From 760da25c6018eff02b3aab33dc6fea7c93881d9f Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 17 Dec 2014 16:23:42 +0000 Subject: Update documentation --- api-guide/fields/index.html | 1 + api-guide/pagination/index.html | 2 +- api-guide/permissions/index.html | 13 +++++++++++-- api-guide/relations/index.html | 2 +- api-guide/routers/index.html | 2 +- api-guide/serializers/index.html | 7 +++++++ 6 files changed, 22 insertions(+), 5 deletions(-) (limited to 'api-guide') diff --git a/api-guide/fields/index.html b/api-guide/fields/index.html index eb3fc6f3..c2575416 100644 --- a/api-guide/fields/index.html +++ b/api-guide/fields/index.html @@ -628,6 +628,7 @@ color_channel = serializers.ChoiceField(

Boolean fields

BooleanField

A boolean representation.

+

When using HTML encoded form input be aware that omitting a value will always be treated as setting a field to False, even if it has a default=True option specified. This is because HTML checkbox inputs represent the unchecked state by omitting the value, so REST framework treats omission as if it is an empty checkbox input.

Corresponds to django.db.models.fields.BooleanField.

Signature: BooleanField()

NullBooleanField

diff --git a/api-guide/pagination/index.html b/api-guide/pagination/index.html index 3d861358..870035c2 100644 --- a/api-guide/pagination/index.html +++ b/api-guide/pagination/index.html @@ -513,7 +513,7 @@ class LinksSerializer(serializers.Serializer): class CustomPaginationSerializer(pagination.BasePaginationSerializer): links = LinksSerializer(source='*') # Takes the page object as the source - total_results = serializers.Field(source='paginator.count') + total_results = serializers.ReadOnlyField(source='paginator.count') results_field = 'objects' diff --git a/api-guide/permissions/index.html b/api-guide/permissions/index.html index a8a8ecd3..893d3957 100644 --- a/api-guide/permissions/index.html +++ b/api-guide/permissions/index.html @@ -459,10 +459,19 @@

Together with authentication and throttling, permissions determine whether a request should be granted or denied access.

Permission checks are always run at the very start of the view, before any other code is allowed to proceed. Permission checks will typically use the authentication information in the request.user and request.auth properties to determine if the incoming request should be permitted.

+

Permissions are used to grant or deny access different classes of users to different parts of the API.

+

The simplest style of permission would be to allow access to any authenticated user, and deny access to any unauthenticated user. This corresponds the IsAuthenticated class in REST framework.

+

A slightly less strict style of permission would be to allow full access to authenticated users, but allow read-only access to unauthenticated users. This corresponds to the IsAuthenticatedOrReadOnly class in REST framework.

How permissions are determined

Permissions in REST framework are always defined as a list of permission classes.

Before running the main body of the view each permission in the list is checked. -If any permission check fails an exceptions.PermissionDenied exception will be raised, and the main body of the view will not run.

+If any permission check fails an exceptions.PermissionDenied or exceptions.NotAuthenticated exception will be raised, and the main body of the view will not run.

+

When the permissions checks fail either a "403 Forbidden" or a "401 Unauthorized" response will be returned, according to the following rules:

+

Object level permissions

REST framework permissions also support object-level permissioning. Object level permissions are used to determine if a user should be allowed to act on a particular object, which will typically be a model instance.

Object level permissions are run by REST framework's generic views when .get_object() is called. @@ -526,7 +535,7 @@ def example_view(request, format=None):

This permission is suitable if you want your API to only be accessible to registered users.

IsAdminUser

The IsAdminUser permission class will deny permission to any user, unless user.is_staff is True in which case permission will be allowed.

-

This permission is suitable is you want your API to only be accessible to a subset of trusted administrators.

+

This permission is suitable if you want your API to only be accessible to a subset of trusted administrators.

IsAuthenticatedOrReadOnly

The IsAuthenticatedOrReadOnly will allow authenticated users to perform any request. Requests for unauthorised users will only be permitted if the request method is one of the "safe" methods; GET, HEAD or OPTIONS.

This permission is suitable if you want to your API to allow read permissions to anonymous users, and only allow write permissions to authenticated users.

diff --git a/api-guide/relations/index.html b/api-guide/relations/index.html index 03e88565..2c4fe9b6 100644 --- a/api-guide/relations/index.html +++ b/api-guide/relations/index.html @@ -792,7 +792,7 @@ class Note(models.Model): return 'Note: ' + value.text raise Exception('Unexpected type of tagged object') -

If you need the target of the relationship to have a nested representation, you can use the required serializers inside the .to_native() method:

+

If you need the target of the relationship to have a nested representation, you can use the required serializers inside the .to_representation() method:

    def to_representation(self, value):
         """
         Serialize bookmark instances using a bookmark serializer,
diff --git a/api-guide/routers/index.html b/api-guide/routers/index.html
index 892e9df4..e204b48e 100644
--- a/api-guide/routers/index.html
+++ b/api-guide/routers/index.html
@@ -462,7 +462,7 @@ urlpatterns = router.urls
 
 

 
Note: The base_name argument is used to specify the initial part of the view name pattern.  In the example above, that's the user or account part.

-
Typically you won't need to specify the base-name argument, but if you have a viewset where you've defined a custom get_queryset method, then the viewset may not have a .queryset attribute set.  If you try to register that viewset you'll see an error like this:

+
Typically you won't need to specify the base_name argument, but if you have a viewset where you've defined a custom get_queryset method, then the viewset may not have a .queryset attribute set.  If you try to register that viewset you'll see an error like this:

 
'base_name' argument not specified, and could not automatically determine the name from the viewset, as it does not have a '.queryset' attribute.
 

 
This means you'll need to explicitly set the base_name argument when registering the viewset, as it could not be automatically determined from the model name.

diff --git a/api-guide/serializers/index.html b/api-guide/serializers/index.html
index 71da4a99..54888896 100644
--- a/api-guide/serializers/index.html
+++ b/api-guide/serializers/index.html
@@ -369,6 +369,10 @@
                       Validation
                     
                   
+                    
  • 
+                      Accessing the initial data and instance
+                    
    • 
+                  
                     
  • 
                       Partial updates
                     
    • 
@@ -736,6 +740,9 @@ class GameRecord(serializers.Serializer):
         )

    For more information see the validators documentation.

    +

    Accessing the initial data and instance

    +

    When passing an initial object or queryset to a serializer instance, the object will be made available as .instance. If no initial object is passed then the .instance attribute will be None.

    +

    When passing data to a serializer instance, the unmodified data will be made available as .initial_data. If the data keyword argument is not passed then the .initial_data attribute will not exist.

    Partial updates

    By default, serializers must be passed values for all required fields or they will raise validation errors. You can use the partial argument in order to allow partial updates.

    # Update `comment` with partial data
-- 
cgit v1.2.3