* Ensure CursorPagination respects nulls in the ordering field
* Lint
* Fix pagination tests
* Add test_ascending with nulls
* Push tests for nulls
* Test pass
* Add comment
* Fix test for django30
* Update relations.py
Currently if you define the slug field as a nested relationship in a `SlugRelatedField` while many=False, it will cause an attribute error. For example:
For this code:
```
class SomeSerializer(serializers.ModelSerializer):
some_field= serializers.SlugRelatedField(queryset=SomeClass.objects.all(), slug_field="foo__bar")
```
The POST request (or save operation) should work just fine, but if you use GET, then it will fail with Attribute error:
> AttributeError: 'SomeClass' object has no attribute 'foo__bar'
Thus I am handling nested relation here. Reference: https://stackoverflow.com/questions/75878103/drf-attributeerror-when-trying-to-creating-a-instance-with-slugrelatedfield-and/75882424#75882424
* Fixed test cases
* code comment changes related to slugrelatedfield
* changes based on pre-commit and removed comma which was added accidentally
* fixed primary keys of the mock object
* added more test cases based on review
---------
Co-authored-by: Arnab Shil <arnab.shil@thermofisher.com>
`IsAuthenticatedOrReadOnly` authorizes users that are not
authenticated for read-only access to resources.
Therefore, they are unauthenticated users, not unauthorized users.
Apart from a few exceptions, django-rest-framework uses the American
English spelling "authorization"/"authorized".
$ git grep -oi authorised | wc -l
2
$ git grep -oi authorized | wc -l
30
Replace the few occurences of the British English spelling with the
American English one.
Allow Request, Response, Field, and GenericAPIView to be subscriptable.
This allows the classes to be made generic for type checking.
This is especially useful since monkey patching DRF can be problematic
as seen in this [issue][1].
[1]: https://github.com/typeddjango/djangorestframework-stubs/issues/299
This fixes recent issues with installing isort via pre-commit that was
introduced in recent versions of poetry-core.
See https://github.com/PyCQA/isort/pull/2078
* tests: inherit FakeResolverMatcher from django.urls.ResolverMatcher in tests/test_versioning.py
* tests: inherit from rest_framework.versioning.BaseVersioning in tests/test_reverse.py
* fix: isort
---------
Co-authored-by: Piotr Szyma <pszyma@opera.com>
* Allow usage of Django 2.x path in SimpleRouter
* Use path in Default router
* Update docs/api-guide/routers.md
Co-authored-by: Éric <merwok@netwok.org>
* Update docs/api-guide/routers.md
Co-authored-by: Éric <merwok@netwok.org>
* Add tests also for default router with path
* Use a more relevant attribute for lookup when using path converters
Co-authored-by: Asif Saif Uddin <auvipy@gmail.com>
Co-authored-by: Éric <merwok@netwok.org>
* Re-prefetch related objects after updating
* Fix flake8 format
* Use _prefetch_related_lookups and refine test cases
* Add more test cases and refine prefetch checking
Without this, Django's ValidationErrors will bypass the error collection
from ListField's children.
Here is an example that illustrates this change.
Consider a Serializer that uses ListField like this:
```python
class SomeSerializer(serializers.Serializer):
uuids = serializers.ListField(
child=serializers.PrimaryKeyRelatedField(
queryset=Model.objects.something(),
validators=[SomeCustomValidator()]
)
)
```
Validating data that looks like this works fine:
```python
{uuids: ['some-valid-uuid', 'some-valid-uuid']}
```
Raising a DRF ValidationError for one of the children works fine, giving
an error object like:
```python
{'uuids': {0: ErrorDetail(string='Some validation error')}}
```
Raising a Django ValidationError for one of the children works
differently (which serializers.PrimaryKeyRelatedField can do in some
cases, like when the uuid is malformed). It gives an error object like:
```python
{'uuids': ["'X' is not a valid UUID."]}
```
Handling Django's ValidationErrors in ListField explicitly (like in this
pull request), will maintain a regular error interface in this case:
```python
{'uuids': {0: ErrorDetail(string="'X' is not a valid UUID.")}}
```
Scripts with type="application/json" or "text/plain" are not executed, so we can
use them to inject dynamic CSRF data, without allowing inline-script execution
in Content-Security-Policy.