This enables us to make queries like:
http://example.com/api/products?manufacturer__name=foo
This is nice, but it shows underlying model structure in REST API, which may -be undesired, but you can use:
+This is nice, but it exposes the Django's double underscore convention as part of the API. If you instead want to explicitly name the filter argument you can instead explicitly include it on the FilterSet class:
import django_filters
from myapp.models import Product
from myapp.serializers import ProductSerializer
from rest_framework import generics
class ProductFilter(django_filters.FilterSet):
-
manufacturer = django_filters.CharFilter(name="manufacturer__name")
class Meta:
@@ -520,6 +531,7 @@ class ProductFilter(django_filters.FilterSet):
+
+
@@ -172,11 +187,9 @@
format_suffix_patterns
Accept headers vs. format suffixes
-
-
-
-
-
+
+
+
@@ -251,6 +264,7 @@ def comment_list(request, format=None):
+
+
@@ -194,11 +209,9 @@
Third party packages
Django REST Framework bulk
-
-
-
-
-
+
+
+
@@ -475,6 +488,7 @@ class BaseRetrieveUpdateDestroyView(MultipleFieldLookupMixin,
+
+
@@ -178,11 +193,9 @@
Third party packages
DRF-extensions
-
-
-
-
-
+
+
+
@@ -334,6 +347,7 @@ class CustomPaginationSerializer(pagination.BasePaginationSerializer):
+
+
@@ -184,11 +199,9 @@
MessagePack
CamelCase JSON
-
-
-
-
-
+
+
+
@@ -340,6 +353,7 @@ def parse(self, stream, media_type=None, parser_context=None):
+
+
@@ -187,11 +202,9 @@
Composed Permissions
REST Condition
-
-
-
-
-
+
+
+
@@ -223,6 +236,9 @@ or if you override the get_object method on a generic view, then yo
self.check_object_permissions(self.request, obj)
return obj
For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects.
+Often when you're using object level permissions you'll also want to filter the queryset appropriately, to ensure that users only have visibility onto instances that they are permitted to view.
The default permission policy may be set globally, using the DEFAULT_PERMISSION_CLASSES setting. For example.
REST_FRAMEWORK = {
@@ -383,6 +399,7 @@ class BlacklistPermission(permissions.BasePermission):
+
+
@@ -188,11 +203,9 @@
Third Party Packages
DRF Nested Routers
-
-
-
-
-
+
+
+
@@ -584,6 +597,7 @@ In the 2.4 release, these parts of the API will be removed entirely.
+
+
@@ -198,11 +213,9 @@
UltraJSON
CamelCase JSON
-
-
-
-
-
+
+
+
@@ -523,6 +536,7 @@ In this case you can underspecify the media types it should respond to, by using
+
+
@@ -184,11 +199,9 @@
.stream
Standard HttpRequest attributes
-
-
-
-
-
+
+
+
@@ -282,6 +295,7 @@
+
+
@@ -182,11 +197,9 @@
Standard HttpResponse attributes
.render()
-
-
-
-
-
+
+
+
@@ -265,6 +278,7 @@ response['Cache-Control'] = 'no-cache'
+
+
@@ -172,11 +187,9 @@
reverse
reverse_lazy
-
-
-
-
-
+
+
+
@@ -240,6 +253,7 @@ class APIRootView(APIView):
+
+
@@ -181,11 +196,9 @@
wq.db
DRF-extensions
-
-
-
-
-
+
+
+
@@ -354,6 +367,7 @@ app.router.register_model(MyModel)
+
+
@@ -191,11 +206,9 @@
Dynamically modifying fields
Customising the default fields
-
-
-
-
-
+
+
+
@@ -666,6 +679,7 @@ The ModelSerializer class lets you automatically create a Serialize
+
+
@@ -180,11 +195,9 @@
View names and descriptions
Miscellaneous settings
-
-
-
-
-
+
+
+
@@ -438,6 +451,7 @@ If set to None then generic filtering is disabled.
+
+
@@ -176,11 +191,9 @@
Server Error - 5xx
Helper functions
-
-
-
-
-
+
+
+
@@ -300,6 +313,7 @@ is_server_error() # 5xx
+
+
@@ -186,11 +201,9 @@
Setting the default format
Setting the available formats
-
-
-
-
-
+
+
+
@@ -412,6 +425,7 @@ self.assertEqual(response.content, '{"username": "lauren", "id": 4}')
+
+
@@ -179,11 +194,9 @@
Custom throttles
Example
-
-
-
-
-
+
+
+
@@ -344,6 +357,7 @@ class UploadView(APIView):
+
+
@@ -177,11 +192,9 @@
@api_view()
API policy decorators
-
-
-
-
-
+
+
+
@@ -321,6 +334,7 @@ def view(request):
+
+
@@ -179,11 +194,9 @@
Custom ViewSet base classes
Example
-
-
-
-
-
+
+
+
@@ -398,6 +411,7 @@ class UserViewSet(viewsets.ModelViewSet):
+