aa4421c84c
This change addresses use cases that require more information about reported validation errors. Currently for each error that REST Framework reports users get only that error's message string. The message can be translated so there's no good way to recognize programmatically what sort of an error it is. When building an API that is supposed to return error codes, I've found it very limiting. For example, I was supposed to differentiate between missing fields and invalid arguments. The only way to do it right now was to monkey-patch all hard coded error messages and prefix them with an error code, then write a custom exception handler that unpacked those error codes and acted accordingly. Alternatively, I could write my own set of Field and Validator classes that would throw different exception. In either case, it felt like this is something that has to be addressed within the REST Framework itself. This commit introduces proper error codes handling to the Validation Error, and a customizable error builder that let's users pick how they want to represent their errors. ValidationError can hold a single error itself (text), a list of those, or a dictionary mapping errors to fields. Error code is only meaningful for a single error, and I've added assertions to check for proper usage. To help with my development, I've added a setting that makes error code a mandatory argument. Thanks to this, I was able to correct all uses of ValidationError across the code. Information about errors was originally available via ValidationError.detail, and format of these data must not change, because users can have custom exception handlers that rely on it. So to maintain backward compatibility, I've added customizable error builder. By default, it discards the error code. Users are supposed to change that error builder in settings if they want to use error codes in their exception handler. If they do so, the structure of ValidationError.detail does not change, but in the leafs they'll find results from their error builder. |
||
|---|---|---|
| .tx | ||
| docs | ||
| docs_theme | ||
| requirements | ||
| rest_framework | ||
| tests | ||
| .gitignore | ||
| .isort.cfg | ||
| .travis.yml | ||
| CONTRIBUTING.md | ||
| LICENSE.md | ||
| MANIFEST.in | ||
| mkdocs.yml | ||
| README.md | ||
| requirements.txt | ||
| runtests.py | ||
| setup.cfg | ||
| setup.py | ||
| tox.ini | ||
Django REST framework
Awesome web-browsable Web APIs.
Full documentation for the project is available at http://www.django-rest-framework.org.
Note: We have now released Django REST framework 3.1. For older codebases you may want to refer to the version 2.4.4 source code, and documentation.
For more details see the 3.1 release notes
Overview
Django REST framework is a powerful and flexible toolkit for building Web APIs.
Some reasons you might want to use REST framework:
- The Web browsable API is a huge usability win for your developers.
- Authentication policies including optional packages for OAuth1a and OAuth2.
- Serialization that supports both ORM and non-ORM data sources.
- Customizable all the way down - just use regular function-based views if you don't need the more powerful features.
- Extensive documentation, and great community support.
There is a live example API for testing purposes, available here.
Below: Screenshot from the browsable API
Requirements
- Python (2.6.5+, 2.7, 3.2, 3.3, 3.4)
- Django (1.4.11+, 1.5.6+, 1.6.3+, 1.7, 1.8)
Installation
Install using pip...
pip install djangorestframework
Add 'rest_framework' to your INSTALLED_APPS setting.
INSTALLED_APPS = (
...
'rest_framework',
)
Example
Let's take a look at a quick example of using REST framework to build a simple model-backed API for accessing users and groups.
Startup up a new project like so...
pip install django
pip install djangorestframework
django-admin.py startproject example .
./manage.py syncdb
Now edit the example/urls.py module in your project:
from django.conf.urls import url, include
from django.contrib.auth.models import User
from rest_framework import serializers, viewsets, routers
# Serializers define the API representation.
class UserSerializer(serializers.HyperlinkedModelSerializer):
class Meta:
model = User
fields = ('url', 'username', 'email', 'is_staff')
# ViewSets define the view behavior.
class UserViewSet(viewsets.ModelViewSet):
queryset = User.objects.all()
serializer_class = UserSerializer
# Routers provide a way of automatically determining the URL conf.
router = routers.DefaultRouter()
router.register(r'users', UserViewSet)
# Wire up our API using automatic URL routing.
# Additionally, we include login URLs for the browsable API.
urlpatterns = [
url(r'^', include(router.urls)),
url(r'^api-auth/', include('rest_framework.urls', namespace='rest_framework'))
]
We'd also like to configure a couple of settings for our API.
Add the following to your settings.py module:
INSTALLED_APPS = (
... # Make sure to include the default installed apps here.
'rest_framework',
)
REST_FRAMEWORK = {
# Use Django's standard `django.contrib.auth` permissions,
# or allow read-only access for unauthenticated users.
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.DjangoModelPermissionsOrAnonReadOnly'
]
}
That's it, we're done!
./manage.py runserver
You can now open the API in your browser at http://127.0.0.1:8000/, and view your new 'users' API. If you use the Login control in the top right corner you'll also be able to add, create and delete users from the system.
You can also interact with the API using command line tools such as curl. For example, to list the users endpoint:
$ curl -H 'Accept: application/json; indent=4' -u admin:password http://127.0.0.1:8000/users/
[
{
"url": "http://127.0.0.1:8000/users/1/",
"username": "admin",
"email": "admin@example.com",
"is_staff": true,
}
]
Or to create a new user:
$ curl -X POST -d username=new -d email=new@example.com -d is_staff=false -H 'Accept: application/json; indent=4' -u admin:password http://127.0.0.1:8000/users/
{
"url": "http://127.0.0.1:8000/users/2/",
"username": "new",
"email": "new@example.com",
"is_staff": false,
}
Documentation & Support
Full documentation for the project is available at http://www.django-rest-framework.org.
For questions and support, use the REST framework discussion group, or #restframework on freenode IRC.
You may also want to follow the author on Twitter.
Security
If you believe you’ve found something in Django REST framework which has security implications, please do not raise the issue in a public forum.
Send a description of the issue via email to rest-framework-security@googlegroups.com. The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure.