6 files changed, 169 insertions, 12 deletions

diff --git a/AUTHORS b/AUTHORS
index 6dac4de5..2b8af2b9 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -9,11 +9,14 @@ Carles Barrobés <txels>
 Michael Fötsch <mfoetsch>
 David Larlet <david>
 Andrew Straw <astraw>
-<zeth>
+Zeth <zeth>
 Fernando Zunino <fzunino>
 Jens Alm <ulmus>
 Craig Blaszczyk <jakul> 
-<garciasolero>
+Garcia Solero <garciasolero>
+Tom Drummond <devioustree>
+Danilo Bargen <gwrtheyrn>
+Andrew McCloud <amccloud>
 
 THANKS TO:
 
diff --git a/djangorestframework/mixins.py b/djangorestframework/mixins.py
index bb26ad96..9fed6122 100644
--- a/djangorestframework/mixins.py
+++ b/djangorestframework/mixins.py
@@ -7,7 +7,6 @@ from django.contrib.auth.models import AnonymousUser
 from django.db.models.query import QuerySet
 from django.db.models.fields.related import ForeignKey
 from django.http import HttpResponse
-from django.http.multipartparser import LimitBytes
 
 from djangorestframework import status
 from djangorestframework.parsers import FormParser, MultiPartParser
diff --git a/djangorestframework/permissions.py b/djangorestframework/permissions.py
index 7dcabcf0..59c5f481 100644
--- a/djangorestframework/permissions.py
+++ b/djangorestframework/permissions.py
@@ -73,7 +73,7 @@ class IsAdminUser(BasePermission):
     """
 
     def check_permission(self, user):
-        if not user.is_admin():
+        if not user.is_staff():
             raise _403_FORBIDDEN_RESPONSE
 
 
diff --git a/djangorestframework/resources.py b/djangorestframework/resources.py
index 0bb1a530..5770d07f 100644
--- a/djangorestframework/resources.py
+++ b/djangorestframework/resources.py
@@ -111,7 +111,7 @@ class FormResource(Resource):
         # To get around this case we revalidate with some fake data. 
         if fake_data:
             data[fake_data] = '_fake_data'
-            allowed_extra_fields = allowed_extra_fields + ('_fake_data',)
+            allowed_extra_fields = tuple(allowed_extra_fields) + ('_fake_data',)
         
         bound_form = self.get_bound_form(data, files)
 
diff --git a/djangorestframework/tests/content.py b/djangorestframework/tests/content.py
index 83ad72d0..0764d12b 100644
--- a/djangorestframework/tests/content.py
+++ b/djangorestframework/tests/content.py
@@ -1,10 +1,29 @@
 """
 Tests for content parsing, and form-overloaded content parsing.
 """
-from django.test import TestCase
+from django.conf.urls.defaults import patterns
+from django.contrib.auth.models import User
+from django.test import TestCase, Client
+from djangorestframework import status
+from djangorestframework.authentication import UserLoggedInAuthentication
 from djangorestframework.compat import RequestFactory
 from djangorestframework.mixins import RequestMixin
-from djangorestframework.parsers import FormParser, MultiPartParser, PlainTextParser
+from djangorestframework.parsers import FormParser, MultiPartParser, \
+    PlainTextParser, JSONParser
+from djangorestframework.response import Response
+from djangorestframework.views import View
+
+class MockView(View):
+    authentication = (UserLoggedInAuthentication,)
+    def post(self, request):
+        if request.POST.get('example') is not None:
+            return Response(status.OK)
+        
+        return Response(status.INTERNAL_SERVER_ERROR)
+
+urlpatterns = patterns('',
+    (r'^$', MockView.as_view()),
+)
 
 class TestContentParsing(TestCase):
     def setUp(self):
@@ -84,3 +103,130 @@ class TestContentParsing(TestCase):
         view.request = self.req.post('/', form_data)
         view.parsers = (PlainTextParser,)
         self.assertEqual(view.DATA, content)
+    
+    def test_accessing_post_after_data_form(self):
+        """Ensures request.POST can be accessed after request.DATA in form request"""
+        form_data = {'qwerty': 'uiop'}
+        view = RequestMixin()
+        view.parsers = (FormParser, MultiPartParser)
+        view.request = self.req.post('/', data=form_data)
+        
+        self.assertEqual(view.DATA.items(), form_data.items())
+        self.assertEqual(view.request.POST.items(), form_data.items())
+    
+    def test_accessing_post_after_data_for_json(self):
+        """Ensures request.POST can be accessed after request.DATA in json request"""
+        from django.utils import simplejson as json
+        
+        data = {'qwerty': 'uiop'}
+        content = json.dumps(data)
+        content_type = 'application/json'
+        
+        view = RequestMixin()
+        view.parsers = (JSONParser,)
+        
+        view.request = self.req.post('/', content, content_type=content_type)
+        
+        self.assertEqual(view.DATA.items(), data.items())
+        self.assertEqual(view.request.POST.items(), [])
+    
+    def test_accessing_post_after_data_for_overloaded_json(self):
+        """Ensures request.POST can be accessed after request.DATA in overloaded json request"""
+        from django.utils import simplejson as json
+        
+        data = {'qwerty': 'uiop'}
+        content = json.dumps(data)
+        content_type = 'application/json'
+        
+        view = RequestMixin()
+        view.parsers = (JSONParser,)
+        
+        form_data = {view._CONTENT_PARAM: content,
+                     view._CONTENTTYPE_PARAM: content_type}
+        
+        view.request = self.req.post('/', data=form_data)
+        
+        self.assertEqual(view.DATA.items(), data.items())
+        self.assertEqual(view.request.POST.items(), form_data.items())
+    
+    def test_accessing_data_after_post_form(self):
+        """Ensures request.DATA can be accessed after request.POST in form request"""
+        form_data = {'qwerty': 'uiop'}
+        view = RequestMixin()
+        view.parsers = (FormParser, MultiPartParser)
+        view.request = self.req.post('/', data=form_data)
+        
+        self.assertEqual(view.request.POST.items(), form_data.items())
+        self.assertEqual(view.DATA.items(), form_data.items())
+    
+    def test_accessing_data_after_post_for_json(self):
+        """Ensures request.DATA can be accessed after request.POST in json request"""
+        from django.utils import simplejson as json
+        
+        data = {'qwerty': 'uiop'}
+        content = json.dumps(data)
+        content_type = 'application/json'
+        
+        view = RequestMixin()
+        view.parsers = (JSONParser,)
+        
+        view.request = self.req.post('/', content, content_type=content_type)
+        
+        post_items = view.request.POST.items()
+        
+        self.assertEqual(len(post_items), 1)
+        self.assertEqual(len(post_items[0]), 2)
+        self.assertEqual(post_items[0][0], content)
+        self.assertEqual(view.DATA.items(), data.items())
+    
+    def test_accessing_data_after_post_for_overloaded_json(self):
+        """Ensures request.DATA can be accessed after request.POST in overloaded json request"""
+        from django.utils import simplejson as json
+        
+        data = {'qwerty': 'uiop'}
+        content = json.dumps(data)
+        content_type = 'application/json'
+        
+        view = RequestMixin()
+        view.parsers = (JSONParser,)
+        
+        form_data = {view._CONTENT_PARAM: content,
+                     view._CONTENTTYPE_PARAM: content_type}
+        
+        view.request = self.req.post('/', data=form_data)
+        
+        self.assertEqual(view.request.POST.items(), form_data.items())
+        self.assertEqual(view.DATA.items(), data.items())
+
+class TestContentParsingWithAuthentication(TestCase):
+    urls = 'djangorestframework.tests.content'
+    
+    def setUp(self):
+        self.csrf_client = Client(enforce_csrf_checks=True)
+        self.username = 'john'
+        self.email = 'lennon@thebeatles.com'
+        self.password = 'password'
+        self.user = User.objects.create_user(self.username, self.email, self.password)
+        self.req = RequestFactory()
+    
+    def test_user_logged_in_authentication_has_post_when_not_logged_in(self):
+        """Ensures request.POST exists after UserLoggedInAuthentication when user doesn't log in"""
+        content = {'example': 'example'}
+        
+        response = self.client.post('/', content)
+        self.assertEqual(status.OK, response.status_code, "POST data is malformed")
+        
+        response = self.csrf_client.post('/', content)
+        self.assertEqual(status.OK, response.status_code, "POST data is malformed")
+    
+    def test_user_logged_in_authentication_has_post_when_logged_in(self):
+        """Ensures request.POST exists after UserLoggedInAuthentication when user does log in"""
+        self.client.login(username='john', password='password')
+        self.csrf_client.login(username='john', password='password')
+        content = {'example': 'example'}
+        
+        response = self.client.post('/', content)
+        self.assertEqual(status.OK, response.status_code, "POST data is malformed")
+        
+        response = self.csrf_client.post('/', content)
+        self.assertEqual(status.OK, response.status_code, "POST data is malformed")
diff --git a/djangorestframework/views.py b/djangorestframework/views.py
index c25bb88f..5f8e84cd 100644
--- a/djangorestframework/views.py
+++ b/djangorestframework/views.py
@@ -40,7 +40,8 @@ class View(ResourceMixin, RequestMixin, ResponseMixin, AuthMixin, DjangoView):
     """
     List of renderers the resource can serialize the response with, ordered by preference.
     """
-    renderers = renderers.DEFAULT_RENDERERS    
+    renderers = renderers.DEFAULT_RENDERERS
+  
     """
     List of parsers the resource can parse the request with.
     """
@@ -159,17 +160,25 @@ class View(ResourceMixin, RequestMixin, ResponseMixin, AuthMixin, DjangoView):
 
 
 class ModelView(View):
-    """A RESTful view that maps to a model in the database."""
+    """
+    A RESTful view that maps to a model in the database.
+    """
     resource = resources.ModelResource
 
 class InstanceModelView(InstanceMixin, ReadModelMixin, UpdateModelMixin, DeleteModelMixin, ModelView):
-    """A view which provides default operations for read/update/delete against a model instance."""
+    """
+    A view which provides default operations for read/update/delete against a model instance.
+    """
     _suffix = 'Instance'
 
 class ListModelView(ListModelMixin, ModelView):
-    """A view which provides default operations for list, against a model in the database."""   
+    """
+    A view which provides default operations for list, against a model in the database.
+    """   
     _suffix = 'List'
 
 class ListOrCreateModelView(ListModelMixin, CreateModelMixin, ModelView):
-    """A view which provides default operations for list and create, against a model in the database."""   
+    """
+    A view which provides default operations for list and create, against a model in the database.
+    """   
     _suffix = 'List'