diff options
| author | Tom Christie | 2012-01-19 10:55:31 -0800 |
|---|---|---|
| committer | Tom Christie | 2012-01-19 10:55:31 -0800 |
| commit | a8ed7f91890ca8213073327b07a44a121df66083 (patch) | |
| tree | 4bd6a45b68a539935db4da5b431bd8312e469c65 /djangorestframework/resources.py | |
| parent | 868f7bd7dc029ade432af22ba69cf2ff4e4a835c (diff) | |
| parent | 4e52ce4d333ec090304000bce0e71c78cacd73b5 (diff) | |
| download | django-rest-framework-a8ed7f91890ca8213073327b07a44a121df66083.tar.bz2 | |
Merge pull request #130 from flashingpumpkin/master
Added an additional attribute `unknown_form_fields` to `FormResource`
Diffstat (limited to 'djangorestframework/resources.py')
| -rw-r--r-- | djangorestframework/resources.py | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/djangorestframework/resources.py b/djangorestframework/resources.py index 68b285b9..9a43c8af 100644 --- a/djangorestframework/resources.py +++ b/djangorestframework/resources.py @@ -78,13 +78,22 @@ class FormResource(Resource): This can be overridden by a :attr:`form` attribute on the :class:`views.View`. """ + allow_unknown_form_fields = False + """ + Flag to check for unknown fields when validating a form. If set to false and + we receive request data that is not expected by the form it raises an + :exc:`response.ErrorResponse` with status code 400. If set to true, only + expected fields are validated. + """ + def validate_request(self, data, files=None): """ Given some content as input return some cleaned, validated content. Raises a :exc:`response.ErrorResponse` with status code 400 (Bad Request) on failure. - Validation is standard form validation, with an additional constraint that *no extra unknown fields* may be supplied. + Validation is standard form validation, with an additional constraint that *no extra unknown fields* may be supplied + if :attr:`self.allow_unknown_form_fields` is ``False``. On failure the :exc:`response.ErrorResponse` content is a dict which may contain :obj:`'errors'` and :obj:`'field-errors'` keys. If the :obj:`'errors'` key exists it is a list of strings of non-field errors. @@ -132,7 +141,7 @@ class FormResource(Resource): unknown_fields = unknown_fields - set(('csrfmiddlewaretoken', '_accept', '_method')) # TODO: Ugh. # Check using both regular validation, and our stricter no additional fields rule - if bound_form.is_valid() and not unknown_fields: + if bound_form.is_valid() and (self.allow_unknown_form_fields or not unknown_fields): # Validation succeeded... cleaned_data = bound_form.cleaned_data @@ -389,7 +398,7 @@ class ModelResource(FormResource): """ model_fields = set(field.name for field in self.model._meta.fields) - if fields: + if self.fields: return model_fields & set(as_tuple(self.fields)) return model_fields - set(as_tuple(self.exclude)) |