Merge pull request #792 from maspwr/writable-nested-modelserializer

Writable nested modelserializer (merge in master)
author: Tom Christie 2013-04-16 12:43:46 -0700
committer: Tom Christie 2013-04-16 12:43:46 -0700
commit: eceae6480431038a2eb664861cb7787957ce05c9 (patch)
tree: f3b3ed8c258b82b3dfb1939404f00f5fb16b7c1c /docs
parent: 56c039ce17fd06799945f2135f20afc972685338 (diff)
parent: c7e000e46e831a254689faac44ea44ebafe3cd61 (diff)
download: django-rest-framework-eceae6480431038a2eb664861cb7787957ce05c9.tar.bz2
12 files changed, 93 insertions, 18 deletions
diff --git a/docs/api-guide/authentication.md b/docs/api-guide/authentication.md
index 541c6575..1f08f542 100644..100755
--- a/docs/api-guide/authentication.md
+++ b/docs/api-guide/authentication.md
@@ -107,7 +107,7 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401
 
     WWW-Authenticate: Basic realm="api"
 
-**Note:** If you use `BasicAuthentication` in production you must ensure that your API is only available over `https` only.  You should also ensure that your API clients will always re-request the username and password at login, and will never store those details to persistent storage.
+**Note:** If you use `BasicAuthentication` in production you must ensure that your API is only available over `https`.  You should also ensure that your API clients will always re-request the username and password at login, and will never store those details to persistent storage.
 
 ## TokenAuthentication
 
@@ -119,6 +119,8 @@ To use the `TokenAuthentication` scheme, include `rest_framework.authtoken` in y
         ...
         'rest_framework.authtoken'
     )
+    
+Make sure to run `manage.py syncdb` after changing your settings.
 
 You'll also need to create tokens for your users.
 
@@ -140,9 +142,13 @@ Unauthenticated responses that are denied permission will result in an `HTTP 401
 
     WWW-Authenticate: Token
 
+The `curl` command line tool may be useful for testing token authenticated APIs.  For example:
+
+    curl -X GET http://127.0.0.1:8000/api/example/ -H 'Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b'
+
 ---
 
-**Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https` only.
+**Note:** If you use `TokenAuthentication` in production you must ensure that your API is only available over `https`.
 
 ---
 
@@ -253,7 +259,7 @@ Finally, sync your database.
 
 ---
 
-**Note:** If you use `OAuth2Authentication` in production you must ensure that your API is only available over `https` only.
+**Note:** If you use `OAuth2Authentication` in production you must ensure that your API is only available over `https`.
 
 ---
 
@@ -294,7 +300,7 @@ The only thing needed to make the `OAuth2Authentication` class work is to insert
 
 The command line to test the authentication looks like:
 
-    curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/?client_id=YOUR_CLIENT_ID\&client_secret=YOUR_CLIENT_SECRET
+    curl -H "Authorization: Bearer <your-access-token>" http://localhost:8000/api/
 
 ---
 
diff --git a/docs/api-guide/fields.md b/docs/api-guide/fields.md
index 02876936..42f89f46 100644
--- a/docs/api-guide/fields.md
+++ b/docs/api-guide/fields.md
@@ -197,12 +197,16 @@ If you want to override this behavior, you'll need to declare the `DateTimeField
         class Meta:
             model = Comment
 
+Note that by default, datetime representations are deteremined by the renderer in use, although this can be explicitly overridden as detailed below.
+
+In the case of JSON this means the default datetime representation uses the [ECMA 262 date time string specification][ecma262].  This is a subset of ISO 8601 which uses millisecond precision, and includes the 'Z' suffix for the UTC timezone, for example: `2013-01-29T12:34:56.123Z`.
+
 **Signature:** `DateTimeField(format=None, input_formats=None)`
 
 * `format` - A string representing the output format.  If not specified, this defaults to `None`, which indicates that python `datetime` objects should be returned by `to_native`.  In this case the datetime encoding will be determined by the renderer. 
 * `input_formats` - A list of strings representing the input formats which may be used to parse the date. If not specified, the `DATETIME_INPUT_FORMATS` setting will be used, which defaults to `['iso-8601']`.
 
-DateTime format strings may either be [python strftime formats][strftime] which explicitly specifiy the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style datetimes should be used. (eg `'2013-01-29T12:34:56.000000'`)
+DateTime format strings may either be [python strftime formats][strftime] which explicitly specifiy the format, or the special string `'iso-8601'`, which indicates that [ISO 8601][iso8601] style datetimes should be used. (eg `'2013-01-29T12:34:56.000000Z'`)
 
 ## DateField
 
@@ -318,5 +322,6 @@ As an example, let's create a field that can be used represent the class name of
 
 [cite]: https://docs.djangoproject.com/en/dev/ref/forms/api/#django.forms.Form.cleaned_data
 [FILE_UPLOAD_HANDLERS]: https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-FILE_UPLOAD_HANDLERS
+[ecma262]: http://ecma-international.org/ecma-262/5.1/#sec-15.9.1.15
 [strftime]: http://docs.python.org/2/library/datetime.html#strftime-and-strptime-behavior
 [iso8601]: http://www.w3.org/TR/NOTE-datetime
diff --git a/docs/api-guide/generic-views.md b/docs/api-guide/generic-views.md
index 20f1be63..cef9a9d4 100644..100755
--- a/docs/api-guide/generic-views.md
+++ b/docs/api-guide/generic-views.md
@@ -200,7 +200,7 @@ Should be mixed in with any [GenericAPIView].
 
 Provides a `.retrieve(request, *args, **kwargs)` method, that implements returning an existing model instance in a response.
 
-If an object can be retrieve this returns a `200 OK` response, with a serialized representation of the object as the body of the response.  Otherwise it will return a `404 Not Found`.
+If an object can be retrieved this returns a `200 OK` response, with a serialized representation of the object as the body of the response.  Otherwise it will return a `404 Not Found`.
 
 Should be mixed in with [SingleObjectAPIView].
 
diff --git a/docs/api-guide/serializers.md b/docs/api-guide/serializers.md
index aeb33916..9828bbf9 100644..100755
--- a/docs/api-guide/serializers.md
+++ b/docs/api-guide/serializers.md
@@ -242,21 +242,21 @@ This allows you to write views that update or create multiple items when a `PUT`
     # True
     serialize.save()  # `.save()` will be called on each updated or newly created instance.
 
-Bulk updates will update any instances that already exist, and create new instances for data items that do not have a corresponding instance.
+By default bulk updates will be limited to updating instances that already exist in the provided queryset.
 
-When performing a bulk update you may want any items that are not present in the incoming data to be deleted.  To do so, pass `allow_add_remove=True` to the serializer.
+When performing a bulk update you may want to allow new items to be created, and missing items to be deleted.  To do so, pass `allow_add_remove=True` to the serializer.
 
     serializer = BookSerializer(queryset, data=data, many=True, allow_add_remove=True)
     serializer.is_valid()
     # True
-    serializer.save()  # `.save()` will be called on each updated or newly created instance.
+    serializer.save()  # `.save()` will be called on updated or newly created instances.
                        # `.delete()` will be called on any other items in the `queryset`.
 
-Passing `allow_add_remove=True` ensures that any update operations will completely overwrite the existing queryset, rather than simply updating any objects found in the incoming data. 
+Passing `allow_add_remove=True` ensures that any update operations will completely overwrite the existing queryset, rather than simply updating existing objects.
 
 #### How identity is determined when performing bulk updates
 
-Performing a bulk update is slightly more complicated than performing a bulk creation, because the serializer needs a way of determining how the items in the incoming data should be matched against the existing object instances.
+Performing a bulk update is slightly more complicated than performing a bulk creation, because the serializer needs a way to determine how the items in the incoming data should be matched against the existing object instances.
 
 By default the serializer class will use the `id` key on the incoming data to determine the canonical identity of an object.  If you need to change this behavior you should override the `get_identity` method on the `Serializer` class.  For example:
 
@@ -353,7 +353,7 @@ The `depth` option should be set to an integer value that indicates the depth of
 
 ## Specifying which fields should be read-only 
 
-You may wish to specify multiple fields as read-only. Instead of adding each field explicitely with the `read_only=True` attribute, you may use the `read_only_fields` Meta option, like so:
+You may wish to specify multiple fields as read-only. Instead of adding each field explicitly with the `read_only=True` attribute, you may use the `read_only_fields` Meta option, like so:
 
     class AccountSerializer(serializers.ModelSerializer):
         class Meta:
diff --git a/docs/css/default.css b/docs/css/default.css
index c160b63d..173d70e0 100644
--- a/docs/css/default.css
+++ b/docs/css/default.css
@@ -277,3 +277,14 @@ footer a {
 footer a:hover {
   color: gray;
 }
+
+.btn-inverse {
+  background-image: -webkit-gradient(linear, 0 0, 0 100%, from(#606060), to(#404040)) !important;
+  background-image: -webkit-linear-gradient(top, #606060, #404040) !important;
+}
+
+.modal-open .modal,.btn:focus{outline:none;}
+
+@media (max-width: 650px) {
+  .repo-link.btn-inverse {display: none;}
+}
diff --git a/docs/index.md b/docs/index.md
index 5357536d..4c2720c8 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -9,9 +9,9 @@
 
 # Django REST framework
 
-**Web APIs for Django, made easy.**
+**Awesome web-browseable Web APIs.**
 
-Django REST framework is a flexible, powerful library that makes it incredibly easy to build Web APIs.  It is designed as a modular and easy to customize architecture, based on Django's class based views.
+Django REST framework is a flexible, powerful Web API toolkit.  It is designed as a modular and easy to customize architecture, based on Django's class based views.
 
 APIs built using REST framework are fully self-describing and web browseable - a huge useability win for your developers.  It also supports a wide range of media types, authentication and permission policies out of the box.
 
diff --git a/docs/template.html b/docs/template.html
index 3e0f29aa..7e929762 100644
--- a/docs/template.html
+++ b/docs/template.html
@@ -41,6 +41,9 @@
       <div class="navbar-inner">
         <div class="container-fluid">
             <a class="repo-link btn btn-primary btn-small" href="https://github.com/tomchristie/django-rest-framework/tree/master">GitHub</a>
+            <a class="repo-link btn btn-inverse btn-small {{ next_url_disabled }}" href="{{ next_url }}">Next <i class="icon-arrow-right icon-white"></i></a>
+            <a class="repo-link btn btn-inverse btn-small {{ prev_url_disabled }}" href="{{ prev_url }}"><i class="icon-arrow-left icon-white"></i> Previous</a>
+            <a class="repo-link btn btn-inverse btn-small" href="#searchModal" data-toggle="modal"><i class="icon-search icon-white"></i> Search</a>
           <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
             <span class="icon-bar"></span>
             <span class="icon-bar"></span>
@@ -118,6 +121,34 @@
 
     <div class="body-content">
       <div class="container-fluid">
+
+<!-- Search Modal -->
+<div id="searchModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
+  <div class="modal-header">
+    <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+    <h3 id="myModalLabel">Documentation search</h3>
+  </div>
+  <div class="modal-body">
+    <!-- Custom google search -->
+    <script>
+      (function() {
+        var cx = '015016005043623903336:rxraeohqk6w';
+        var gcse = document.createElement('script');
+        gcse.type = 'text/javascript';
+        gcse.async = true;
+        gcse.src = (document.location.protocol == 'https:' ? 'https:' : 'http:') +
+            '//www.google.com/cse/cse.js?cx=' + cx;
+        var s = document.getElementsByTagName('script')[0];
+        s.parentNode.insertBefore(gcse, s);
+      })();
+    </script>
+    <gcse:search></gcse:search>
+  </div>
+  <div class="modal-footer">
+    <button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
+  </div>
+</div>
+
         <div class="row-fluid">
 
           <div class="span3">
diff --git a/docs/topics/contributing.md b/docs/topics/contributing.md
index a13f4461..1d1fe892 100644
--- a/docs/topics/contributing.md
+++ b/docs/topics/contributing.md
@@ -18,7 +18,7 @@ When answering questions make sure to help future contributors find their way ar
 
 # Issues
 
-Usage questions should be directed to the [discussion group][google-group].  Feature requests, bug reports and other issues should be raised on the GitHub [issue tracker][issues].
+It's really helpful if you make sure you address issues to the correct channel.  Usage questions should be directed to the [discussion group][google-group].  Feature requests, bug reports and other issues should be raised on the GitHub [issue tracker][issues].
 
 Some tips on good issue reporting:
 
diff --git a/docs/topics/credits.md b/docs/topics/credits.md
index b533daa9..da49e521 100644
--- a/docs/topics/credits.md
+++ b/docs/topics/credits.md
@@ -112,6 +112,10 @@ The following people have helped make REST framework great.
 * Bouke Haarsma - [bouke]
 * Pierre Dulac - [dulaccc]
 * Dave Kuhn - [kuhnza]
+* Sitong Peng - [stoneg]
+* Victor Shih - [vshih]
+* Atle Frenvik Sveen - [atlefren]
+* J. Paul Reed - [preed]
 
 Many thanks to everyone who's contributed to the project.
 
@@ -258,3 +262,7 @@ You can also contact [@_tomchristie][twitter] directly on twitter.
 [bouke]: https://github.com/bouke
 [dulaccc]: https://github.com/dulaccc
 [kuhnza]: https://github.com/kuhnza
+[stoneg]: https://github.com/stoneg
+[vshih]: https://github.com/vshih
+[atlefren]: https://github.com/atlefren
+[preed]: https://github.com/preed
diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index f506c610..d89bf80f 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -40,8 +40,22 @@ You can determine your currently installed version using `pip freeze`:
 
 ## 2.2.x series
 
-### Master
+### 2.2.6
 
+**Date**: 4th April 2013
+
+* OAuth2 authentication no longer requires unneccessary URL parameters in addition to the token.
+* URL hyperlinking in browseable API now handles more cases correctly.
+* Long HTTP headers in browsable API are broken in multiple lines when possible.
+* Bugfix: Fix regression with DjangoFilterBackend not worthing correctly with single object views.
+* Bugfix: OAuth should fail hard when invalid token used.
+* Bugfix: Fix serializer potentially returning `None` object for models that define `__bool__` or `__len__`. 
+
+### 2.2.5
+
+**Date**: 26th March 2013
+
+* Serializer support for bulk create and bulk update operations.
 * Regression fix: Date and time fields return date/time objects by default.  Fixes regressions caused by 2.2.2.  See [#743][743] for more details.
 * Bugfix: Fix 500 error is OAuth not attempted with OAuthAuthentication class installed.
 * `Serializer.save()` now supports arbitrary keyword args which are passed through to the object `.save()` method.  Mixins use `force_insert` and `force_update` where appropriate, resulting in one less database query.
diff --git a/docs/tutorial/4-authentication-and-permissions.md b/docs/tutorial/4-authentication-and-permissions.md
index 3ee755a2..878672bb 100644
--- a/docs/tutorial/4-authentication-and-permissions.md
+++ b/docs/tutorial/4-authentication-and-permissions.md
@@ -179,7 +179,7 @@ Now, if you open a browser again, you find that the 'DELETE' and 'PUT' actions o
 
 ## Authenticating with the API
 
-Because we now have a set of permissions on the API, we need to authenticate our requests to it if we want to edit any snippets.  We havn't set up any [authentication classes][authentication], so the defaults are currently applied, which are `SessionAuthentication` and `BasicAuthentication`.
+Because we now have a set of permissions on the API, we need to authenticate our requests to it if we want to edit any snippets.  We haven't set up any [authentication classes][authentication], so the defaults are currently applied, which are `SessionAuthentication` and `BasicAuthentication`.
 
 When we interact with the API through the web browser, we can login, and the browser session will then provide the required authentication for the requests.
 
diff --git a/docs/tutorial/5-relationships-and-hyperlinked-apis.md b/docs/tutorial/5-relationships-and-hyperlinked-apis.md
index a702a09d..27a10840 100644
--- a/docs/tutorial/5-relationships-and-hyperlinked-apis.md
+++ b/docs/tutorial/5-relationships-and-hyperlinked-apis.md
@@ -1,4 +1,4 @@
-# Tutorial 5 - Relationships & Hyperlinked APIs
+# Tutorial 5: Relationships & Hyperlinked APIs
 
 At the moment relationships within our API are represented by using primary keys.  In this part of the tutorial we'll improve the cohesion and discoverability of our API, by instead using hyperlinking for relationships.
author	Tom Christie	2013-04-16 12:43:46 -0700
committer	Tom Christie	2013-04-16 12:43:46 -0700
commit	eceae6480431038a2eb664861cb7787957ce05c9 (patch)
tree	f3b3ed8c258b82b3dfb1939404f00f5fb16b7c1c /docs
parent	56c039ce17fd06799945f2135f20afc972685338 (diff)
parent	c7e000e46e831a254689faac44ea44ebafe3cd61 (diff)
download	django-rest-framework-eceae6480431038a2eb664861cb7787957ce05c9.tar.bz2