576 Commits

Author SHA1 Message Date
Tim Schilling
b658915846
Version 3.14.0 proposal (#8599)
* Version 3.14.0

* Update docs/community/release-notes.md to use proper links.

Co-authored-by: Adam Johnson <me@adamj.eu>

* Add community announcement page for version 3.14

* Remove deprecated NullBooleanField.

* Change openapi _get_reference removal to 3.15

This deprecation was never released in the 3.13.x series and therefore
can't be removed at the same time the replacement is released.

* Removing deprecated openapi methods.

Co-authored-by: Adam Johnson <me@adamj.eu>
2022-09-21 14:08:12 +01:00
Tom Christie
51f1aff162
Revert 8552 (#8661) 2022-09-21 14:03:39 +01:00
Cihan Eran
3401ef56f8
Add --version CLI option to generateschema (#8552) 2022-09-21 13:08:21 +01:00
David Smith
4aea8dd65a
Change semantic of OR of two permission classes (#7522)
* Change semantic of OR of two permission classes

The original semantic of OR is defined as: the request pass either of the two has_permission() check, and pass either of the two has_object_permission() check, which could lead to situations that a request passes has_permission() but fails on has_object_permission() of Permission Class A, fails has_permission() but passes has_object_permission() of Permission Class B, passes the OR permission check. This should not be the desired permission check semantic in applications, because such a request should fail on either Permission Class (on Django object permission) alone, but passes the OR or the two.

My code fix this by changing the semantic so that the request has to pass either class's has_permission() and has_object_permission() to get the Django object permission of the OR check.

* Update rest_framework/permissions.py

* Update setup.cfg

Co-authored-by: Mark Yu <markyu98@outlook.com>
Co-authored-by: Tom Christie <tom@tomchristie.com>
2022-09-21 12:19:33 +01:00
willbeaufoy
354ae73ffb
Make APIClient.force_authenticate() work with user=None (#8212)
* Fix testing with token

* Add unit test

* Split unit test into 3

* Fix linting error
2022-09-15 09:35:48 +01:00
gabn88
54d52c66fd
Fixes that namespaced views now also appear in the extra actions (#8598)
* Fixes that namespaced views now also appear in the extra actions

Before this fix, namespaced views would not appear in the extra actions. With this fix they do.

* Flake fix
2022-08-31 11:17:19 +01:00
Jonas Lundberg
df584350b4
Prevent head method mapping to coerce action name (#7729) 2022-08-12 12:00:55 +01:00
ProstoMaxim
791d48c690
Enforce is_valid(raise_exception=False) as a keyword-only argument. (#7952)
* make raise_exception a keyword-only argument

* make raise_exception keyword-only in metaclass
2022-08-10 14:00:30 +01:00
Adam Johnson
20d106d8a3
Upgraded Bootstrap to 3.4.1 and added CSS source maps (#8591) 2022-08-10 11:53:21 +01:00
David Cain
8b2ccccbe5
Stop calling set_context, planned for 3.13 drop (#8589)
Per the deprecation warnings (which have been raised since DRF 3.11),
`set_context()` was planned not to be supported in DRF 3.13. I think we
can safely delete it, in favor of `requires_context`.

From the 3.11 announcement:

> Previous our approach to this was that implementations could include a
> `set_context` method, which would be called prior to validation. However
> this approach had issues with potential race conditions. We have now
> move this approach into a pending deprecation state. It will continue to
> function, but will be escalated to a deprecated state in 3.12, and
> removed entirely in 3.13.

Why keep `RemovedInDRF313Warning` around?
=========================================
It's a bit odd that version 3.13 includes an exception class describing
things which are to be deleted in 3.13, but I've opted to keep the (now
unreferenced) class around, for fear of breaking others' setup.

(For example, if projects have a `filterwarnings` setup meant to
intercept `rest_framework.RemovedInDRF313Warning`, an error will be
thrown due to an unresolvable reference).
2022-08-08 11:18:49 +01:00
Łukasz Wieczorek
fd8adb32ce
Refactor short names in exceptions (#8585) 2022-08-01 16:28:05 +01:00
Allan Lewis
224168a28f
exceptions.ErrorDetail: Handle NotImplemented correctly in __ne__ (#8538)
PR #7531 resolved issue #7433 by updating `ErrorDetails.__eq__` to correctly
handle the `NotImplemented` case. However, Python 3.9 continues to issue the
following warning:

    DeprecationWarning: NotImplemented should not be used in a boolean context

This is because `__ne__` still doesn't handle the `NotImplemented` case
correctly. In order to avoid this warning, this commit makes the same change
for `__ne__` as previously made for `__eq__`.
2022-08-01 15:18:22 +01:00
Carlton Gibson
ad282da97c
Replaced parse_header with parse_header_parameters. (#8556)
Add a backwards compatibility shim for Django versions that have no (or an incompatible)
django.utils.http.parse_header_parameters implementation.

Thanks to Shai Berger for review. 

Co-authored-by: Jaap Roes <jroes@leukeleu.nl>
2022-07-14 14:20:36 +02:00
Stanislav Khlud
101aff6c43
Make autogenerated read only fields to be able to be nullable (#8536) 2022-06-28 15:22:46 +01:00
Felix Viernickel
129890ab1b
Fix error in throttling when request.user is None (#8370)
Check to see if request.user is set before proceeding with further
authentication checks.
2022-06-24 13:02:11 +01:00
Yuekui
2051a79da3
Fix "`" typo (#8529) 2022-06-24 12:08:18 +01:00
Stian Jensen
dba9493a90
Don't evaluate default_timezone unless needed (#8531)
If you set a custom timezone for a DateTimeField, the function
self.default_timezone() is still called, since fallback params to
getattr are still evaluated.

This rewrites to use hasattr, so the fallback case is only executed if
it will actually be used. If you render a lot of DateTimeFields in a
serializer, the time spent evaluating default_timezone() once for each
of them can accumulate to quite a bit, which is just unused work in the
case where timezone is already specified on the field.
2022-06-24 11:28:00 +01:00
Alessandro
82475c232b
Made relative URLs clickable as well. (#8464) 2022-06-08 15:03:00 +01:00
Stephen Finucane
5185cc9348
Handle unset fields with 'many=True' (#7574)
* Handle unset fields with 'many=True'

The docs note:

  When serializing fields with dotted notation, it may be necessary to
  provide a `default` value if any object is not present or is empty
  during attribute traversal.

However, this doesn't work for fields with 'many=True'. When using
these, the default is simply ignored.

The solution is simple: do in 'ManyRelatedField' what we were already
doing for 'Field', namely, catch possible 'AttributeError' and
'KeyError' exceptions and return the default if there is one set.

Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #7550

* Add test cases for #7550

Signed-off-by: Stephen Finucane <stephen@that.guru>
2022-06-08 14:46:19 +01:00
Grigory
1396f6886a
Respect model error_messages for relation (#7599) 2022-06-06 13:53:42 +01:00
Alan Crosswell
563a20a040
make get_reference public (#7515) 2022-06-06 13:44:02 +01:00
Krukov D
281fc074ba
improve performance for noncallble attributes (#8502)
Co-authored-by: Dima Kryukov <dmitry.kryukov@pandadoc.com>
2022-06-06 12:54:57 +01:00
Mariusz Felisiak
333f1ffb94
Confirmed support for Django 4.1. (#8498) 2022-06-06 12:39:06 +01:00
hashlash
df92e57ad6
Added test client support for HTTP 307 and 308 redirects (#8419)
* Add retain test data on follow=True

* Simplify TestAPITestClient.test_follow_redirect

Inspired from Django's ClientTest.test_follow_307_and_308_redirect

* Add 307 308 follow redirect test
2022-03-24 09:57:42 +00:00
Partho Kumar Rajvor
5bea22f321
Added http 102, 103, 421, and 425 status codes (#8350) 2022-02-03 11:57:47 +00:00
Tom Christie
a5d741aba4
Update renderers.py 2022-02-01 09:42:43 +00:00
Sevdimali
f378f98a40
if else optimization (#8340)
Removed redundant parentheses
2022-01-27 15:02:20 +00:00
Luke Plant
bce9df9b5e
Make ReturnDict support dict union operators on Python 3.9 and later (#8302)
Fixes issue #8301
2021-12-22 15:08:58 +00:00
Tom Christie
f4cf0260bf Version 3.13.1 2021-12-15 15:18:24 +00:00
Tom Christie
a780e80deb
Revert "Make api_view respect standard wrapper assignments (#8291)" (#8297)
This reverts commit 9c97946531.
2021-12-15 15:16:38 +00:00
Jameel Al-Aziz
b3beb15b00
Fix CursorPagination parameter schema type (#7708)
The CursorPagination's cursor query parameter expects a string and not
an integer.

Fixes #7691
2021-12-13 14:03:09 +00:00
Tom Christie
7a84dc749c
Version 3.13 (#8285)
* Version 3.12.5

* Version 3.13

* Version 3.13
2021-12-13 13:10:17 +00:00
tim-mccurrach
9c97946531
Make api_view respect standard wrapper assignments (#8291) 2021-12-13 13:08:40 +00:00
Alexander Klimenko
b0d407fd63
Made api_setting.UNICODE_JSON/ensure_ascii affecting json schema (#7991) 2021-12-08 14:37:32 +00:00
Yecine Megdiche
380ac8e79d
Remove old-style super calls (#8226) 2021-12-06 15:32:33 +00:00
Carlton Gibson
2d9eee5d02 Adjusted URLPatternsTestCase to use addClassCleanup() from Django 4.0.
Refs faba5b702a.

addClassCleanup() is available from Python 3.8, which is the minimum supported
Python from Django 4.0.
2021-09-22 10:23:47 +02:00
Dan Lousqui
f0a5b958a1
Add max_length and min_length options to ListSerializer (#8165) 2021-09-14 13:45:55 +01:00
Peter Uittenbroek
655e803adf
#7157: Fix RemoteUserAuthentication calling django authenticate with request argument (#7158) 2021-09-03 14:37:03 +01:00
Juan Benitez
cb206e4701
fix: change View class to Throttle class on SimpleRateThrottle Docstring (#8147) 2021-09-03 13:00:23 +01:00
Aarni Koskela
fdb4931475
Make Field constructors keyword-only (#7632) 2021-08-06 10:14:52 +01:00
Nikhil Benesch
b215375125
Propagate nullability in ModelSerializer (#8116)
Propagate the nullability of underlying model fields in ModelSerializer
when those fields are marked as read only. This ensures the correct
generation of OpenAPI schemas.

Fix #8041.
2021-08-06 10:10:58 +01:00
Evgeny Panfilov
98e56e0327
fix empty string as a value for a validated DecimalField (#8064) (#8067) 2021-07-01 15:04:44 +01:00
Ian De Bie
61e7a993bd
fix comments by using correct css comment syntax (#8019)
these intended comments were causing errors in sonarqube scans due to using wrong css comment syntax
2021-06-07 10:30:23 +01:00
Denis Orehovsky
8812394ed8
Add distinction between request and response serializers for OpenAPI (#7424)
* Add distinction between request and response serializers

* Add docs

* document new functions in schemas.md

* add a test case for different request vs response objects

* Correct formatting for flake8

Co-authored-by: Shaun Gosse <shaun.gosse@emburse.com>
2021-04-20 15:03:16 +01:00
Tom Christie
0323d6f895
Linting fixes (#7874)
* Fixed code quality issues

- Added '.deepsource.toml' file for continuous analysis on bug risk

- Remove `return` from `__init__()` method

- Remove duplicate dictionary key(s)

- Use `max` built-in to get the maximum of two values

- Remove redundant `None` default

- Remove unnecessary comprehension

Signed-off-by: ankitdobhal <dobhal.ankit@protonmail.com>

* Delete .deepsource.toml

* Delete test_fields.py

* Reintroduce file from accidental deletion

Co-authored-by: ankitdobhal <dobhal.ankit@protonmail.com>
2021-03-26 12:27:10 +00:00
Tom Christie
f83620dcc9
Version 3.12.4 (#7873)
* Version 3.12.4

* Tweak release notes
2021-03-26 09:27:01 +00:00
Tom Christie
72c155d8f4
Revert "pick deque instead of list (#7849)" (#7872)
This reverts commit ebcb8d5310.
2021-03-26 09:17:47 +00:00
Tom Christie
83ad265e13
Version 3.12.3 (#7866) 2021-03-25 12:23:23 +00:00
Jack
ebcb8d5310
pick deque instead of list (#7849)
Co-authored-by: Jack Zhang <jack.zhang@aspiraconnect.com>
2021-03-25 10:47:44 +00:00
Anton Zaslavskiy
b25ac6c5e3
Don't hit db to access user_id in TokenProxy (#7852) 2021-03-19 11:46:09 +00:00