From 0756ca1f42cd7768f9450ec004a65664678ddf82 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 16 Jan 2013 14:35:30 +0000 Subject: Added @steve-gregory for nullable slug relation tests. See: #585 --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index b0b00c12..68d07f20 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -91,6 +91,7 @@ The following people have helped make REST framework great. * Richard Wackerbarth - [wackerbarth] * Johannes Spielmann - [shezi] * James Cleveland - [radiosilence] +* Steve Gregory - [steve-gregory] Many thanks to everyone who's contributed to the project. @@ -217,3 +218,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [wackerbarth]: https://github.com/wackerbarth [shezi]: https://github.com/shezi [radiosilence]: https://github.com/radiosilence +[steve-gregory]: https://github.com/steve-gregory -- cgit v1.2.3 From fecfe57aeff8a10841b0ff1f51a7e4747ce897fb Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 16 Jan 2013 14:36:37 +0000 Subject: Updated release notes. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index f43dc1d3..74c3b74a 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -19,6 +19,7 @@ Major version numbers (x.0.0) are reserved for project milestones. No major poi ### Master * Support json encoding of timedelta objects. +* Bugfix: Support nullable FKs with `SlugRelatedField`. ### 2.1.16 -- cgit v1.2.3 From 0f0a07b732a4bd90957c08b01d51e70c7e739d5d Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 16 Jan 2013 14:41:57 +0000 Subject: Note changes to Decimal rendering to json behavior. Fixes #582. --- docs/topics/release-notes.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 74c3b74a..e00a5e93 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -25,13 +25,15 @@ Major version numbers (x.0.0) are reserved for project milestones. No major poi **Date**: 14th Jan 2013 -* Deprecate django.utils.simplejson in favor of Python 2.6's built-in json module. +* Deprecate `django.utils.simplejson` in favor of Python 2.6's built-in json module. * Bugfix: `auto_now`, `auto_now_add` and other `editable=False` fields now default to read-only. * Bugfix: PK fields now only default to read-only if they are an AutoField or if `editable=False`. * Bugfix: Validation errors instead of exceptions when serializers receive incorrect types. * Bugfix: Validation errors instead of exceptions when related fields receive incorrect types. * Bugfix: Handle ObjectDoesNotExist exception when serializing null reverse one-to-one +**Note**: Prior to 2.1.16, The Decimals would render in JSON using floating point if `simplejson` was installed, but otherwise render using string notation. Now that use of `simplejson` has been deprecated, Decimals will consistently render using string notation. See [#582] for more details. + ### 2.1.15 **Date**: 3rd Jan 2013 @@ -324,3 +326,4 @@ This change will not affect user code, so long as it's following the recommended [staticfiles13]: https://docs.djangoproject.com/en/1.3/howto/static-files/#with-a-template-tag [2.1.0-notes]: https://groups.google.com/d/topic/django-rest-framework/Vv2M0CMY9bg/discussion [announcement]: rest-framework-2-announcement.md +[#582]: https://github.com/tomchristie/django-rest-framework/issues/582 -- cgit v1.2.3 From 06724017810c84a36521762a6f025bf4d3007006 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 18 Jan 2013 22:00:59 +0000 Subject: Update release notes. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index e00a5e93..bbe11fac 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -19,6 +19,7 @@ Major version numbers (x.0.0) are reserved for project milestones. No major poi ### Master * Support json encoding of timedelta objects. +* Bugfix: Return proper validation errors when incorrect types supplied for relational fields. * Bugfix: Support nullable FKs with `SlugRelatedField`. ### 2.1.16 -- cgit v1.2.3 From 4b61ead53ff3d13e55346e07317612096f704af8 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 18 Jan 2013 22:30:03 +0000 Subject: Added @nemesisdesign, for documentation on Apache mod_wsgi setup. Thanks! Refs #588. --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 68d07f20..6529813f 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -92,6 +92,7 @@ The following people have helped make REST framework great. * Johannes Spielmann - [shezi] * James Cleveland - [radiosilence] * Steve Gregory - [steve-gregory] +* Federico Capoano - [nemesisdesign] Many thanks to everyone who's contributed to the project. @@ -219,3 +220,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [shezi]: https://github.com/shezi [radiosilence]: https://github.com/radiosilence [steve-gregory]: https://github.com/steve-gregory +[nemesisdesign]: https://github.com/nemesisdesign -- cgit v1.2.3 From 199fa766ff7b5c7606e8f835dcf2d1d979da38b1 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sat, 19 Jan 2013 17:00:20 +0000 Subject: Update release notes --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index bbe11fac..58471a79 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -19,6 +19,7 @@ Major version numbers (x.0.0) are reserved for project milestones. No major poi ### Master * Support json encoding of timedelta objects. +* `format_suffix_patterns()` now supports `include` style URL patterns. * Bugfix: Return proper validation errors when incorrect types supplied for relational fields. * Bugfix: Support nullable FKs with `SlugRelatedField`. -- cgit v1.2.3 From 42fcc3599c7d6aff2b50e534af4a5efbe3ce8c47 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sun, 20 Jan 2013 15:50:16 +0000 Subject: Added @brutasse for docs fix #600. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 6529813f..49050196 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -93,6 +93,7 @@ The following people have helped make REST framework great. * James Cleveland - [radiosilence] * Steve Gregory - [steve-gregory] * Federico Capoano - [nemesisdesign] +* Bruno Renié - [brutasse] Many thanks to everyone who's contributed to the project. @@ -221,3 +222,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [radiosilence]: https://github.com/radiosilence [steve-gregory]: https://github.com/steve-gregory [nemesisdesign]: https://github.com/nemesisdesign +[brutasse]: https://github.com/brutasse -- cgit v1.2.3 From e29ba356f054222893655901923811bd9675d4cc Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 21 Jan 2013 17:53:27 +0000 Subject: Added @kevinastone, for work on extra test cases in #602. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 49050196..b033ecba 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -94,6 +94,7 @@ The following people have helped make REST framework great. * Steve Gregory - [steve-gregory] * Federico Capoano - [nemesisdesign] * Bruno Renié - [brutasse] +* Kevin Stone - [kevinastone] Many thanks to everyone who's contributed to the project. @@ -223,3 +224,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [steve-gregory]: https://github.com/steve-gregory [nemesisdesign]: https://github.com/nemesisdesign [brutasse]: https://github.com/brutasse +[kevinastone]: https://github.com/kevinastone -- cgit v1.2.3 From cf52c0e044882a98892bc3d5700b8952ed9c4e49 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 22 Jan 2013 17:42:06 +0000 Subject: Update release notes. --- docs/topics/release-notes.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 58471a79..ebbe6876 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -18,11 +18,14 @@ Major version numbers (x.0.0) are reserved for project milestones. No major poi ### Master +* Support proper 401 Unauthorized responses where appropriate, instead of always using 403 Forbidden. * Support json encoding of timedelta objects. * `format_suffix_patterns()` now supports `include` style URL patterns. * Bugfix: Return proper validation errors when incorrect types supplied for relational fields. * Bugfix: Support nullable FKs with `SlugRelatedField`. +**Note**: If the primary authentication class is `TokenAuthentication` or `BasicAuthentication`, a view will now correctly return 401 responses to unauthenticated access, with an appropriate `WWW-Authenticate` header, instead of 403 responses. + ### 2.1.16 **Date**: 14th Jan 2013 -- cgit v1.2.3 From 30046cae8c64790d7ae0d9ca4d2faee1cd2968aa Mon Sep 17 00:00:00 2001 From: Stephan Groß Date: Wed, 23 Jan 2013 07:55:00 +0100 Subject: Add validate_ bugfix to release notes --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 58471a79..54c249bb 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -22,6 +22,7 @@ Major version numbers (x.0.0) are reserved for project milestones. No major poi * `format_suffix_patterns()` now supports `include` style URL patterns. * Bugfix: Return proper validation errors when incorrect types supplied for relational fields. * Bugfix: Support nullable FKs with `SlugRelatedField`. +* Bugfix: Don't call custom validation methods if the field has an error. ### 2.1.16 -- cgit v1.2.3 From fa349f4b552d8ac5a29ab895bfb8ad1e2432a6ff Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sat, 26 Jan 2013 20:13:44 +0000 Subject: Added @guglielmo, for the tutorial fix in #614. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index b033ecba..7cffbede 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -95,6 +95,7 @@ The following people have helped make REST framework great. * Federico Capoano - [nemesisdesign] * Bruno Renié - [brutasse] * Kevin Stone - [kevinastone] +* Guglielmo Celata - [guglielmo] Many thanks to everyone who's contributed to the project. @@ -225,3 +226,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [nemesisdesign]: https://github.com/nemesisdesign [brutasse]: https://github.com/brutasse [kevinastone]: https://github.com/kevinastone +[guglielmo]: https://github.com/guglielmo -- cgit v1.2.3 From a75db4cfb8ed756c451bfda7ea0c73a73859216f Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sat, 26 Jan 2013 20:59:15 +0000 Subject: Version 2.1.17 --- docs/topics/release-notes.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 4bd73e78..0c3ebca0 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -16,11 +16,15 @@ Major version numbers (x.0.0) are reserved for project milestones. No major poi ## 2.1.x series -### Master +### 2.1.17 + +**Date**: 26th Jan 2013 * Support proper 401 Unauthorized responses where appropriate, instead of always using 403 Forbidden. * Support json encoding of timedelta objects. -* `format_suffix_patterns()` now supports `include` style URL patterns. +* `format_suffix_patterns()` now supports `include` style URL patterns. +* Bugfix: Fix issues with custom pagination serializers. +* Bugfix: Nested serializers now accept `source='*'` argument. * Bugfix: Return proper validation errors when incorrect types supplied for relational fields. * Bugfix: Support nullable FKs with `SlugRelatedField`. * Bugfix: Don't call custom validation methods if the field has an error. -- cgit v1.2.3 From a7479e02faf37da8987d5933d8c259b045ef1be8 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sun, 27 Jan 2013 17:23:56 +0000 Subject: AJAX, CSRF & CORS documentation --- docs/topics/ajax-csrf-cors.md | 41 +++++++++++++++++++++++++++++++++++++++++ docs/topics/csrf.md | 12 ------------ 2 files changed, 41 insertions(+), 12 deletions(-) create mode 100644 docs/topics/ajax-csrf-cors.md delete mode 100644 docs/topics/csrf.md (limited to 'docs/topics') diff --git a/docs/topics/ajax-csrf-cors.md b/docs/topics/ajax-csrf-cors.md new file mode 100644 index 00000000..b7e5dff6 --- /dev/null +++ b/docs/topics/ajax-csrf-cors.md @@ -0,0 +1,41 @@ +# Working with AJAX, CSRF & CORS + +> "Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability — very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one." +> +> — [Jeff Atwood][cite] + +## Javascript clients + +If your building a javascript client to interface with your Web API, you'll need to consider if the client can use the same authentication policy that is used by the rest of the website, and also determine if you need to use CSRF tokens or CORS headers. + +AJAX requests that are made within the same context as the API they are interacting with will typically use `SessionAuthentication`. This ensures that once a user has logged in, any AJAX requests made can be authenticated using the same session-based authentication that is used for the rest of the website. + +AJAX requests that are made on a different site from the API they are communicating with will typically need to use a non-session-based authentication scheme, such as `TokenAuthentication`. + +## CSRF protection + +[Cross Site Request Forgery][csrf] protection is a mechanism of guarding against a particular type of attack, which can occur when a user has not logged out of a web site, and continues to have a valid session. In this circumstance a malicious site may be able to perform actions against the target site, within the cotext of the logged-in session. + +To guard against these type of attacks, you need to do two things: + +1. Ensure that the 'safe' HTTP operations, such as `GET`, `HEAD` and `OPTIONS` cannot be used to alter any server-side state. +2. Ensure that any 'unsafe' HTTP operations, such as `POST`, `PUT`, `PATCH` and `DELETE`, always require a valid CSRF token. + +If you're using `SessionAuthentication` you'll need to include valid CSRF tokens for any `POST`, `PUT`, `PATCH` or `DELETE` operations. + +The Django documentation describes how to [include CSRF tokens in AJAX requests][csrf-ajax]. + +## CORS + +[Cross-Origin Resource Sharing][cors] is a mechanism for allowing clients to interact with APIs that are hosted on a different domain. CORS works by requiring the server to include a specific set of headers that allow a browser to determine if and when cross-domain requests should be allowed. + +The best way to deal with CORS in REST framework is to add the required response headers in middleware. This ensures that CORS is supported transparently, without having to change any behavior in your views. + +[Otto Yiu][ottoyiu] maintains the [django-cors-headers] package, which is known to work correctly with REST framework APIs. + +[cite]: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html +[csrf]: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) +[csrf-ajax]: http://djangoproject.com/en/dev/ref/contrib/csrf/#ajax +[cors]: http://www.w3.org/TR/cors/ +[ottoyiu]: https://github.com/ottoyiu/ +[django-cors-headers]: https://github.com/ottoyiu/django-cors-headers/ diff --git a/docs/topics/csrf.md b/docs/topics/csrf.md deleted file mode 100644 index 043144c1..00000000 --- a/docs/topics/csrf.md +++ /dev/null @@ -1,12 +0,0 @@ -# Working with AJAX and CSRF - -> "Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one." -> -> — [Jeff Atwood][cite] - -* Explain need to add CSRF token to AJAX requests. -* Explain deferred CSRF style used by REST framework -* Why you should use Django's standard login/logout views, and not REST framework view - - -[cite]: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html -- cgit v1.2.3 From d4f38dece44d0d57c1eb71584807219e6e893055 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sun, 27 Jan 2013 17:32:54 +0000 Subject: Fix link to django docs. --- docs/topics/ajax-csrf-cors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/ajax-csrf-cors.md b/docs/topics/ajax-csrf-cors.md index b7e5dff6..a96d6ac5 100644 --- a/docs/topics/ajax-csrf-cors.md +++ b/docs/topics/ajax-csrf-cors.md @@ -35,7 +35,7 @@ The best way to deal with CORS in REST framework is to add the required response [cite]: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html [csrf]: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) -[csrf-ajax]: http://djangoproject.com/en/dev/ref/contrib/csrf/#ajax +[csrf-ajax]: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax [cors]: http://www.w3.org/TR/cors/ [ottoyiu]: https://github.com/ottoyiu/ [django-cors-headers]: https://github.com/ottoyiu/django-cors-headers/ -- cgit v1.2.3 From ccb4ef081191bb8fa3d76d698d61190c1d9c3f65 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sun, 27 Jan 2013 19:34:16 +0000 Subject: Typo --- docs/topics/ajax-csrf-cors.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/ajax-csrf-cors.md b/docs/topics/ajax-csrf-cors.md index a96d6ac5..f7d12940 100644 --- a/docs/topics/ajax-csrf-cors.md +++ b/docs/topics/ajax-csrf-cors.md @@ -14,7 +14,7 @@ AJAX requests that are made on a different site from the API they are communicat ## CSRF protection -[Cross Site Request Forgery][csrf] protection is a mechanism of guarding against a particular type of attack, which can occur when a user has not logged out of a web site, and continues to have a valid session. In this circumstance a malicious site may be able to perform actions against the target site, within the cotext of the logged-in session. +[Cross Site Request Forgery][csrf] protection is a mechanism of guarding against a particular type of attack, which can occur when a user has not logged out of a web site, and continues to have a valid session. In this circumstance a malicious site may be able to perform actions against the target site, within the context of the logged-in session. To guard against these type of attacks, you need to do two things: -- cgit v1.2.3 From 896477f6509fb56ec0a946560748885f6ca6fe8d Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 28 Jan 2013 07:54:03 +0000 Subject: Added @mktums for docs fix in #621. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 7cffbede..19a6397c 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -96,6 +96,7 @@ The following people have helped make REST framework great. * Bruno Renié - [brutasse] * Kevin Stone - [kevinastone] * Guglielmo Celata - [guglielmo] +* Mike Tums - [mktums] Many thanks to everyone who's contributed to the project. @@ -227,3 +228,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [brutasse]: https://github.com/brutasse [kevinastone]: https://github.com/kevinastone [guglielmo]: https://github.com/guglielmo +[mktums]: https://github.com/mktums -- cgit v1.2.3 From 3bcd38b7d0ddaa2c051ad230cb0d749f9737fd82 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 28 Jan 2013 09:10:23 +0000 Subject: Notes on upgrading and versioning. Fixes #620. --- docs/topics/release-notes.md | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 0c3ebca0..84b30d85 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -12,6 +12,16 @@ Medium version numbers (0.x.0) may include minor API changes. You should read t Major version numbers (x.0.0) are reserved for project milestones. No major point releases are currently planned. +## Upgrading + +To upgrade Django REST framework to the latest version, use pip: + + pip install -U djangorestframework + +You can determine your currently installed version using `pip freeze`: + + pip freeze | grep djangorestframework + --- ## 2.1.x series -- cgit v1.2.3 From 2f14d79f4aad89a2a1ebd1191d99bdada2274fe9 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 28 Jan 2013 11:43:41 +0000 Subject: Added @wronglink, for docs fixes in #592. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 19a6397c..930cc056 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -97,6 +97,7 @@ The following people have helped make REST framework great. * Kevin Stone - [kevinastone] * Guglielmo Celata - [guglielmo] * Mike Tums - [mktums] +* Michael Elovskikh - [wronglink] Many thanks to everyone who's contributed to the project. @@ -229,3 +230,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [kevinastone]: https://github.com/kevinastone [guglielmo]: https://github.com/guglielmo [mktums]: https://github.com/mktums +[wronglink]: https://github.com/wronglink -- cgit v1.2.3 From 94c4a54bf806aef7af6b5f8b5d996060f1daad0f Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 28 Jan 2013 12:23:18 +0000 Subject: Update release notes. --- docs/topics/release-notes.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 84b30d85..945d4018 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -26,6 +26,10 @@ You can determine your currently installed version using `pip freeze`: ## 2.1.x series +### Master + +* Fix styling on browsable API login. + ### 2.1.17 **Date**: 26th Jan 2013 -- cgit v1.2.3 From 141814585c72828f099a76c54bf2a5191833fc04 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 28 Jan 2013 12:58:22 +0000 Subject: Update release notes --- docs/topics/release-notes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 945d4018..a6de1188 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -28,7 +28,8 @@ You can determine your currently installed version using `pip freeze`: ### Master -* Fix styling on browsable API login. +* Bugfix: Fix styling on browsable API login. +* Bugfix: Ensure model field validation is still applied for ModelSerializer subclasses with an custom `.restore_object()` method. ### 2.1.17 -- cgit v1.2.3 From 54096a19fc096c884c57e7a06340bf295a9098fb Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 28 Jan 2013 21:08:53 +0000 Subject: Added @swistakm, for docs fix #625. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 930cc056..7e0546c7 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -98,6 +98,7 @@ The following people have helped make REST framework great. * Guglielmo Celata - [guglielmo] * Mike Tums - [mktums] * Michael Elovskikh - [wronglink] +* Michał Jaworski - [swistakm] Many thanks to everyone who's contributed to the project. @@ -231,3 +232,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [guglielmo]: https://github.com/guglielmo [mktums]: https://github.com/mktums [wronglink]: https://github.com/wronglink +[swistakm]: https://github.com/swistakm -- cgit v1.2.3 From 5f065153c31b586ca058deb8f6bd48303e3628e5 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 29 Jan 2013 09:10:37 +0000 Subject: Added @z4r. Thanks! For ensuring `django-jsonfield` compatibility, via #629.--- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 7e0546c7..2aa2c715 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -99,6 +99,7 @@ The following people have helped make REST framework great. * Mike Tums - [mktums] * Michael Elovskikh - [wronglink] * Michał Jaworski - [swistakm] +* Andrea de Marco - [z4r] Many thanks to everyone who's contributed to the project. @@ -233,3 +234,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [mktums]: https://github.com/mktums [wronglink]: https://github.com/wronglink [swistakm]: https://github.com/swistakm +[z4r]: https://github.com/z4r -- cgit v1.2.3 From ce914b03ed602f76a6b75eb76417a8711b6a8b5e Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 30 Jan 2013 12:42:51 +0000 Subject: Updated release notes. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index a6de1188..70c915b7 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -29,6 +29,7 @@ You can determine your currently installed version using `pip freeze`: ### Master * Bugfix: Fix styling on browsable API login. +* Bugfix: Fix issue with deserializing empty to-many relations. * Bugfix: Ensure model field validation is still applied for ModelSerializer subclasses with an custom `.restore_object()` method. ### 2.1.17 -- cgit v1.2.3 From 8021bb5d5089955b171173e60dcc0968e13d29ea Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 30 Jan 2013 12:43:52 +0000 Subject: Added @fernandogrd for bugfix #632. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 2aa2c715..a67a8169 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -100,6 +100,7 @@ The following people have helped make REST framework great. * Michael Elovskikh - [wronglink] * Michał Jaworski - [swistakm] * Andrea de Marco - [z4r] +* Fernando Rocha - [fernandogrd] Many thanks to everyone who's contributed to the project. @@ -235,3 +236,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [wronglink]: https://github.com/wronglink [swistakm]: https://github.com/swistakm [z4r]: https://github.com/z4r +[fernandogrd]: https://github.com/fernandogrd -- cgit v1.2.3 From b9f1fbb5d2a3a303968d3afbe72751219583b28b Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 1 Feb 2013 15:10:52 +0000 Subject: Added @xordoquy for the incredible py3k work! Commiter number 100! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index a67a8169..ebca4491 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -101,6 +101,7 @@ The following people have helped make REST framework great. * Michał Jaworski - [swistakm] * Andrea de Marco - [z4r] * Fernando Rocha - [fernandogrd] +* Xavier Ordoquy - [xordoquy] Many thanks to everyone who's contributed to the project. @@ -237,3 +238,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [swistakm]: https://github.com/swistakm [z4r]: https://github.com/z4r [fernandogrd]: https://github.com/fernandogrd +[xordoquy]: https://github.com/xordoquy -- cgit v1.2.3 From bdc97c561147130b59c8cd8cc6bc735eab8b223d Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 6 Feb 2013 08:52:21 +0000 Subject: 2.2 Release notes (wip) --- docs/topics/2.2-release-notes.md | 101 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 docs/topics/2.2-release-notes.md (limited to 'docs/topics') diff --git a/docs/topics/2.2-release-notes.md b/docs/topics/2.2-release-notes.md new file mode 100644 index 00000000..32b3ad8c --- /dev/null +++ b/docs/topics/2.2-release-notes.md @@ -0,0 +1,101 @@ +# REST framework 2.2 release notes + +The 2.2 release represents an important point for REST framework, with the addition of Python 3 support, and the introduction of an official deprecation policy. + +## Python 3 support + +Thanks to some fantastic work from [Xavier Ordoquy][xordoquy], Django REST framework 2.2 now supports Python 3. You'll need to be running Django 1.5, and it's worth keeping in mind that Django's Python 3 support is currently [considered experimental][django-python-3]. + +Django 1.6's Python 3 support is expected to be officially labeled as 'production-ready'. + +If you want to start ensuring that your own projects are Python 3 ready, we can highly recommend Django's [Porting to Python 3][porting-python-3] documentation. + +## Deprecation policy + +We've now introduced an official deprecation policy, which is in line with [Django's deprecation policy][django-deprecation-policy]. This policy will make it easy for you to continue to track the latest, greatest version of REST framework. + +The timeline for deprecation works as follows: + +* Version 2.2 introduces some API changes as detailed in the release notes. It remains fully backwards compatible with 2.1, but will raise `PendingDeprecationWarning` warnings if you use bits API that are due to be deprecated. These warnings are silent by default, but can be explicitly enabled when you're ready to start migrating any required changes. For example if you start running your tests using `python -Wd manage.py test`, you'll be warned of any API changes you need to make. + +* Version 2.3 will escalate these warnings to `DeprecationWarning`, which is loud by default. + +* Version 2.4 will remove the deprecated bits of API entirely. + +Note that in line with Django's policy, any parts of the framework not mentioned in the documentation should generally be considered private API, and may be subject to change. + +## Community + +As of the 2.2 merge, we've also hit an impressive milestone. The number of committers listed in [the credits][credits], is now at over **one hundred individuals**. Each name on that list represents at least one merged pull request, however large or small. + +Our [mailing list][mailing-list] and #restframework IRC channel are also very active, and we've got a really impressive rate of development both on REST framework itself, and on third party packages such as the great [django-rest-framework-docs][django-rest-framework-docs] package from [Marc Gibbons][marcgibbons]. + +## API changes + +The 2.2 release makes a few changes to the serializer fields API, in order to make it more consistent, simple, and easier to use. + +### Cleaner to-many related fields + +The `ManyRelatedField()` style is being deprecated in favor of a new `RelatedField(many=True)` syntax. + +For example, if a user is associated with multiple questions, which we want to represent using a primary key relationship, we might use something like the following: + + class UserSerializer(serializers.HyperlinkedModelSerializer): + questions = serializers.PrimaryKeyRelatedField(many=True) + + class Meta: + fields = ('username', 'questions') + +The new syntax is cleaner and more obvious, and the change will also make the documentation cleaner, simplify the internal API, and make writing custom relational fields easier. + +The change also applies to serializers. If you have a nested serializer, you should start using `many=True` for to-many relationships. For example, a serializer representation of an Album that can contain many Tracks might look something like this: + + class TrackSerializer(serializer.ModelSerializer): + class Meta: + model = Track + fields = ('name', 'duration') + + class AlbumSerializer(serializer.ModelSerializer): + tracks = TrackSerializer(many=True) + + class Meta: + model = Album + fields = ('album_name', 'artist', 'tracks') + +Additionally, the change also applies when serializing or deserializing data. For example to serialize a queryset of models you should now use the `many=True` flag. + + serializer = SnippetSerializer(Snippet.objects.all(), many=True) + serializer.data + +This more explicit behavior on serializing and deserializing data [makes integration with non-ORM backends such as MongoDB easier][564], as instances to be serialized can include the `__iter__` method, without incorrectly triggering list-based serialization, or requiring workarounds. + +The implicit to-many behavior on serializers, and the `ManyRelatedField` style classes will continue to function, but will raise a `PendingDeprecationWarning`, which can be made visible using the `-Wd` flag. + +### Cleaner optional relationships + +Serializer relationships for nullable Foreign Keys will change from using the current `null=True` flag, to instead using `required=False`. + +This is in line both with the rest of the serializer fields API, and with Django's `Form` and `ModelForm` API. + +Using `required` throughout the serializers API means you won't need to consider if a particular field should take `blank` or `null` arguments instead of `required`, and also means there will be more consistent behavior for how fields are treated when they are not present in the incoming data. + +The `null=True` argument will continue to function, and will imply `required=False`, but will raise a `PendingDeprecationWarning`. + +### Cleaner CharField syntax + +The `CharField` API previously took an optional `blank=True` argument, which was intended to differentiate between null CharField input, and blank CharField input. + +In keeping with Django's CharField API, REST framework's `CharField` will only ever return the empty string, for missing or `None` inputs. The `blank` flag will no longer be in use, and you should instead just use the `required=` flag. + +The `blank` keyword argument will continue to function, but will raise a `PendingDeprecationWarning`. + +[xordoquy]: https://github.com/xordoquy +[django-python-3]: https://docs.djangoproject.com/en/dev/faq/install/#can-i-use-django-with-python-3 +[porting-python-3]: https://docs.djangoproject.com/en/dev/topics/python3/ +[django-deprecation-policy]: https://docs.djangoproject.com/en/dev/internals/release-process/#internal-release-deprecation-policy +[credits]: http://django-rest-framework.org/topics/credits.html +[mailing-list]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework +[django-rest-framework-docs]: https://github.com/marcgibbons/django-rest-framework-docs +[marcgibbons]: https://github.com/marcgibbons/ +[issues]: https://github.com/tomchristie/django-rest-framework/issues +[564]: https://github.com/tomchristie/django-rest-framework/issues/564 -- cgit v1.2.3 From 4788c87b76782b828d4c504e8a5deab4e07ebcd4 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 6 Feb 2013 12:35:05 +0000 Subject: Fix mismatch between template blocks and docs. Fixes #639. --- docs/topics/browsable-api.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/browsable-api.md b/docs/topics/browsable-api.md index 9fe82e69..5f80c4f9 100644 --- a/docs/topics/browsable-api.md +++ b/docs/topics/browsable-api.md @@ -35,23 +35,20 @@ A suitable replacement theme can be generated using Bootstrap's [Customize Tool] You can also change the navbar variant, which by default is `navbar-inverse`, using the `bootstrap_navbar_variant` block. The empty `{% block bootstrap_navbar_variant %}{% endblock %}` will use the original Bootstrap navbar style. -For more specific CSS tweaks, use the `extra_style` block instead. +For more specific CSS tweaks, use the `style` block instead. ### Blocks All of the blocks available in the browsable API base template that can be used in your `api.html`. -* `blockbots` - `` tag that blocks crawlers * `bodyclass` - (empty) class attribute for the `` * `bootstrap_theme` - CSS for the Bootstrap theme * `bootstrap_navbar_variant` - CSS class for the navbar * `branding` - section of the navbar, see [Bootstrap components][bcomponentsnav] * `breadcrumbs` - Links showing resource nesting, allowing the user to go back up the resources. It's recommended to preserve these, but they can be overridden using the breadcrumbs block. -* `extrastyle` - (empty) extra CSS for the page -* `extrahead` - (empty) extra markup for the page `` * `footer` - Any copyright notices or similar footer materials can go here (by default right-aligned) -* `global_heading` - (empty) Use to insert content below the header but before the breadcrumbs. +* `style` - CSS stylesheets for the page * `title` - title of the page * `userlinks` - This is a list of links on the right of the header, by default containing login/logout links. To add links instead of replace, use {{ block.super }} to preserve the authentication links. -- cgit v1.2.3 From 691a8f682dcd1e5e839ce36ac259f08ba9a2e216 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 6 Feb 2013 12:48:08 +0000 Subject: Note on turning off implicit many behavior. Refs #564. --- docs/topics/2.2-release-notes.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/2.2-release-notes.md b/docs/topics/2.2-release-notes.md index 32b3ad8c..ab1ab0c5 100644 --- a/docs/topics/2.2-release-notes.md +++ b/docs/topics/2.2-release-notes.md @@ -71,6 +71,8 @@ This more explicit behavior on serializing and deserializing data [makes integra The implicit to-many behavior on serializers, and the `ManyRelatedField` style classes will continue to function, but will raise a `PendingDeprecationWarning`, which can be made visible using the `-Wd` flag. +**Note**: If you need to forcibly turn off the implict "`many=True` for `__iter__` objects" behavior, you can now do so by specifying `many=False`. This will become the default (instead of the current default of `None`) once the deprecation of the implicit behavior is finalised in version 2.4. + ### Cleaner optional relationships Serializer relationships for nullable Foreign Keys will change from using the current `null=True` flag, to instead using `required=False`. -- cgit v1.2.3 From cc2ec2bbf0aee53d360a81cf338361feca1e8f80 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 6 Feb 2013 12:57:59 +0000 Subject: Tweaks to release notes. --- docs/topics/2.2-release-notes.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/2.2-release-notes.md b/docs/topics/2.2-release-notes.md index ab1ab0c5..be9c8ab0 100644 --- a/docs/topics/2.2-release-notes.md +++ b/docs/topics/2.2-release-notes.md @@ -77,6 +77,10 @@ The implicit to-many behavior on serializers, and the `ManyRelatedField` style c Serializer relationships for nullable Foreign Keys will change from using the current `null=True` flag, to instead using `required=False`. +For example, is a user account has an optional foreign key to a company, that you want to express using a hyperlink, you might use the following field in a `Serializer` class: + + current_company = serializers.HyperlinkedRelatedField(required=False) + This is in line both with the rest of the serializer fields API, and with Django's `Form` and `ModelForm` API. Using `required` throughout the serializers API means you won't need to consider if a particular field should take `blank` or `null` arguments instead of `required`, and also means there will be more consistent behavior for how fields are treated when they are not present in the incoming data. @@ -87,7 +91,9 @@ The `null=True` argument will continue to function, and will imply `required=Fal The `CharField` API previously took an optional `blank=True` argument, which was intended to differentiate between null CharField input, and blank CharField input. -In keeping with Django's CharField API, REST framework's `CharField` will only ever return the empty string, for missing or `None` inputs. The `blank` flag will no longer be in use, and you should instead just use the `required=` flag. +In keeping with Django's CharField API, REST framework's `CharField` will only ever return the empty string, for missing or `None` inputs. The `blank` flag will no longer be in use, and you should instead just use the `required=` flag. For example: + + extra_details = CharField(required=False) The `blank` keyword argument will continue to function, but will raise a `PendingDeprecationWarning`. -- cgit v1.2.3 From c18fb0d6953940f63cd8747a5ce543d31999996f Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 6 Feb 2013 21:28:03 +0000 Subject: Added a `post_save` hook. Closes #558. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 70c915b7..d5f060e7 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -28,6 +28,7 @@ You can determine your currently installed version using `pip freeze`: ### Master +* Added a `post_save()` hook to the generic views. * Bugfix: Fix styling on browsable API login. * Bugfix: Fix issue with deserializing empty to-many relations. * Bugfix: Ensure model field validation is still applied for ModelSerializer subclasses with an custom `.restore_object()` method. -- cgit v1.2.3 From 670ac25b25a3c7fb54fca6aa9344b8250ab49edb Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 7 Feb 2013 12:57:40 +0000 Subject: Allow serializers to handle dicts as well as objects. Fixes #447. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index d5f060e7..4317b83c 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -29,6 +29,7 @@ You can determine your currently installed version using `pip freeze`: ### Master * Added a `post_save()` hook to the generic views. +* Allow serializers to handle dicts as well as objects. * Bugfix: Fix styling on browsable API login. * Bugfix: Fix issue with deserializing empty to-many relations. * Bugfix: Ensure model field validation is still applied for ModelSerializer subclasses with an custom `.restore_object()` method. -- cgit v1.2.3 From 4dcc34ecae8d15e31158abfe3d3aab223851fd61 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 7 Feb 2013 13:16:17 +0000 Subject: More 2.2 release notes --- docs/topics/2.2-release-notes.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/2.2-release-notes.md b/docs/topics/2.2-release-notes.md index be9c8ab0..4ed9f970 100644 --- a/docs/topics/2.2-release-notes.md +++ b/docs/topics/2.2-release-notes.md @@ -30,6 +30,10 @@ As of the 2.2 merge, we've also hit an impressive milestone. The number of comm Our [mailing list][mailing-list] and #restframework IRC channel are also very active, and we've got a really impressive rate of development both on REST framework itself, and on third party packages such as the great [django-rest-framework-docs][django-rest-framework-docs] package from [Marc Gibbons][marcgibbons]. +## Issue management + +All the design work that went into version 2 of Django REST framework has made keeping on top of issues much easier. We've been super-focused on keeping the [issues list][issues] strictly under control, and we've hit another important milestone. At the point of releasing 2.2 there are currently **no open 'bug' tickets**, and the plan is to keep it that way for as much of the time as possible. + ## API changes The 2.2 release makes a few changes to the serializer fields API, in order to make it more consistent, simple, and easier to use. -- cgit v1.2.3 From 47d6640ea5d3fe64507249c6a170f6e7f4ab9688 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 7 Feb 2013 21:07:33 +0000 Subject: Remove email --- docs/topics/credits.md | 1 - 1 file changed, 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index ebca4491..b84f1357 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -125,7 +125,6 @@ For usage questions please see the [REST framework discussion group][group]. You can also contact [@_tomchristie][twitter] directly on twitter. -[email]: mailto:tom@tomchristie.com [twitter]: http://twitter.com/_tomchristie [bootstrap]: http://twitter.github.com/bootstrap/ [markdown]: http://daringfireball.net/projects/markdown/ -- cgit v1.2.3 From 84a1896b7de5c2e3fc5f564027e5fccd7b2447f9 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sun, 10 Feb 2013 16:44:45 +0000 Subject: Change URL of 2.2 announcement --- docs/topics/2.2-announcement.md | 113 +++++++++++++++++++++++++++++++++++++++ docs/topics/2.2-release-notes.md | 113 --------------------------------------- 2 files changed, 113 insertions(+), 113 deletions(-) create mode 100644 docs/topics/2.2-announcement.md delete mode 100644 docs/topics/2.2-release-notes.md (limited to 'docs/topics') diff --git a/docs/topics/2.2-announcement.md b/docs/topics/2.2-announcement.md new file mode 100644 index 00000000..4ed9f970 --- /dev/null +++ b/docs/topics/2.2-announcement.md @@ -0,0 +1,113 @@ +# REST framework 2.2 release notes + +The 2.2 release represents an important point for REST framework, with the addition of Python 3 support, and the introduction of an official deprecation policy. + +## Python 3 support + +Thanks to some fantastic work from [Xavier Ordoquy][xordoquy], Django REST framework 2.2 now supports Python 3. You'll need to be running Django 1.5, and it's worth keeping in mind that Django's Python 3 support is currently [considered experimental][django-python-3]. + +Django 1.6's Python 3 support is expected to be officially labeled as 'production-ready'. + +If you want to start ensuring that your own projects are Python 3 ready, we can highly recommend Django's [Porting to Python 3][porting-python-3] documentation. + +## Deprecation policy + +We've now introduced an official deprecation policy, which is in line with [Django's deprecation policy][django-deprecation-policy]. This policy will make it easy for you to continue to track the latest, greatest version of REST framework. + +The timeline for deprecation works as follows: + +* Version 2.2 introduces some API changes as detailed in the release notes. It remains fully backwards compatible with 2.1, but will raise `PendingDeprecationWarning` warnings if you use bits API that are due to be deprecated. These warnings are silent by default, but can be explicitly enabled when you're ready to start migrating any required changes. For example if you start running your tests using `python -Wd manage.py test`, you'll be warned of any API changes you need to make. + +* Version 2.3 will escalate these warnings to `DeprecationWarning`, which is loud by default. + +* Version 2.4 will remove the deprecated bits of API entirely. + +Note that in line with Django's policy, any parts of the framework not mentioned in the documentation should generally be considered private API, and may be subject to change. + +## Community + +As of the 2.2 merge, we've also hit an impressive milestone. The number of committers listed in [the credits][credits], is now at over **one hundred individuals**. Each name on that list represents at least one merged pull request, however large or small. + +Our [mailing list][mailing-list] and #restframework IRC channel are also very active, and we've got a really impressive rate of development both on REST framework itself, and on third party packages such as the great [django-rest-framework-docs][django-rest-framework-docs] package from [Marc Gibbons][marcgibbons]. + +## Issue management + +All the design work that went into version 2 of Django REST framework has made keeping on top of issues much easier. We've been super-focused on keeping the [issues list][issues] strictly under control, and we've hit another important milestone. At the point of releasing 2.2 there are currently **no open 'bug' tickets**, and the plan is to keep it that way for as much of the time as possible. + +## API changes + +The 2.2 release makes a few changes to the serializer fields API, in order to make it more consistent, simple, and easier to use. + +### Cleaner to-many related fields + +The `ManyRelatedField()` style is being deprecated in favor of a new `RelatedField(many=True)` syntax. + +For example, if a user is associated with multiple questions, which we want to represent using a primary key relationship, we might use something like the following: + + class UserSerializer(serializers.HyperlinkedModelSerializer): + questions = serializers.PrimaryKeyRelatedField(many=True) + + class Meta: + fields = ('username', 'questions') + +The new syntax is cleaner and more obvious, and the change will also make the documentation cleaner, simplify the internal API, and make writing custom relational fields easier. + +The change also applies to serializers. If you have a nested serializer, you should start using `many=True` for to-many relationships. For example, a serializer representation of an Album that can contain many Tracks might look something like this: + + class TrackSerializer(serializer.ModelSerializer): + class Meta: + model = Track + fields = ('name', 'duration') + + class AlbumSerializer(serializer.ModelSerializer): + tracks = TrackSerializer(many=True) + + class Meta: + model = Album + fields = ('album_name', 'artist', 'tracks') + +Additionally, the change also applies when serializing or deserializing data. For example to serialize a queryset of models you should now use the `many=True` flag. + + serializer = SnippetSerializer(Snippet.objects.all(), many=True) + serializer.data + +This more explicit behavior on serializing and deserializing data [makes integration with non-ORM backends such as MongoDB easier][564], as instances to be serialized can include the `__iter__` method, without incorrectly triggering list-based serialization, or requiring workarounds. + +The implicit to-many behavior on serializers, and the `ManyRelatedField` style classes will continue to function, but will raise a `PendingDeprecationWarning`, which can be made visible using the `-Wd` flag. + +**Note**: If you need to forcibly turn off the implict "`many=True` for `__iter__` objects" behavior, you can now do so by specifying `many=False`. This will become the default (instead of the current default of `None`) once the deprecation of the implicit behavior is finalised in version 2.4. + +### Cleaner optional relationships + +Serializer relationships for nullable Foreign Keys will change from using the current `null=True` flag, to instead using `required=False`. + +For example, is a user account has an optional foreign key to a company, that you want to express using a hyperlink, you might use the following field in a `Serializer` class: + + current_company = serializers.HyperlinkedRelatedField(required=False) + +This is in line both with the rest of the serializer fields API, and with Django's `Form` and `ModelForm` API. + +Using `required` throughout the serializers API means you won't need to consider if a particular field should take `blank` or `null` arguments instead of `required`, and also means there will be more consistent behavior for how fields are treated when they are not present in the incoming data. + +The `null=True` argument will continue to function, and will imply `required=False`, but will raise a `PendingDeprecationWarning`. + +### Cleaner CharField syntax + +The `CharField` API previously took an optional `blank=True` argument, which was intended to differentiate between null CharField input, and blank CharField input. + +In keeping with Django's CharField API, REST framework's `CharField` will only ever return the empty string, for missing or `None` inputs. The `blank` flag will no longer be in use, and you should instead just use the `required=` flag. For example: + + extra_details = CharField(required=False) + +The `blank` keyword argument will continue to function, but will raise a `PendingDeprecationWarning`. + +[xordoquy]: https://github.com/xordoquy +[django-python-3]: https://docs.djangoproject.com/en/dev/faq/install/#can-i-use-django-with-python-3 +[porting-python-3]: https://docs.djangoproject.com/en/dev/topics/python3/ +[django-deprecation-policy]: https://docs.djangoproject.com/en/dev/internals/release-process/#internal-release-deprecation-policy +[credits]: http://django-rest-framework.org/topics/credits.html +[mailing-list]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework +[django-rest-framework-docs]: https://github.com/marcgibbons/django-rest-framework-docs +[marcgibbons]: https://github.com/marcgibbons/ +[issues]: https://github.com/tomchristie/django-rest-framework/issues +[564]: https://github.com/tomchristie/django-rest-framework/issues/564 diff --git a/docs/topics/2.2-release-notes.md b/docs/topics/2.2-release-notes.md deleted file mode 100644 index 4ed9f970..00000000 --- a/docs/topics/2.2-release-notes.md +++ /dev/null @@ -1,113 +0,0 @@ -# REST framework 2.2 release notes - -The 2.2 release represents an important point for REST framework, with the addition of Python 3 support, and the introduction of an official deprecation policy. - -## Python 3 support - -Thanks to some fantastic work from [Xavier Ordoquy][xordoquy], Django REST framework 2.2 now supports Python 3. You'll need to be running Django 1.5, and it's worth keeping in mind that Django's Python 3 support is currently [considered experimental][django-python-3]. - -Django 1.6's Python 3 support is expected to be officially labeled as 'production-ready'. - -If you want to start ensuring that your own projects are Python 3 ready, we can highly recommend Django's [Porting to Python 3][porting-python-3] documentation. - -## Deprecation policy - -We've now introduced an official deprecation policy, which is in line with [Django's deprecation policy][django-deprecation-policy]. This policy will make it easy for you to continue to track the latest, greatest version of REST framework. - -The timeline for deprecation works as follows: - -* Version 2.2 introduces some API changes as detailed in the release notes. It remains fully backwards compatible with 2.1, but will raise `PendingDeprecationWarning` warnings if you use bits API that are due to be deprecated. These warnings are silent by default, but can be explicitly enabled when you're ready to start migrating any required changes. For example if you start running your tests using `python -Wd manage.py test`, you'll be warned of any API changes you need to make. - -* Version 2.3 will escalate these warnings to `DeprecationWarning`, which is loud by default. - -* Version 2.4 will remove the deprecated bits of API entirely. - -Note that in line with Django's policy, any parts of the framework not mentioned in the documentation should generally be considered private API, and may be subject to change. - -## Community - -As of the 2.2 merge, we've also hit an impressive milestone. The number of committers listed in [the credits][credits], is now at over **one hundred individuals**. Each name on that list represents at least one merged pull request, however large or small. - -Our [mailing list][mailing-list] and #restframework IRC channel are also very active, and we've got a really impressive rate of development both on REST framework itself, and on third party packages such as the great [django-rest-framework-docs][django-rest-framework-docs] package from [Marc Gibbons][marcgibbons]. - -## Issue management - -All the design work that went into version 2 of Django REST framework has made keeping on top of issues much easier. We've been super-focused on keeping the [issues list][issues] strictly under control, and we've hit another important milestone. At the point of releasing 2.2 there are currently **no open 'bug' tickets**, and the plan is to keep it that way for as much of the time as possible. - -## API changes - -The 2.2 release makes a few changes to the serializer fields API, in order to make it more consistent, simple, and easier to use. - -### Cleaner to-many related fields - -The `ManyRelatedField()` style is being deprecated in favor of a new `RelatedField(many=True)` syntax. - -For example, if a user is associated with multiple questions, which we want to represent using a primary key relationship, we might use something like the following: - - class UserSerializer(serializers.HyperlinkedModelSerializer): - questions = serializers.PrimaryKeyRelatedField(many=True) - - class Meta: - fields = ('username', 'questions') - -The new syntax is cleaner and more obvious, and the change will also make the documentation cleaner, simplify the internal API, and make writing custom relational fields easier. - -The change also applies to serializers. If you have a nested serializer, you should start using `many=True` for to-many relationships. For example, a serializer representation of an Album that can contain many Tracks might look something like this: - - class TrackSerializer(serializer.ModelSerializer): - class Meta: - model = Track - fields = ('name', 'duration') - - class AlbumSerializer(serializer.ModelSerializer): - tracks = TrackSerializer(many=True) - - class Meta: - model = Album - fields = ('album_name', 'artist', 'tracks') - -Additionally, the change also applies when serializing or deserializing data. For example to serialize a queryset of models you should now use the `many=True` flag. - - serializer = SnippetSerializer(Snippet.objects.all(), many=True) - serializer.data - -This more explicit behavior on serializing and deserializing data [makes integration with non-ORM backends such as MongoDB easier][564], as instances to be serialized can include the `__iter__` method, without incorrectly triggering list-based serialization, or requiring workarounds. - -The implicit to-many behavior on serializers, and the `ManyRelatedField` style classes will continue to function, but will raise a `PendingDeprecationWarning`, which can be made visible using the `-Wd` flag. - -**Note**: If you need to forcibly turn off the implict "`many=True` for `__iter__` objects" behavior, you can now do so by specifying `many=False`. This will become the default (instead of the current default of `None`) once the deprecation of the implicit behavior is finalised in version 2.4. - -### Cleaner optional relationships - -Serializer relationships for nullable Foreign Keys will change from using the current `null=True` flag, to instead using `required=False`. - -For example, is a user account has an optional foreign key to a company, that you want to express using a hyperlink, you might use the following field in a `Serializer` class: - - current_company = serializers.HyperlinkedRelatedField(required=False) - -This is in line both with the rest of the serializer fields API, and with Django's `Form` and `ModelForm` API. - -Using `required` throughout the serializers API means you won't need to consider if a particular field should take `blank` or `null` arguments instead of `required`, and also means there will be more consistent behavior for how fields are treated when they are not present in the incoming data. - -The `null=True` argument will continue to function, and will imply `required=False`, but will raise a `PendingDeprecationWarning`. - -### Cleaner CharField syntax - -The `CharField` API previously took an optional `blank=True` argument, which was intended to differentiate between null CharField input, and blank CharField input. - -In keeping with Django's CharField API, REST framework's `CharField` will only ever return the empty string, for missing or `None` inputs. The `blank` flag will no longer be in use, and you should instead just use the `required=` flag. For example: - - extra_details = CharField(required=False) - -The `blank` keyword argument will continue to function, but will raise a `PendingDeprecationWarning`. - -[xordoquy]: https://github.com/xordoquy -[django-python-3]: https://docs.djangoproject.com/en/dev/faq/install/#can-i-use-django-with-python-3 -[porting-python-3]: https://docs.djangoproject.com/en/dev/topics/python3/ -[django-deprecation-policy]: https://docs.djangoproject.com/en/dev/internals/release-process/#internal-release-deprecation-policy -[credits]: http://django-rest-framework.org/topics/credits.html -[mailing-list]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework -[django-rest-framework-docs]: https://github.com/marcgibbons/django-rest-framework-docs -[marcgibbons]: https://github.com/marcgibbons/ -[issues]: https://github.com/tomchristie/django-rest-framework/issues -[564]: https://github.com/tomchristie/django-rest-framework/issues/564 -- cgit v1.2.3 From 36cdefbb4d689e511aa53b46f05ca29106960847 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Feb 2013 08:58:12 +0000 Subject: Notes on object-level permissions. --- docs/topics/2.2-announcement.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/2.2-announcement.md b/docs/topics/2.2-announcement.md index 4ed9f970..262ae61d 100644 --- a/docs/topics/2.2-announcement.md +++ b/docs/topics/2.2-announcement.md @@ -101,6 +101,45 @@ In keeping with Django's CharField API, REST framework's `CharField` will only e The `blank` keyword argument will continue to function, but will raise a `PendingDeprecationWarning`. +### Simpler object-level permissions + +Custom permissions classes previously used the signatute `.has_permission(self, request, view, obj=None)`. This method would be called twice, firstly for the global permissions check, with the `obj` parameter set to `None`, and again for the object-level permissions check when appropriate, with the `obj` parameter set to the relevant model instance. + +The global permissions check and object-level permissions check are now seperated into two seperate methods, which gives a cleaner, more obvious API. + +* Global permission checks now use the `.has_permission(self, request, view)` signature. +* Object-level permission checks use a new method `.has_object_permission(self, request, view, obj)`. + +For example, the following custom permission class: + + class IsOwner(permissions.BasePermission): + """ + Custom permission to only allow owners of an object to view or edit it. + Model instances are expected to include an `owner` attribute. + """ + + def has_permission(self, request, view, obj=None): + if obj is None: + # Ignore global permissions check + return True + + return obj.owner == request.user + +Now becomes: + + class IsOwner(permissions.BasePermission): + """ + Custom permission to only allow owners of an object to view or edit it. + Model instances are expected to include an `owner` attribute. + """ + + def has_object_permission(self, request, view, obj): + return obj.owner == request.user + +If you're overriding the `BasePermission` class, the old-style signature will continue to function, and will correctly handle both global and object-level permissions checks, but it's use will raise a `PendingDeprecationWarning`. + +Note also that the usage of the internal APIs for permission checking on the `View` class has been cleaned up slightly, and is now documented and subject to the deprecation policy in all future versions. + [xordoquy]: https://github.com/xordoquy [django-python-3]: https://docs.djangoproject.com/en/dev/faq/install/#can-i-use-django-with-python-3 [porting-python-3]: https://docs.djangoproject.com/en/dev/topics/python3/ -- cgit v1.2.3 From 112753917d7a9a1effe6e64d9344de3466425733 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Feb 2013 12:14:29 +0000 Subject: Update release notes --- docs/topics/release-notes.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 4317b83c..63f8539a 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -28,8 +28,14 @@ You can determine your currently installed version using `pip freeze`: ### Master +* Python 3 support. * Added a `post_save()` hook to the generic views. * Allow serializers to handle dicts as well as objects. +* Deprecate `ManyRelatedField()` syntax in favor of `RelatedField(many=True)` +* Deprecate `null=True` on relations in favor of `required=False`. +* Deprecate `blank=True` on CharFields, just use `required=False`. +* Deprecate optional `obj` argument in permissions checks in favor of `has_object_permission`. +* Bugfix: Allow serializer output to be cached. * Bugfix: Fix styling on browsable API login. * Bugfix: Fix issue with deserializing empty to-many relations. * Bugfix: Ensure model field validation is still applied for ModelSerializer subclasses with an custom `.restore_object()` method. -- cgit v1.2.3 From edaf031935ae04db48d078452d46c71b6b5d7ebe Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Feb 2013 20:14:47 +0000 Subject: Notes on explicit hyperlink relations behavior --- docs/topics/2.2-announcement.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/2.2-announcement.md b/docs/topics/2.2-announcement.md index 262ae61d..65c05267 100644 --- a/docs/topics/2.2-announcement.md +++ b/docs/topics/2.2-announcement.md @@ -140,6 +140,12 @@ If you're overriding the `BasePermission` class, the old-style signature will co Note also that the usage of the internal APIs for permission checking on the `View` class has been cleaned up slightly, and is now documented and subject to the deprecation policy in all future versions. +## More explicit hyperlink relations behavior + +When using a serializer with a `HyperlinkedRelatedField` or `HyperlinkedIdentityField`, the hyperlinks would previously use absolute URLs if the serializer context included a `'request'` key, and fallback to using relative URLs otherwise. This could lead to non-obvious behavior, as it might not be clear why some serializers generated absolute URLs, and others do not. + +From version 2.2 onwards, serializers with hyperlinked relationships *always* require a `'request'` key to be supplied in the context dictionary. The implicit behavior will continue to function, but it's use will raise a `PendingDeprecationWarning`. + [xordoquy]: https://github.com/xordoquy [django-python-3]: https://docs.djangoproject.com/en/dev/faq/install/#can-i-use-django-with-python-3 [porting-python-3]: https://docs.djangoproject.com/en/dev/topics/python3/ -- cgit v1.2.3 From a08fa7c71ed026cad0ec9832b34f95fe38725e53 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Feb 2013 22:05:17 +0000 Subject: Add deprecation policy to release notes. --- docs/topics/release-notes.md | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 63f8539a..8756430f 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -8,9 +8,23 @@ Minor version numbers (0.0.x) are used for changes that are API compatible. You should be able to upgrade between minor point releases without any other code changes. -Medium version numbers (0.x.0) may include minor API changes. You should read the release notes carefully before upgrading between medium point releases. +Medium version numbers (0.x.0) may include API changes, in line with the [deprecation policy][deprecation-policy]. You should read the release notes carefully before upgrading between medium point releases. -Major version numbers (x.0.0) are reserved for project milestones. No major point releases are currently planned. +Major version numbers (x.0.0) are reserved for substantial project milestones. No major point releases are currently planned. + +## Deprecation policy + +REST framework releases follow a formal deprecation policy, which is in line with [Django's deprecation policy][django-deprecation-policy]. + +The timeline for deprecation of a feature present in version 1.0 would work as follows: + +* Version 1.1 would remain **fully backwards compatible** with 1.0, but would raise `PendingDeprecationWarning` warnings if you use the feature that are due to be deprecated. These warnings are **silent by default**, but can be explicitly enabled when you're ready to start migrating any required changes. For example if you start running your tests using `python -Wd manage.py test`, you'll be warned of any API changes you need to make. + +* Version 1.2 would escalate these warnings to `DeprecationWarning`, which is loud by default. + +* Version 1.3 would remove the deprecated bits of API entirely. + +Note that in line with Django's policy, any parts of the framework not mentioned in the documentation should generally be considered private API, and may be subject to change. ## Upgrading @@ -24,9 +38,11 @@ You can determine your currently installed version using `pip freeze`: --- -## 2.1.x series +## 2.2.x series + +### 2.2.0 -### Master +**Date**: 13th Feb 2013 * Python 3 support. * Added a `post_save()` hook to the generic views. @@ -35,11 +51,18 @@ You can determine your currently installed version using `pip freeze`: * Deprecate `null=True` on relations in favor of `required=False`. * Deprecate `blank=True` on CharFields, just use `required=False`. * Deprecate optional `obj` argument in permissions checks in favor of `has_object_permission`. +* Deprecate implicit hyperlinked relations behavior. * Bugfix: Allow serializer output to be cached. * Bugfix: Fix styling on browsable API login. * Bugfix: Fix issue with deserializing empty to-many relations. * Bugfix: Ensure model field validation is still applied for ModelSerializer subclasses with an custom `.restore_object()` method. +**Note**: See the [2.2 announcement][2.2-announcement] for full details. + +--- + +## 2.1.x series + ### 2.1.17 **Date**: 26th Jan 2013 @@ -356,6 +379,9 @@ This change will not affect user code, so long as it's following the recommended * Initial release. [cite]: http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ar01s04.html +[deprecation-policy]: #deprecation-policy +[django-deprecation-policy]: https://docs.djangoproject.com/en/dev/internals/release-process/#internal-release-deprecation-policy +[2.2-announcement]: 2.2-announcement.md [staticfiles14]: https://docs.djangoproject.com/en/1.4/howto/static-files/#with-a-template-tag [staticfiles13]: https://docs.djangoproject.com/en/1.3/howto/static-files/#with-a-template-tag [2.1.0-notes]: https://groups.google.com/d/topic/django-rest-framework/Vv2M0CMY9bg/discussion -- cgit v1.2.3 From 891b197f0b5eb19fc86f3c1ced5c9b49749afeb6 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Feb 2013 22:06:13 +0000 Subject: Drop issue management section --- docs/topics/2.2-announcement.md | 4 ---- 1 file changed, 4 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/2.2-announcement.md b/docs/topics/2.2-announcement.md index 65c05267..9523eebf 100644 --- a/docs/topics/2.2-announcement.md +++ b/docs/topics/2.2-announcement.md @@ -30,10 +30,6 @@ As of the 2.2 merge, we've also hit an impressive milestone. The number of comm Our [mailing list][mailing-list] and #restframework IRC channel are also very active, and we've got a really impressive rate of development both on REST framework itself, and on third party packages such as the great [django-rest-framework-docs][django-rest-framework-docs] package from [Marc Gibbons][marcgibbons]. -## Issue management - -All the design work that went into version 2 of Django REST framework has made keeping on top of issues much easier. We've been super-focused on keeping the [issues list][issues] strictly under control, and we've hit another important milestone. At the point of releasing 2.2 there are currently **no open 'bug' tickets**, and the plan is to keep it that way for as much of the time as possible. - ## API changes The 2.2 release makes a few changes to the serializer fields API, in order to make it more consistent, simple, and easier to use. -- cgit v1.2.3 From 3f529dc25d66fba0c6f94944ebc92f338c86434d Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Feb 2013 22:06:20 +0000 Subject: Typo --- docs/topics/2.2-announcement.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/2.2-announcement.md b/docs/topics/2.2-announcement.md index 9523eebf..8a7ae326 100644 --- a/docs/topics/2.2-announcement.md +++ b/docs/topics/2.2-announcement.md @@ -16,7 +16,7 @@ We've now introduced an official deprecation policy, which is in line with [Djan The timeline for deprecation works as follows: -* Version 2.2 introduces some API changes as detailed in the release notes. It remains fully backwards compatible with 2.1, but will raise `PendingDeprecationWarning` warnings if you use bits API that are due to be deprecated. These warnings are silent by default, but can be explicitly enabled when you're ready to start migrating any required changes. For example if you start running your tests using `python -Wd manage.py test`, you'll be warned of any API changes you need to make. +* Version 2.2 introduces some API changes as detailed in the release notes. It remains fully backwards compatible with 2.1, but will raise `PendingDeprecationWarning` warnings if you use bits of API that are due to be deprecated. These warnings are silent by default, but can be explicitly enabled when you're ready to start migrating any required changes. For example if you start running your tests using `python -Wd manage.py test`, you'll be warned of any API changes you need to make. * Version 2.3 will escalate these warnings to `DeprecationWarning`, which is loud by default. -- cgit v1.2.3 From 195adf6ed44e34acce08e306c6ced0340c28798d Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Feb 2013 23:17:19 +0000 Subject: Update release notes. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 8756430f..06e45674 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -52,6 +52,7 @@ You can determine your currently installed version using `pip freeze`: * Deprecate `blank=True` on CharFields, just use `required=False`. * Deprecate optional `obj` argument in permissions checks in favor of `has_object_permission`. * Deprecate implicit hyperlinked relations behavior. +* Bugfix: Fix broken DjangoModelPermissions. * Bugfix: Allow serializer output to be cached. * Bugfix: Fix styling on browsable API login. * Bugfix: Fix issue with deserializing empty to-many relations. -- cgit v1.2.3 From 77db00f449d88ca701b82e9f1d9924b3cc026638 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 13 Feb 2013 09:05:16 +0000 Subject: Tweak title --- docs/topics/2.2-announcement.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/2.2-announcement.md b/docs/topics/2.2-announcement.md index 8a7ae326..e24fc615 100644 --- a/docs/topics/2.2-announcement.md +++ b/docs/topics/2.2-announcement.md @@ -1,4 +1,4 @@ -# REST framework 2.2 release notes +# REST framework 2.2 announcement The 2.2 release represents an important point for REST framework, with the addition of Python 3 support, and the introduction of an official deprecation policy. -- cgit v1.2.3 From 569dc67a1220f0b577e7873bf7ee3ac54cf60143 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 13 Feb 2013 14:40:02 +0000 Subject: Username tweak. --- docs/topics/credits.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index b84f1357..e4abd286 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -19,7 +19,7 @@ The following people have helped make REST framework great. * Craig Blaszczyk - [jakul] * Garcia Solero - [garciasolero] * Tom Drummond - [devioustree] -* Danilo Bargen - [gwrtheyrn] +* Danilo Bargen - [dbrgn] * Andrew McCloud - [amccloud] * Thomas Steinacher - [thomasst] * Meurig Freeman - [meurig] @@ -155,7 +155,7 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [jakul]: https://github.com/jakul [garciasolero]: https://github.com/garciasolero [devioustree]: https://github.com/devioustree -[gwrtheyrn]: https://github.com/gwrtheyrn +[dbrgn]: https://github.com/dbrgn [amccloud]: https://github.com/amccloud [thomasst]: https://github.com/thomasst [meurig]: https://github.com/meurig -- cgit v1.2.3 From 2eab7b9f59a9e4e7deedd823bdaf135e0a9b01a1 Mon Sep 17 00:00:00 2001 From: Stephan Groß Date: Thu, 14 Feb 2013 09:04:09 +0100 Subject: thanks @floppya for docs fix --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index e4abd286..1320d4d4 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -102,6 +102,7 @@ The following people have helped make REST framework great. * Andrea de Marco - [z4r] * Fernando Rocha - [fernandogrd] * Xavier Ordoquy - [xordoquy] +* Adam Wentz - [floppya] Many thanks to everyone who's contributed to the project. @@ -238,3 +239,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [z4r]: https://github.com/z4r [fernandogrd]: https://github.com/fernandogrd [xordoquy]: https://github.com/xordoquy +[floppya]: https://github.com/floppya -- cgit v1.2.3 From 0d3e23f0d379f4df7ac7cd8f42cae2d303558852 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 14 Feb 2013 13:02:38 +0000 Subject: Update release notes. --- docs/topics/release-notes.md | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 06e45674..406923f4 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,6 +40,11 @@ You can determine your currently installed version using `pip freeze`: ## 2.2.x series +### Master + +* Bugfix: request.DATA should return an empty `QueryDict` with no data, not `None`. +* Bugfix: Remove unneeded field validation, which caused extra querys. + ### 2.2.0 **Date**: 13th Feb 2013 -- cgit v1.2.3 From de029561d0cbb090c0d704811551b2d611472288 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 14 Feb 2013 13:09:42 +0000 Subject: Docs tweaks. --- docs/topics/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 406923f4..3f3f8786 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -43,7 +43,7 @@ You can determine your currently installed version using `pip freeze`: ### Master * Bugfix: request.DATA should return an empty `QueryDict` with no data, not `None`. -* Bugfix: Remove unneeded field validation, which caused extra querys. +* Bugfix: Remove unneeded field validation, which caused extra queries. ### 2.2.0 -- cgit v1.2.3 From 725741198b9e185499662836b569cd729e1e9eb6 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 15 Feb 2013 09:05:55 +0000 Subject: Python 2.6.5+ required --- docs/topics/2.2-announcement.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/2.2-announcement.md b/docs/topics/2.2-announcement.md index e24fc615..0ef9fce8 100644 --- a/docs/topics/2.2-announcement.md +++ b/docs/topics/2.2-announcement.md @@ -30,9 +30,11 @@ As of the 2.2 merge, we've also hit an impressive milestone. The number of comm Our [mailing list][mailing-list] and #restframework IRC channel are also very active, and we've got a really impressive rate of development both on REST framework itself, and on third party packages such as the great [django-rest-framework-docs][django-rest-framework-docs] package from [Marc Gibbons][marcgibbons]. +--- + ## API changes -The 2.2 release makes a few changes to the serializer fields API, in order to make it more consistent, simple, and easier to use. +The 2.2 release makes a few changes to the API, in order to make it more consistent, simple, and easier to use. ### Cleaner to-many related fields @@ -136,7 +138,7 @@ If you're overriding the `BasePermission` class, the old-style signature will co Note also that the usage of the internal APIs for permission checking on the `View` class has been cleaned up slightly, and is now documented and subject to the deprecation policy in all future versions. -## More explicit hyperlink relations behavior +### More explicit hyperlink relations behavior When using a serializer with a `HyperlinkedRelatedField` or `HyperlinkedIdentityField`, the hyperlinks would previously use absolute URLs if the serializer context included a `'request'` key, and fallback to using relative URLs otherwise. This could lead to non-obvious behavior, as it might not be clear why some serializers generated absolute URLs, and others do not. -- cgit v1.2.3 From e919cb1b57a27f581c07080e341a86421df78a88 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 15 Feb 2013 09:09:34 +0000 Subject: Note python compatibility. --- docs/topics/2.2-announcement.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/2.2-announcement.md b/docs/topics/2.2-announcement.md index 0ef9fce8..d7164ce4 100644 --- a/docs/topics/2.2-announcement.md +++ b/docs/topics/2.2-announcement.md @@ -10,6 +10,8 @@ Django 1.6's Python 3 support is expected to be officially labeled as 'productio If you want to start ensuring that your own projects are Python 3 ready, we can highly recommend Django's [Porting to Python 3][porting-python-3] documentation. +Django REST framework's Python 2.6 support now requires 2.6.5 or above, in line with [Django 1.5's Python compatibility][python-compat]. + ## Deprecation policy We've now introduced an official deprecation policy, which is in line with [Django's deprecation policy][django-deprecation-policy]. This policy will make it easy for you to continue to track the latest, greatest version of REST framework. @@ -147,6 +149,7 @@ From version 2.2 onwards, serializers with hyperlinked relationships *always* re [xordoquy]: https://github.com/xordoquy [django-python-3]: https://docs.djangoproject.com/en/dev/faq/install/#can-i-use-django-with-python-3 [porting-python-3]: https://docs.djangoproject.com/en/dev/topics/python3/ +[python-compat]: https://docs.djangoproject.com/en/dev/releases/1.5/#python-compatibility [django-deprecation-policy]: https://docs.djangoproject.com/en/dev/internals/release-process/#internal-release-deprecation-policy [credits]: http://django-rest-framework.org/topics/credits.html [mailing-list]: https://groups.google.com/forum/?fromgroups#!forum/django-rest-framework -- cgit v1.2.3 From d05b950945ffe012de63f750ba5b98b14cfc4b9a Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 15 Feb 2013 09:16:49 +0000 Subject: Update release notes. --- docs/topics/release-notes.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 3f3f8786..d5444f72 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -42,6 +42,8 @@ You can determine your currently installed version using `pip freeze`: ### Master +* Added TimeField. +* Serializer fields can be mapped to any method that takes no args, or only takes kwargs which have defaults. * Bugfix: request.DATA should return an empty `QueryDict` with no data, not `None`. * Bugfix: Remove unneeded field validation, which caused extra queries. -- cgit v1.2.3 From 50a9070e469dfc3c1018e9eee8ac9fe8c1a5f552 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 15 Feb 2013 09:19:10 +0000 Subject: Added @pelme, for TimeField addition. Refs #660. --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 1320d4d4..bb41ef5f 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -103,6 +103,7 @@ The following people have helped make REST framework great. * Fernando Rocha - [fernandogrd] * Xavier Ordoquy - [xordoquy] * Adam Wentz - [floppya] +* Andreas Pelme - [pelme] Many thanks to everyone who's contributed to the project. @@ -240,3 +241,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [fernandogrd]: https://github.com/fernandogrd [xordoquy]: https://github.com/xordoquy [floppya]: https://github.com/floppya +[pelme]: https://github.com/pelme -- cgit v1.2.3 From fc5f982ccc761efd5a6ee320dad7b97ebf9cfad8 Mon Sep 17 00:00:00 2001 From: Paul Miller Date: Wed, 20 Feb 2013 11:12:54 +0200 Subject: Don’t use my old nickname in credits. --- docs/topics/credits.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index bb41ef5f..990f3cb6 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -4,7 +4,7 @@ The following people have helped make REST framework great. * Tom Christie - [tomchristie] * Marko Tibold - [markotibold] -* Paul Bagwell - [pbgwl] +* Paul Miller - [paulmillr] * Sébastien Piquemal - [sebpiq] * Carmen Wick - [cwick] * Alex Ehlke - [aehlke] -- cgit v1.2.3 From 47a4f0863d08e4b839ea3bbd7308ecc0f995b7d9 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 20 Feb 2013 09:18:54 +0000 Subject: Update link to @paulmillr. Refs #668. --- docs/topics/credits.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 990f3cb6..e546548e 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -142,7 +142,7 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [tomchristie]: https://github.com/tomchristie [markotibold]: https://github.com/markotibold -[pbgwl]: https://github.com/pbgwl +[paulmillr]: https://github.com/paulmillr [sebpiq]: https://github.com/sebpiq [cwick]: https://github.com/cwick [aehlke]: https://github.com/aehlke -- cgit v1.2.3 From d44eb2094211820fbdd014fd2884fd5ed04688ab Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 22 Feb 2013 20:47:41 +0000 Subject: Version 2.2.1 --- docs/topics/release-notes.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index d5444f72..9d29dd27 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,13 +40,22 @@ You can determine your currently installed version using `pip freeze`: ## 2.2.x series -### Master +### 2.2.1 +**Date**: 22nd Feb 2013 + +* Security fix: Use `defusedxml` package to address XML parsing vulnerabilities. +* Raw data tab added to browseable API. (Eg. Allow for JSON input.) * Added TimeField. -* Serializer fields can be mapped to any method that takes no args, or only takes kwargs which have defaults. +* Serializer fields can be mapped to any method that takes no args, or only takes kwargs which have defaults. +* Unicode support for view names/descriptions in browseable API. * Bugfix: request.DATA should return an empty `QueryDict` with no data, not `None`. * Bugfix: Remove unneeded field validation, which caused extra queries. +**Security note**: Following the [disclosure of security vulnerabilities][defusedxml-announce] in Python's XML parsing libraries, use of the `XMLParser` class now requires the `defusedxml` package to be installed. + +The security vulnerabilities only affect APIs which use the `XMLParser` class, by enabling it in any views, or by having it set in the `DEFAULT_PARSER_CLASSES` setting. Note that the `XMLParser` class is not enabled by default, so this change should affect a minority of users. + ### 2.2.0 **Date**: 13th Feb 2013 @@ -389,6 +398,7 @@ This change will not affect user code, so long as it's following the recommended [cite]: http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/ar01s04.html [deprecation-policy]: #deprecation-policy [django-deprecation-policy]: https://docs.djangoproject.com/en/dev/internals/release-process/#internal-release-deprecation-policy +[defusedxml-announce]: http://blog.python.org/2013/02/announcing-defusedxml-fixes-for-xml.html [2.2-announcement]: 2.2-announcement.md [staticfiles14]: https://docs.djangoproject.com/en/1.4/howto/static-files/#with-a-template-tag [staticfiles13]: https://docs.djangoproject.com/en/1.3/howto/static-files/#with-a-template-tag -- cgit v1.2.3 From d62e4a7aa518b4f0658f8e88fad3f37c95e17082 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 22 Feb 2013 22:22:37 +0000 Subject: Update release notes --- docs/topics/release-notes.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 9d29dd27..22cd3cf0 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,6 +40,10 @@ You can determine your currently installed version using `pip freeze`: ## 2.2.x series +### Master + +* Bugfixes for model field validation edge-cases. + ### 2.2.1 **Date**: 22nd Feb 2013 -- cgit v1.2.3 From f729506261d241b02b7bacb06cbbe8c0c39980da Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sat, 23 Feb 2013 07:24:36 +0000 Subject: Update release notes --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 22cd3cf0..06dc79a6 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -42,6 +42,7 @@ You can determine your currently installed version using `pip freeze`: ### Master +* Bugfix for serializer data being uncacheable with pickle protocol 0. * Bugfixes for model field validation edge-cases. ### 2.2.1 -- cgit v1.2.3 From b4b9d3b513074810abcbc52e7eaa21616fba26d5 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 25 Feb 2013 13:44:32 +0000 Subject: Added @ryanrdetzel for docs fix #674. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index e546548e..e544c9c8 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -104,6 +104,7 @@ The following people have helped make REST framework great. * Xavier Ordoquy - [xordoquy] * Adam Wentz - [floppya] * Andreas Pelme - [pelme] +* Ryan Detzel - [ryanrdetzel] Many thanks to everyone who's contributed to the project. @@ -242,3 +243,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [xordoquy]: https://github.com/xordoquy [floppya]: https://github.com/floppya [pelme]: https://github.com/pelme +[ryanrdetzel]: https://github.com/ryanrdetzel -- cgit v1.2.3 From 8da83f0df9761550cbcac88850a659aab00a2506 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Mon, 25 Feb 2013 15:15:33 +0000 Subject: Added @thedrow for cleanups in #677. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index e544c9c8..00513504 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -105,6 +105,7 @@ The following people have helped make REST framework great. * Adam Wentz - [floppya] * Andreas Pelme - [pelme] * Ryan Detzel - [ryanrdetzel] +* Omer Katz - [thedrow] Many thanks to everyone who's contributed to the project. @@ -244,3 +245,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [floppya]: https://github.com/floppya [pelme]: https://github.com/pelme [ryanrdetzel]: https://github.com/ryanrdetzel +[thedrow]: https://github.com/thedrow -- cgit v1.2.3 From 80b0234793321f828979d30015151c8d7900fc9f Mon Sep 17 00:00:00 2001 From: Stephan Groß Date: Tue, 26 Feb 2013 14:50:10 +0100 Subject: Add @waa for #687 thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 00513504..d1bb907a 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -106,6 +106,7 @@ The following people have helped make REST framework great. * Andreas Pelme - [pelme] * Ryan Detzel - [ryanrdetzel] * Omer Katz - [thedrow] +* Wiliam Souza - [waa] Many thanks to everyone who's contributed to the project. @@ -246,3 +247,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [pelme]: https://github.com/pelme [ryanrdetzel]: https://github.com/ryanrdetzel [thedrow]: https://github.com/thedrow +[waa]: https://github.com/wiliamsouza -- cgit v1.2.3 From 282af6057f30b5af4665d687200ee1ebf82fcf00 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 28 Feb 2013 18:02:10 +0000 Subject: Release notes --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 06dc79a6..43499c9a 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -42,6 +42,7 @@ You can determine your currently installed version using `pip freeze`: ### Master +* Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior. Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view. * Bugfix for serializer data being uncacheable with pickle protocol 0. * Bugfixes for model field validation edge-cases. -- cgit v1.2.3 From 9157db5da0b5601793d1a9f24e9cb10670a82be2 Mon Sep 17 00:00:00 2001 From: Stephan Groß Date: Tue, 26 Feb 2013 11:09:54 +0100 Subject: Add better date / datetime validation (pull 2) addition to #631 with update to master + timefield support --- docs/topics/release-notes.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 43499c9a..f60382ac 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -45,6 +45,9 @@ You can determine your currently installed version using `pip freeze`: * Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior. Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view. * Bugfix for serializer data being uncacheable with pickle protocol 0. * Bugfixes for model field validation edge-cases. +* Support `DATE_INPUT_FORMATS` for `DateField` validation +* Support `DATETIME_INPUT_FORMATS` for `DateTimeField` validation +* Support `TIME_INPUT_FORMATS` for `TimeField` validation ### 2.2.1 -- cgit v1.2.3 From a9d36d4726fc8eea02184b089ee6ed1d02e4c75e Mon Sep 17 00:00:00 2001 From: Stephan Groß Date: Fri, 1 Mar 2013 15:03:27 +0100 Subject: Add docs update - part 1 --- docs/topics/release-notes.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index f60382ac..6b9e4e21 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -45,9 +45,7 @@ You can determine your currently installed version using `pip freeze`: * Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior. Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view. * Bugfix for serializer data being uncacheable with pickle protocol 0. * Bugfixes for model field validation edge-cases. -* Support `DATE_INPUT_FORMATS` for `DateField` validation -* Support `DATETIME_INPUT_FORMATS` for `DateTimeField` validation -* Support `TIME_INPUT_FORMATS` for `TimeField` validation +* Support for custom input and output formats for `DateField`, `DateTimeField` and `TimeField` ### 2.2.1 -- cgit v1.2.3 From 4cdb6b2959f6d13417c48781d53c4e7e685934e7 Mon Sep 17 00:00:00 2001 From: Stephan Groß Date: Mon, 4 Mar 2013 13:53:39 +0100 Subject: Fix authtoken migration --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 43499c9a..f6ef2c18 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -45,6 +45,7 @@ You can determine your currently installed version using `pip freeze`: * Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior. Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view. * Bugfix for serializer data being uncacheable with pickle protocol 0. * Bugfixes for model field validation edge-cases. +* Bugfix for authtoken migration while using a custom user model. ### 2.2.1 -- cgit v1.2.3 From 7db2332c4006cd2c79b0ad002bcd9e15f7075ca6 Mon Sep 17 00:00:00 2001 From: Stephan Groß Date: Mon, 4 Mar 2013 14:11:05 +0100 Subject: Update release docs --- docs/topics/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index f6ef2c18..352b1630 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -45,7 +45,7 @@ You can determine your currently installed version using `pip freeze`: * Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior. Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view. * Bugfix for serializer data being uncacheable with pickle protocol 0. * Bugfixes for model field validation edge-cases. -* Bugfix for authtoken migration while using a custom user model. +* Bugfix for authtoken migration while using a custom user model and south. ### 2.2.1 -- cgit v1.2.3 From 17e0ff0fcde23f4bc6734b75f7fff734ae77c26d Mon Sep 17 00:00:00 2001 From: Stephan Groß Date: Tue, 5 Mar 2013 18:45:09 +0100 Subject: Add @iekadou for #700 support. thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index d1bb907a..190ce490 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -107,6 +107,7 @@ The following people have helped make REST framework great. * Ryan Detzel - [ryanrdetzel] * Omer Katz - [thedrow] * Wiliam Souza - [waa] +* Jonas Braun - [iekadou] Many thanks to everyone who's contributed to the project. @@ -248,3 +249,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [ryanrdetzel]: https://github.com/ryanrdetzel [thedrow]: https://github.com/thedrow [waa]: https://github.com/wiliamsouza +[iekadou]: https://github.com/iekadou -- cgit v1.2.3 From 1106596c80218569a56ff5ea04d759e3d0c541dd Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 6 Mar 2013 12:19:39 +0000 Subject: Clean ups to datetime formatting --- docs/topics/release-notes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 81ed0c84..df66cb35 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -42,7 +42,7 @@ You can determine your currently installed version using `pip freeze`: ### Master -* Support for custom input and output formats for `DateField`, `DateTimeField` and `TimeField` +* Support for custom input and output formats for `DateField`, `DateTimeField` and `TimeField`. * Cleanup: Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior. Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view. * Bugfix for serializer data being uncacheable with pickle protocol 0. * Bugfixes for model field validation edge-cases. -- cgit v1.2.3 From cdf7c778d828eaadfe14a39495f854903b10843a Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 6 Mar 2013 12:29:56 +0000 Subject: Version 2.2.2 --- docs/topics/release-notes.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index df66cb35..42b1d8da 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,7 +40,9 @@ You can determine your currently installed version using `pip freeze`: ## 2.2.x series -### Master +### 2.2.2 + +**Date**: 6th March 2013 * Support for custom input and output formats for `DateField`, `DateTimeField` and `TimeField`. * Cleanup: Request authentication is no longer lazily evaluated, instead authentication is always run, which results in more consistent, obvious behavior. Eg. Supplying bad auth credentials will now always return an error response, even if no permissions are set on the view. -- cgit v1.2.3 From 4e80541824bab0712a816716c5c63ec5623370d8 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Thu, 7 Mar 2013 09:05:13 +0000 Subject: Version 2.2.3 --- docs/topics/release-notes.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 42b1d8da..535da433 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,6 +40,12 @@ You can determine your currently installed version using `pip freeze`: ## 2.2.x series +### 2.2.3 + +**Date**: 7th March 2013 + +* Bugfix: Fix None values for for `DateField`, `DateTimeField` and `TimeField`. + ### 2.2.2 **Date**: 6th March 2013 -- cgit v1.2.3 From 1016c14a8a9eef1031c1a4000a2ae257775339d5 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 8 Mar 2013 20:26:10 +0000 Subject: Added @dulaccc. For the awesome OAuth 2 support in #693. --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 190ce490..0899632f 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -108,6 +108,7 @@ The following people have helped make REST framework great. * Omer Katz - [thedrow] * Wiliam Souza - [waa] * Jonas Braun - [iekadou] +* Pierre Dulac - [dulaccc] Many thanks to everyone who's contributed to the project. @@ -250,3 +251,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [thedrow]: https://github.com/thedrow [waa]: https://github.com/wiliamsouza [iekadou]: https://github.com/iekadou +[dulaccc]: https://github.com/dulaccc -- cgit v1.2.3 From 4d48de631baee39025da04b95f46051d7398bd6c Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 8 Mar 2013 20:41:00 +0000 Subject: Docs on per-object filtering --- docs/topics/release-notes.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 535da433..ab675950 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,6 +40,10 @@ You can determine your currently installed version using `pip freeze`: ## 2.2.x series +### Master + +* Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404) + ### 2.2.3 **Date**: 7th March 2013 -- cgit v1.2.3 From c5b98f0d106758298edf045e7bb44ecd7e4b9629 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 8 Mar 2013 20:56:30 +0000 Subject: authtoken abstract if not installed. Fixes #705. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index ab675950..a4262d98 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -43,6 +43,7 @@ You can determine your currently installed version using `pip freeze`: ### Master * Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404) +* Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed. ### 2.2.3 -- cgit v1.2.3 From 0b6267d8cd45995585f0c02a4f9c96c0691fd32f Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 8 Mar 2013 22:28:59 +0000 Subject: Added @bitmonkey. Thanks! For work on handling errors when deserializing lists of objects. --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index 190ce490..d6f312ed 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -108,6 +108,7 @@ The following people have helped make REST framework great. * Omer Katz - [thedrow] * Wiliam Souza - [waa] * Jonas Braun - [iekadou] +* Ian Dash - [bitmonkey] Many thanks to everyone who's contributed to the project. @@ -250,3 +251,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [thedrow]: https://github.com/thedrow [waa]: https://github.com/wiliamsouza [iekadou]: https://github.com/iekadou +[bitmonkey]: https://github.com/bitmonkey -- cgit v1.2.3 From 6c1fcc855a2d05732113ce260b8660a414e1961e Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 8 Mar 2013 22:46:37 +0000 Subject: Update release notes --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index a4262d98..eb4d378e 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -43,6 +43,7 @@ You can determine your currently installed version using `pip freeze`: ### Master * Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404) +* Deal with error data nicely when deserializing lists of objects. * Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed. ### 2.2.3 -- cgit v1.2.3 From 2c6c5d966e47fafbb9bace554ad14bd3b247aef9 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Fri, 8 Mar 2013 23:49:27 +0000 Subject: Update release notes. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index eb4d378e..13235a82 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -44,6 +44,7 @@ You can determine your currently installed version using `pip freeze`: * Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404) * Deal with error data nicely when deserializing lists of objects. +* Extra override hook to configure `DjangoModelPermissions` for unauthenticated users. * Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed. ### 2.2.3 -- cgit v1.2.3 From 0df008dc83cacc0ac1aef8f915c3d764b6c4e498 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sun, 10 Mar 2013 20:37:15 +0000 Subject: Added @bouke for bug fix #722. Thanks! --- docs/topics/credits.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index d6f312ed..35a302fd 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -109,6 +109,7 @@ The following people have helped make REST framework great. * Wiliam Souza - [waa] * Jonas Braun - [iekadou] * Ian Dash - [bitmonkey] +* Bouke Haarsma - [bouke] Many thanks to everyone who's contributed to the project. @@ -252,3 +253,5 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [waa]: https://github.com/wiliamsouza [iekadou]: https://github.com/iekadou [bitmonkey]: https://github.com/bitmonkey +[bouke]: https://github.com/bouke + -- cgit v1.2.3 From 20880232930dd6f3a1de9dda1546c84b9279a258 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Sun, 10 Mar 2013 20:39:04 +0000 Subject: Update release notes --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 13235a82..ff487826 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -45,6 +45,7 @@ You can determine your currently installed version using `pip freeze`: * Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404) * Deal with error data nicely when deserializing lists of objects. * Extra override hook to configure `DjangoModelPermissions` for unauthenticated users. +* Bugfix: Fix pk relationship bug for some types of 1-to-1 relations. * Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed. ### 2.2.3 -- cgit v1.2.3 From 2bcb8ff12c967e71fb4871a9ac9e72395394d291 Mon Sep 17 00:00:00 2001 From: Dave Kuhn Date: Tue, 12 Mar 2013 13:48:40 +1100 Subject: Documentation for X-HTTP-Method-Override --- docs/topics/browser-enhancements.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/browser-enhancements.md b/docs/topics/browser-enhancements.md index 6a11f0fa..8b191423 100644 --- a/docs/topics/browser-enhancements.md +++ b/docs/topics/browser-enhancements.md @@ -19,6 +19,23 @@ For example, given the following form: `request.method` would return `"DELETE"`. +## HTTP header based method overriding + +REST framework also supports method overriding via the `X-HTTP-Method-Override` +header. This is useful if you are working with non-form content such as +JSON and are working with an older web server and/or hosting provider +(e.g. [Amazon Web Services ELB][aws_elb]) that doesn't recognise particular +HTTP methods such as `PATCH`. + +For example, making a `PATCH` request via `POST` in jQuery: + + $.ajax({ + url: '/myresource/', + method: 'POST', + headers: {'X-HTTP-Method-Override': 'PATCH'}, + ... + }); + ## Browser based submission of non-form content Browser-based submission of content types other than form are supported by @@ -62,3 +79,4 @@ as well as how to support content types other than form-encoded data. [rails]: http://guides.rubyonrails.org/form_helpers.html#how-do-forms-with-put-or-delete-methods-work [html5]: http://www.w3.org/TR/html5-diff/#changes-2010-06-24 [put_delete]: http://amundsen.com/examples/put-delete-forms/ +[aws_elb]: https://forums.aws.amazon.com/thread.jspa?messageID=400724 -- cgit v1.2.3 From a574dc7f85e09b4c0096d7b1c12a8e525ea8e31f Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Mar 2013 20:12:22 +0000 Subject: Update release notes --- docs/topics/release-notes.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index ff487826..ac201e20 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -42,6 +42,8 @@ You can determine your currently installed version using `pip freeze`: ### Master +* OAuth 2 support. +* OAuth 1.0a support. * Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404) * Deal with error data nicely when deserializing lists of objects. * Extra override hook to configure `DjangoModelPermissions` for unauthenticated users. -- cgit v1.2.3 From 377dc2cda2c3a7aa02f5d761631f73c58745ed9d Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Mar 2013 20:49:20 +0000 Subject: Only honor X-HTTP-Method-Override for POST requests. --- docs/topics/browser-enhancements.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'docs/topics') diff --git a/docs/topics/browser-enhancements.md b/docs/topics/browser-enhancements.md index 8b191423..ce07fe95 100644 --- a/docs/topics/browser-enhancements.md +++ b/docs/topics/browser-enhancements.md @@ -21,11 +21,9 @@ For example, given the following form: ## HTTP header based method overriding -REST framework also supports method overriding via the `X-HTTP-Method-Override` -header. This is useful if you are working with non-form content such as -JSON and are working with an older web server and/or hosting provider -(e.g. [Amazon Web Services ELB][aws_elb]) that doesn't recognise particular -HTTP methods such as `PATCH`. +REST framework also supports method overriding via the semi-standard `X-HTTP-Method-Override` header. This can be useful if you are working with non-form content such as JSON and are working with an older web server and/or hosting provider that doesn't recognise particular HTTP methods such as `PATCH`. For example [Amazon Web Services ELB][aws_elb]. + +To use it, make a `POST` request, setting the `X-HTTP-Method-Override` header. For example, making a `PATCH` request via `POST` in jQuery: -- cgit v1.2.3 From 208407d569b4c794f7ea6ec114b662b6faf56845 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Mar 2013 20:49:44 +0000 Subject: Update release notes. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index ac201e20..d0b46c36 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -44,6 +44,7 @@ You can determine your currently installed version using `pip freeze`: * OAuth 2 support. * OAuth 1.0a support. +* Support X-HTTP-Method-Override header. * Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404) * Deal with error data nicely when deserializing lists of objects. * Extra override hook to configure `DjangoModelPermissions` for unauthenticated users. -- cgit v1.2.3 From 1aecd71eb49111009f2c55fe8bd3901b3ea35dd5 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Tue, 12 Mar 2013 20:52:04 +0000 Subject: Added @kuhnza for work on #695. Thanks! --- docs/topics/credits.md | 2 ++ 1 file changed, 2 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/credits.md b/docs/topics/credits.md index b0f0cfa2..b533daa9 100644 --- a/docs/topics/credits.md +++ b/docs/topics/credits.md @@ -111,6 +111,7 @@ The following people have helped make REST framework great. * Ian Dash - [bitmonkey] * Bouke Haarsma - [bouke] * Pierre Dulac - [dulaccc] +* Dave Kuhn - [kuhnza] Many thanks to everyone who's contributed to the project. @@ -256,3 +257,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter. [bitmonkey]: https://github.com/bitmonkey [bouke]: https://github.com/bouke [dulaccc]: https://github.com/dulaccc +[kuhnza]: https://github.com/kuhnza -- cgit v1.2.3 From a798a5350a6aa3100695d41d4d37ec7e2e073bdd Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 13 Mar 2013 11:42:12 +0000 Subject: Fix duplicated database queries for paginated lists. Closes #713. --- docs/topics/release-notes.md | 1 + 1 file changed, 1 insertion(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index d0b46c36..4eaa42ba 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -48,6 +48,7 @@ You can determine your currently installed version using `pip freeze`: * Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404) * Deal with error data nicely when deserializing lists of objects. * Extra override hook to configure `DjangoModelPermissions` for unauthenticated users. +* Bugfix: Fix regression which caused extra database query on paginated list views. * Bugfix: Fix pk relationship bug for some types of 1-to-1 relations. * Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed. -- cgit v1.2.3 From 4b68089d44d3ede878eff58f6e3cdad86f5c832e Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 13 Mar 2013 13:07:46 +0000 Subject: Version 2.2.4 --- docs/topics/release-notes.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 4eaa42ba..5a96c09c 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,7 +40,9 @@ You can determine your currently installed version using `pip freeze`: ## 2.2.x series -### Master +### 2.2.4 + +**Date**: 13th March 2013 * OAuth 2 support. * OAuth 1.0a support. -- cgit v1.2.3 From acc8c1faa4f85dda00723d755e56bb3c980dbc75 Mon Sep 17 00:00:00 2001 From: Tom Christie Date: Wed, 13 Mar 2013 20:40:39 +0000 Subject: force_insert, force_update arguments. Closes #484. Confirmed by `assertNumQueries(…)` in tests. --- docs/topics/release-notes.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/topics') diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md index 5a96c09c..c45fff88 100644 --- a/docs/topics/release-notes.md +++ b/docs/topics/release-notes.md @@ -40,6 +40,10 @@ You can determine your currently installed version using `pip freeze`: ## 2.2.x series +### Master + +* `Serializer.save()` now supports arbitrary keyword args which are passed through to the object `.save()` method. Mixins use `force_insert` and `force_update` where appropriate, resulting in one less database query. + ### 2.2.4 **Date**: 13th March 2013 -- cgit v1.2.3