Web APIs for Django. 🎸
Go to file
Rasheed Azeez 35025adef8
Update perms_map in DjangoModelPermissions and DjangoObjectPermissions
Django permissions allows for 'view_modelname'. When users have view_modelname permission, these permission classes don't recognize it and reject access to the user.

My specific case was assigning customers to a group with the group having specific permissions allowed from the model permissions. Made this edit in an extension of DjangoModelPermissions to make it work. Thought it would be useful to have inherently.
2021-02-17 19:30:28 +08:00
.github Create FUNDING.yml 2019-06-04 09:00:11 +01:00
.tx restore the transifex configuration 2020-10-13 21:30:05 +02:00
docs Clarify documentation for TemplateHTMLRenderer 2020-12-30 09:11:38 +01:00
docs_theme Remove a few submenu scroll bars on docs site (#7283) 2020-04-23 09:36:46 +01:00
licenses Prefer https protocol for links in docs when available 2018-01-15 15:15:21 +01:00
requirements Fixed test 2021-02-16 11:28:38 +01:00
rest_framework Update perms_map in DjangoModelPermissions and DjangoObjectPermissions 2021-02-17 19:30:28 +08:00
tests Handle tuples same as lists in ValidationError detail context (#7647) 2021-01-06 13:13:34 +00:00
.gitignore Dj32 (#7713) 2021-02-16 13:17:29 +01:00
.travis.yml Dj32 (#7713) 2021-02-16 13:17:29 +01:00
codecov.yml Update codecov.yml 2018-10-02 16:57:49 +01:00
CONTRIBUTING.md Replace virtualenv references with venv in the docs (#6636) 2019-05-01 07:51:02 +02:00
ISSUE_TEMPLATE.md Correct 3rd-party-packages link in issue template. 2019-02-14 12:01:36 +01:00
LICENSE.md Prefer https:// for URLs when available throughout project (#6208) 2018-10-02 08:28:58 +02:00
MANIFEST.in MANIFEST.in: Adding tests to sdist tarball. (#7145) 2020-01-15 20:18:25 +00:00
mkdocs.yml Placeholder for 3.12 release (#7379) 2020-09-28 10:47:50 +01:00
PULL_REQUEST_TEMPLATE.md Update links after moving to encode org 2017-04-07 10:28:35 -04:00
README.md Run tests against Python 3.9 (#7517) 2020-09-08 15:40:21 +01:00
requirements.txt Fixed typos (#6872) 2019-08-14 14:39:45 -07:00
runtests.py isort v5 (#7484) 2020-08-17 13:26:56 -07:00
SECURITY.md Move security information to the GitHub security tab (#6716) 2019-05-29 09:57:07 +01:00
setup.cfg isort v5 (#7484) 2020-08-17 13:26:56 -07:00
setup.py Run tests against Python 3.9 (#7517) 2020-09-08 15:40:21 +01:00
tox.ini Dj32 (#7713) 2021-02-16 13:17:29 +01:00

Django REST framework

build-status-image coverage-status-image pypi-version

Awesome web-browsable Web APIs.

Full documentation for the project is available at https://www.django-rest-framework.org/.


Funding

REST framework is a collaboratively funded project. If you use REST framework commercially we strongly encourage you to invest in its continued development by signing up for a paid plan.

The initial aim is to provide a single full-time position on REST framework. Every single sign-up makes a significant impact towards making that possible.

Many thanks to all our wonderful sponsors, and in particular to our premium backers, Sentry, Stream, Rollbar, ESG, Retool, and bit.io.


Overview

Django REST framework is a powerful and flexible toolkit for building Web APIs.

Some reasons you might want to use REST framework:

There is a live example API for testing purposes, available here.

Below: Screenshot from the browsable API

Screenshot


Requirements

  • Python (3.5, 3.6, 3.7, 3.8, 3.9)
  • Django (2.2, 3.0, 3.1)

We highly recommend and only officially support the latest patch release of each Python and Django series.

Installation

Install using pip...

pip install djangorestframework

Add 'rest_framework' to your INSTALLED_APPS setting.

INSTALLED_APPS = [
    ...
    'rest_framework',
]

Example

Let's take a look at a quick example of using REST framework to build a simple model-backed API for accessing users and groups.

Startup up a new project like so...

pip install django
pip install djangorestframework
django-admin startproject example .
./manage.py migrate
./manage.py createsuperuser

Now edit the example/urls.py module in your project:

from django.urls import path, include
from django.contrib.auth.models import User
from rest_framework import serializers, viewsets, routers

# Serializers define the API representation.
class UserSerializer(serializers.HyperlinkedModelSerializer):
    class Meta:
        model = User
        fields = ['url', 'username', 'email', 'is_staff']


# ViewSets define the view behavior.
class UserViewSet(viewsets.ModelViewSet):
    queryset = User.objects.all()
    serializer_class = UserSerializer


# Routers provide a way of automatically determining the URL conf.
router = routers.DefaultRouter()
router.register(r'users', UserViewSet)


# Wire up our API using automatic URL routing.
# Additionally, we include login URLs for the browsable API.
urlpatterns = [
    path('', include(router.urls)),
    path('api-auth/', include('rest_framework.urls', namespace='rest_framework'))
]

We'd also like to configure a couple of settings for our API.

Add the following to your settings.py module:

INSTALLED_APPS = [
    ...  # Make sure to include the default installed apps here.
    'rest_framework',
]

REST_FRAMEWORK = {
    # Use Django's standard `django.contrib.auth` permissions,
    # or allow read-only access for unauthenticated users.
    'DEFAULT_PERMISSION_CLASSES': [
        'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
    ]
}

That's it, we're done!

./manage.py runserver

You can now open the API in your browser at http://127.0.0.1:8000/, and view your new 'users' API. If you use the Login control in the top right corner you'll also be able to add, create and delete users from the system.

You can also interact with the API using command line tools such as curl. For example, to list the users endpoint:

$ curl -H 'Accept: application/json; indent=4' -u admin:password http://127.0.0.1:8000/users/
[
    {
        "url": "http://127.0.0.1:8000/users/1/",
        "username": "admin",
        "email": "admin@example.com",
        "is_staff": true,
    }
]

Or to create a new user:

$ curl -X POST -d username=new -d email=new@example.com -d is_staff=false -H 'Accept: application/json; indent=4' -u admin:password http://127.0.0.1:8000/users/
{
    "url": "http://127.0.0.1:8000/users/2/",
    "username": "new",
    "email": "new@example.com",
    "is_staff": false,
}

Documentation & Support

Full documentation for the project is available at https://www.django-rest-framework.org/.

For questions and support, use the REST framework discussion group, or #restframework on freenode IRC.

You may also want to follow the author on Twitter.

Security

Please see the security policy.