Commit Graph

1133 Commits

Author SHA1 Message Date
David Smith
4aea8dd65a
Change semantic of OR of two permission classes (#7522)
* Change semantic of OR of two permission classes

The original semantic of OR is defined as: the request pass either of the two has_permission() check, and pass either of the two has_object_permission() check, which could lead to situations that a request passes has_permission() but fails on has_object_permission() of Permission Class A, fails has_permission() but passes has_object_permission() of Permission Class B, passes the OR permission check. This should not be the desired permission check semantic in applications, because such a request should fail on either Permission Class (on Django object permission) alone, but passes the OR or the two.

My code fix this by changing the semantic so that the request has to pass either class's has_permission() and has_object_permission() to get the Django object permission of the OR check.

* Update rest_framework/permissions.py

* Update setup.cfg

Co-authored-by: Mark Yu <markyu98@outlook.com>
Co-authored-by: Tom Christie <tom@tomchristie.com>
2022-09-21 12:19:33 +01:00
willbeaufoy
354ae73ffb
Make APIClient.force_authenticate() work with user=None (#8212)
* Fix testing with token

* Add unit test

* Split unit test into 3

* Fix linting error
2022-09-15 09:35:48 +01:00
Jonas Lundberg
df584350b4
Prevent head method mapping to coerce action name (#7729) 2022-08-12 12:00:55 +01:00
David Cain
8b2ccccbe5
Stop calling set_context, planned for 3.13 drop (#8589)
Per the deprecation warnings (which have been raised since DRF 3.11),
`set_context()` was planned not to be supported in DRF 3.13. I think we
can safely delete it, in favor of `requires_context`.

From the 3.11 announcement:

> Previous our approach to this was that implementations could include a
> `set_context` method, which would be called prior to validation. However
> this approach had issues with potential race conditions. We have now
> move this approach into a pending deprecation state. It will continue to
> function, but will be escalated to a deprecated state in 3.12, and
> removed entirely in 3.13.

Why keep `RemovedInDRF313Warning` around?
=========================================
It's a bit odd that version 3.13 includes an exception class describing
things which are to be deleted in 3.13, but I've opted to keep the (now
unreferenced) class around, for fear of breaking others' setup.

(For example, if projects have a `filterwarnings` setup meant to
intercept `rest_framework.RemovedInDRF313Warning`, an error will be
thrown due to an unresolvable reference).
2022-08-08 11:18:49 +01:00
Sergey Lyapustin
a1b35bb44b
Use example.com domain in tests. (#8571)
* Use example.com domain for the samples.

* Fixed typo.
2022-07-25 10:28:41 +01:00
Tom Christie
fa9d516ee2
Update docstring test for more recent pygments version (#8530)
* Update docstring test for more recent pygments version

* Drop unused import
2022-06-20 10:44:27 +01:00
Stephen Finucane
5185cc9348
Handle unset fields with 'many=True' (#7574)
* Handle unset fields with 'many=True'

The docs note:

  When serializing fields with dotted notation, it may be necessary to
  provide a `default` value if any object is not present or is empty
  during attribute traversal.

However, this doesn't work for fields with 'many=True'. When using
these, the default is simply ignored.

The solution is simple: do in 'ManyRelatedField' what we were already
doing for 'Field', namely, catch possible 'AttributeError' and
'KeyError' exceptions and return the default if there is one set.

Signed-off-by: Stephen Finucane <stephen@that.guru>
Closes: #7550

* Add test cases for #7550

Signed-off-by: Stephen Finucane <stephen@that.guru>
2022-06-08 14:46:19 +01:00
Marti Raudsepp
26830c3d2d
Fix QueryDict type error in test (#8475)
QueryDict takes a `str` argument. Discovered while working on
djangorestframework-stubs.
2022-06-08 14:37:46 +01:00
itsdkey
e7af8d662b
tests for #5127 (#7715)
* tests for #5127

* Resolves #5127
2022-06-08 13:41:26 +01:00
Grigory
1396f6886a
Respect model error_messages for relation (#7599) 2022-06-06 13:53:42 +01:00
Krukov D
281fc074ba
improve performance for noncallble attributes (#8502)
Co-authored-by: Dima Kryukov <dmitry.kryukov@pandadoc.com>
2022-06-06 12:54:57 +01:00
Mariusz Felisiak
333f1ffb94
Confirmed support for Django 4.1. (#8498) 2022-06-06 12:39:06 +01:00
hashlash
df92e57ad6
Added test client support for HTTP 307 and 308 redirects (#8419)
* Add retain test data on follow=True

* Simplify TestAPITestClient.test_follow_redirect

Inspired from Django's ClientTest.test_follow_307_and_308_redirect

* Add 307 308 follow redirect test
2022-03-24 09:57:42 +00:00
Luke Plant
bce9df9b5e
Make ReturnDict support dict union operators on Python 3.9 and later (#8302)
Fixes issue #8301
2021-12-22 15:08:58 +00:00
Tom Christie
a780e80deb
Revert "Make api_view respect standard wrapper assignments (#8291)" (#8297)
This reverts commit 9c97946531.
2021-12-15 15:16:38 +00:00
tim-mccurrach
9c97946531
Make api_view respect standard wrapper assignments (#8291) 2021-12-13 13:08:40 +00:00
Tom Christie
d0bb4d877f
Tweak test_description (#8293) 2021-12-13 09:33:03 +00:00
Carlton Gibson
f46c33e4e2 Fixed TestDefaultTZDateTimeField to allow multiple tzinfo implementations.
zoneinfo was made the default time zone implementation in
306607d5b9.
2021-09-23 11:57:03 +02:00
Carlton Gibson
19b6091554 Adjusted authentication test for internal CSRF changes.
Private _get_new_csrf_token() was removed in
231de683d8.
2021-09-23 11:57:03 +02:00
Carlton Gibson
4916854492 Removed USE_L10N setting from Django 4.0.
USE_L10N defaults to True from Django 4.0, and will be removed in Django 5.0.
2021-09-23 11:57:03 +02:00
Carlton Gibson
2d9eee5d02 Adjusted URLPatternsTestCase to use addClassCleanup() from Django 4.0.
Refs faba5b702a.

addClassCleanup() is available from Python 3.8, which is the minimum supported
Python from Django 4.0.
2021-09-22 10:23:47 +02:00
Dan Lousqui
f0a5b958a1
Add max_length and min_length options to ListSerializer (#8165) 2021-09-14 13:45:55 +01:00
Aarni Koskela
fdb4931475
Make Field constructors keyword-only (#7632) 2021-08-06 10:14:52 +01:00
Nikhil Benesch
b215375125
Propagate nullability in ModelSerializer (#8116)
Propagate the nullability of underlying model fields in ModelSerializer
when those fields are marked as read only. This ensures the correct
generation of OpenAPI schemas.

Fix #8041.
2021-08-06 10:10:58 +01:00
Evgeny Panfilov
98e56e0327
fix empty string as a value for a validated DecimalField (#8064) (#8067) 2021-07-01 15:04:44 +01:00
Denis Orehovsky
8812394ed8
Add distinction between request and response serializers for OpenAPI (#7424)
* Add distinction between request and response serializers

* Add docs

* document new functions in schemas.md

* add a test case for different request vs response objects

* Correct formatting for flake8

Co-authored-by: Shaun Gosse <shaun.gosse@emburse.com>
2021-04-20 15:03:16 +01:00
Terence Honles
a0a2c5cb37
Fix tests with mock timezone (#7911)
After django/django#13877, Django no longer checks for `hasattr(timezone, 'localize')` and instead does an inheritance check.
2021-04-16 17:27:22 +01:00
David Smith
d82519bf8a
Updated dependencies (#7589) 2021-04-05 10:28:03 +01:00
David Smith
96885dd9a7
Fixed markdown test (#7892)
The pygments rendering of invalid json changed in  pygments>=2.7.3
2021-04-01 09:49:47 +01:00
Aristotelis Mikropoulos
67ebdd32cd
Reject PrimaryKeyRelatedField bool lookup values (#7597)
* Reject PrimaryKeyRelatedField bool lookup values

* Test PrimaryKeyRelatedField bool lookup rejection

* Fix indentation in test
2021-03-17 13:28:38 +00:00
Tom Christie
7b53960c3b
Revert "made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)" (#7847)
This reverts commit 9c9ffb18f4.
2021-03-17 13:24:55 +00:00
Jesse London
9c9ffb18f4
made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)
HTML responses generated by the Browsable API otherwise generate
inconsistent ETAGs -- due to the presence of CSRF tokens in the response
-- even when the API is read-only, (and as such when the response
contains no resource-modifying forms, i.e. neither POST nor PUT forms,
which might require the CSRF token).

While the template was appropriately including CSRF tokens only within
POST and PUT forms, its AJAX overlay included the CSRF token in *every*
response, regardless of whether it would be needed.

This change brings the logic of the `script` block into line with that
of the rest of the template -- and such that read-only APIs (and really
the Browsable API pages of *any* read-only resources) will not
needlessly include the CSRF token, and will now be safely cachable -- by
both back-end systems and by the user agent.
2021-03-16 13:25:21 +00:00
Ömer Faruk Abacı
ce1568322a
Ordering filter bug with model property serializer field (#7609)
* Add failing tests for ordering filter with model property

* Fix get_default_valid_fields of OrderingFilter

* Filter model properties in get_default_valid_fields of OrderingFilter
2021-03-16 12:53:39 +00:00
Alex Hedlund
b256c46cb1
Render JSON fields with proper indentation in browsable API forms. (#6243)
* Fix JSONBoundField usage on nested serializers (#6211)

* Unify JSONBoundField as_form_field output between py2 and py3

When using json.dumps with indenting, in python2 the default formatting
prints whitespace after commas (,) and python3 does not. This can be
unified with the separators keyword argument.
2021-03-15 10:44:03 +00:00
Pierre Chiquet
c603b98403
Fix OpenAPISchema rendering for timedelta (#7641)
* Add failing test when rendering to json a schema with timedelta

* Fix JSONOpenAPIRenderer for fields with default=timedelta()

* fix isort

* fix test for python 3.5

Co-authored-by: Pierre Chiquet <pierre.chiquet@ubikey.fr>
2021-03-10 12:03:15 +00:00
Berkant
95ae92ef23
Fix #7706 (#7724)
Handle non-dict values for NestedSerializer during BrowsableAPI
rendering.
2021-03-09 11:34:18 +00:00
David Kerkeslager
05512160ab
Respect allow_null=True on DecimalFields (#7718)
* Handle None in to_representation()
* Return None as '' in to_representation() when coerce_to_string=True
* Handle '' as None in to_internal_value(), for symmetry with
  to_representation(), and because the empty concept doesn't make sense
  for Decimal.
2021-03-09 10:49:03 +00:00
Jonathan Mortensen
de7468d0b4
support multi db atomic_requests (#7739) 2021-03-03 11:15:39 +00:00
Sebastian Jordan
19655edbf7
Handle tuples same as lists in ValidationError detail context (#7647) 2021-01-06 13:13:34 +00:00
David Smith
04e0c2b9ab
Bumped Markdown version to 3.3 (#7590) 2020-10-13 17:27:08 +01:00
Aarni Koskela
0bdd537cc4
Ignore derivations of BrowsableAPIRenderer in OpenAPI schema (#7497)
* Ignore derivations of BrowsableAPIRenderer in OpenAPI schema
* Improve test_renderer_mapping test

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
2020-10-12 16:40:26 +02:00
Kryštof Pilnáček
79daf315c4
Fix: authtoken.TokenProxy cannot be proxy when not installed (#7571)
closes https://github.com/encode/django-rest-framework/issues/7442
2020-10-09 12:16:15 +01:00
Adam Johnson
7921e9af43
Fix RemovedInDjango40Warning for middleware get_resopnse() (#7513)
Fixes #7417.

Fixes all these issues seen with `tox -e py38-django31`:

```
  /Users/chainz/Documents/Projects/django-rest-framework/tests/test_request.py:208: RemovedInDjango40Warning: Passing None for the middleware get_response argument is deprecated.
    SessionMiddleware().process_request(self.wrapped_request)

tests/test_requests_client.py: 1 test with warning
tests/test_testing.py: 4 tests with warnings
tests/test_throttling.py: 1 test with warning
tests/authentication/test_authentication.py: 4 tests with warnings
tests/browsable_api/test_browsable_api.py: 4 tests with warnings
  /Users/chainz/Documents/Projects/django-rest-framework/rest_framework/authentication.py:139: RemovedInDjango40Warning: Passing None for the middleware get_response argument is deprecated.
    check = CSRFCheck()
```
2020-10-09 10:48:03 +01:00
Tom Christie
a03c85225f
Update test_templatetags.py 2020-09-30 09:10:36 +01:00
Tom Christie
ae649336b1
Drop urlize_quoted_links (#7548) 2020-09-23 15:39:06 +01:00
Adam Johnson
410575dace
Replace all url() calls with path() or re_path() (#7512)
* url() is deprecated in Django 3.1

* update given feedbacks on url() is deprecated in Django 3.1

* Fix test_urlpatterns.py to continue testing mixed re_path() and path()

* Fix one missed reference

Co-authored-by: sanjusci <sanju.sci9@gmail.com>
2020-09-08 15:32:27 +01:00
David Smith
9990b59281
Dropped test compatibility shims for Django <2.2. (#7523) 2020-09-07 20:00:17 +02:00
David Smith
d5461e93fe
Bump flake8 to 3.8.3 (#7521) 2020-09-05 10:02:27 +02:00
Charles
35c0abf24e
Change Token.generate_key to a Classmethod (#7502)
* adds classmethod decorator to generate_key and test to confirm change is acceptable

* self -> cls
2020-09-03 11:51:03 +01:00
Ryan P Kilby
f323049ecc
Fix pk-only optimization for properties (#7142)
* Add callable/prop tests for pk-only optimization

* Fix related field pk-only optimization for props
2020-09-03 11:49:15 +01:00
Bob Thomas
b3e02592d0
Add support for Django 3.1 JSONField (#7467)
Django 3.1 adds a new generic JSONField to replace the PostgreSQL-specific one. This adds support for the new field type, which should behave the same as the existing PostgreSQL field.

Django's new JSONField also includes support for a custom "decoder", so add support for that in the serializer field.
2020-09-03 11:47:11 +01:00
Ryan P Kilby
1e383f103a
Check extra action func.__name__ (#7098) 2020-08-05 21:29:47 -07:00
Mariusz Felisiak
4b06e0a5a1
Fix tests crash on SQLite without JSON1 extension. (#7409) 2020-07-12 11:08:40 +02:00
Anton Agestam
76232437d4
Allow type checkers to make serializers generic (#7385) 2020-07-07 10:05:36 +01:00
Dhaval Mehta
5ce237e004
Corrected regex serialization for OpenAPI. (#7389)
* replace \Z by \z in regex

* fix test cases for Django >= 3.0

* fix isort

* Added comment for why `\z`.

Co-authored-by: Carlton Gibson <carlton@noumenal.es>
2020-06-28 14:28:59 +02:00
Jair Henrique
bb795674f8
Drop all compat support to Django < 2 urls (#7337) 2020-05-14 20:31:38 +02:00
Jair Henrique
65add6679d
Remove unnecessary test skips (#7336) 2020-05-14 14:49:04 +01:00
Jair Henrique
b83e9121f3
Remove compat urls for Django < 2.0 (#7335) 2020-05-14 14:48:14 +01:00
Jair Henrique
aed74961ba
Remove compat for ProhibitNullCharactersValidator (#7333) 2020-05-14 08:24:09 +01:00
Kevin Brown
e888fc11c7
Merge NullBooleanField with BooleanField(allow_null=True) (#7122)
* Make `NullBooleanField` subclass `BooleanField`

This removes a lot of the redundancy that was in place becuase we
were not doing this. This maintains the `None` initial value that
was previously present, as well as disallowing `allow_null` to be
passed in.

* Remove special case for mapping `NullBooleanField`

In newer versions of Django, the `NullBooleanField` is handled the
same way as a `BooleanField(null=True)`. Given that we also support
that combination, and that our own `NullBooleanField` behaves in the
same manner, it makes sense to remove the special casing that exists
for it.

* Add test for BooleanField(null=True, choices)

* Remove special case for NullBooleanField

* Adjust mapping tests for NullBooleanField

* Fixed linting error

* Raise deprecation warning when NullBooleanField is used

* Fix linting issue in imports
2020-05-13 14:59:04 +01:00
Ryan P Kilby
089162e6e3
Fix ModelSerializer unique_together handling for field sources (#7143)
* Fix ModelSerializer unique_together field sources

Updates ModelSerializer to check for serializer fields that map to the
model field sources in the unique_together lists.

* Ensure field name ordering consistency
2020-05-13 11:11:26 +01:00
Ryan P Kilby
8a38991d6a
Fix SearchFilter.must_call_distinict for annotation+m2m (#7146)
* Test SearchFilter annotation+m2m distinct

* Fix SearchFilter annotation+m2m distinct
2020-05-11 10:55:39 +01:00
Mathieu Pillard
d7777ea10f
Pass custom code to PermissionDenied if permission class had one set (#7306) 2020-05-01 10:22:36 +01:00
Ryan P Kilby
900773ad06
Minor test improvements (#7297)
* Pass data via response instead of renderer_context

Instead of relying on internal implementation details to get a reference
to the response or view, attach these directly to the returned response.

* Remove unused method
2020-04-29 11:21:42 +01:00
Rick van Hattem
5828d8f7ca
Changed hardcoded /tmp/ directory to autodetect from system (#7292) 2020-04-29 11:20:02 +01:00
Ryan P Kilby
e275b9036a
Allow context to be provided to get_serializer (#7298)
* Test generics serializer behavior

* Allow context to be provided to get_serializer
2020-04-29 11:19:44 +01:00
Dhaval Mehta
e1336387d1
Added example for pagination in schemas. (#7275) 2020-04-24 16:13:13 +02:00
Matthaus Woolard
812f254bbd
SearchFilter to support JSONField and HStoreField (#7121)
* SearchFilter to support Custom query Transforms

Since Some fields support `__` as a custom Transform for query lookups we needed to update the m2m checking code to handle search_fields that contain __ that are not relationships.

* Update documentation on SearchFilter to include references to JSON and HStore Fields.
2020-04-23 09:38:14 +01:00
Carlton Gibson
b2497fc245 Convert openapi.AutoSchema methods to public API. 2020-04-09 20:05:16 +02:00
Carlton Gibson
b1bfff4f1c Revert "Schemas: Improved decimal handling when mapping ChoiceField. (#7264)"
This reverts commit 1872bde462.
2020-04-09 19:35:46 +02:00
Dhaval Mehta
1872bde462
Schemas: Improved decimal handling when mapping ChoiceField. (#7264) 2020-04-09 19:18:00 +02:00
Clinton Blackburn
603aac7db1
Corrected OpenAPI schema type for DecimalField (#7254) 2020-04-09 19:16:17 +02:00
Dhaval Mehta
41f27c3b43
Schemas: Don't generate component for DELETE method. (#7229) 2020-04-09 19:10:50 +02:00
Ryan P Kilby
dd33ebb4e2
Add Request repr (#7239) 2020-03-29 12:01:14 +01:00
Ryan P Kilby
908f91d8ef
Set action for HEAD requests (#7223)
* Test viewset action attr

* Add 'head' to viewset actions map
2020-03-09 09:43:02 +00:00
Tom Christie
4a98533746
Fix - run test_head_request_against_viewset method (#7219) 2020-03-05 13:18:48 +00:00
Tom Christie
73f7bf4941
Extra action detection is too permissive. Add failing test + fix (#7217)
* Add failing test

* Add failing test++

* Make get_extra_action less permissive
2020-03-05 10:18:22 +00:00
Martin Desrumaux
6a23fa0649
OpenAPI: Make operationId camelCase, matching spec examples. (#7208) 2020-03-03 17:51:51 +01:00
Martin Desrumaux
609f708a27
Fix schema generation for ObtainAuthToken view. (#7211) 2020-03-03 13:27:34 +01:00
Martin Desrumaux
8aa8be7653
Implement OpenAPI Components (#7124) 2020-03-02 19:35:27 +01:00
Martin Desrumaux
797518af6d
OpenAPI: Warn user about duplicate operationIds. (#7207) 2020-03-02 16:44:06 +01:00
Martin Desrumaux
5b16a17242
OpenAPI: Allow customizing operation name. (#7190) 2020-03-02 16:40:18 +01:00
Mateusz Legięcki
94a09149b6
OpenAPI: Use 201 status code for POST requests. (#7206) 2020-03-02 16:32:26 +01:00
Dhaval Mehta
2a5c2f3f70
Added OpenAPI tags to schemas. (#7184) 2020-02-28 12:06:03 +01:00
Kevin Kennell
d7b218f5eb
decode base64 credentials as utf8; adjust tests (#7193)
* decode base64 credentials as utf8; adjust tests

* basicauth: add dedicated test for utf8 credentials

* basicauth: add fallback to latin-1 encoding if utf-8 fails
2020-02-17 16:10:52 +00:00
Thorsten
f81ca78642
Add file option to generateschema (#7130) 2020-02-12 20:35:54 +01:00
Thorsten
4137ef41ef
Disable yaml aliases for schema generation. (#7131) 2020-02-03 14:41:47 +01:00
Kentalot
79d37bce4c
OpenAPI: Include type key in schema object properties dict. (#7169) 2020-01-30 12:14:17 +01:00
Dhaval Mehta
bc4d52558b
Schemas: Add mapping of type for ChoiceField. (#7161) 2020-01-29 19:15:56 +01:00
Stella
160f912a60
Schemas: Handle default=false for boolean fields (#7165) 2020-01-29 10:20:51 +01:00
Kevin Brown
f8f8b3a1f1 Adjust test for ListField(IntegerField)
The `maximum` is valid here within the schema but it was not
previously being included because we were not copying over the
entire schema for the generated `IntegerField` previously.
2020-01-21 20:45:07 +01:00
Kevin Brown
b1048984a7 Add failing test for ListField schema generation
The `ListField` was generating a schema that contained `type=None`
when a `ChoiceField` was the child, since we are not currently able
to introspect the type of a `ChoiceField`.
2020-01-21 20:45:07 +01:00
Carlton Gibson
3b88312c33 Call get_schema(), rather than sub-method in schema tests. 2020-01-21 20:05:13 +01:00
Carlton Gibson
d0b9577605 Return valid OpenAPI schema even when empty. 2020-01-21 20:05:13 +01:00
Sebastian Pipping
373e521f36 Make CharField prohibit surrogate characters (#7026) (#7067)
* CharField: Detect and prohibit surrogate characters

* CharField: Cover handling of surrogate characters
2020-01-06 14:12:21 +00:00
Noam
ced37a56cb Avoid outputting callable defaults to schema. (#7105) 2020-01-03 13:49:46 +00:00
Ryan P Kilby
b8c369c4cf Fix serializer multiple inheritance bug (#6980)
* Expand declared filtering tests

- Test declared filter ordering
- Test multiple inheritance

* Fix serializer multiple inheritance bug

* Improve field order test to check for field types
2019-12-12 14:03:55 +00:00
Ryan P Kilby
236667b717 Fix UniqueTogetherValidator with field sources (#7086)
* Add failing tests for unique_together+source

* Fix UniqueTogetherValidator source handling

* Fix read-only+default+source handling

* Update test to use functional serializer

* Test UniqueTogetherValidator error+source
2019-12-12 13:02:30 +00:00
Ryan P Kilby
de9f1d56c4 Followup to set_context removal (#7076)
* Raise framework-specific deprecation warnings

- Use `RemovedInDRF313Warning` instead of DeprecationWarning
- Update to follow deprecation policy

* Pass serializer instead of model to validator

The `UniqueTogetherValidator` may need to access attributes on the
serializer instead of just the model instance. For example, this is
useful for handling field sources.

* Fix framework deprecation warning in test

* Remove outdated validator attribute
2019-12-11 08:44:08 +00:00
Ryan P Kilby
90eaf51839
Update framework deprecation warnings (#7075)
- Bump version numbers for deprecation warnings
- Drop deprecated features
2019-12-04 16:18:38 -08:00