From 2bcb8ff12c967e71fb4871a9ac9e72395394d291 Mon Sep 17 00:00:00 2001
From: Dave Kuhn
Date: Tue, 12 Mar 2013 13:48:40 +1100
Subject: Documentation for X-HTTP-Method-Override
---
docs/topics/browser-enhancements.md | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
(limited to 'docs')
diff --git a/docs/topics/browser-enhancements.md b/docs/topics/browser-enhancements.md
index 6a11f0fa..8b191423 100644
--- a/docs/topics/browser-enhancements.md
+++ b/docs/topics/browser-enhancements.md
@@ -19,6 +19,23 @@ For example, given the following form:
`request.method` would return `"DELETE"`.
+## HTTP header based method overriding
+
+REST framework also supports method overriding via the `X-HTTP-Method-Override`
+header. This is useful if you are working with non-form content such as
+JSON and are working with an older web server and/or hosting provider
+(e.g. [Amazon Web Services ELB][aws_elb]) that doesn't recognise particular
+HTTP methods such as `PATCH`.
+
+For example, making a `PATCH` request via `POST` in jQuery:
+
+ $.ajax({
+ url: '/myresource/',
+ method: 'POST',
+ headers: {'X-HTTP-Method-Override': 'PATCH'},
+ ...
+ });
+
## Browser based submission of non-form content
Browser-based submission of content types other than form are supported by
@@ -62,3 +79,4 @@ as well as how to support content types other than form-encoded data.
[rails]: http://guides.rubyonrails.org/form_helpers.html#how-do-forms-with-put-or-delete-methods-work
[html5]: http://www.w3.org/TR/html5-diff/#changes-2010-06-24
[put_delete]: http://amundsen.com/examples/put-delete-forms/
+[aws_elb]: https://forums.aws.amazon.com/thread.jspa?messageID=400724
--
cgit v1.2.3
From 377dc2cda2c3a7aa02f5d761631f73c58745ed9d Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Tue, 12 Mar 2013 20:49:20 +0000
Subject: Only honor X-HTTP-Method-Override for POST requests.
---
docs/topics/browser-enhancements.md | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
(limited to 'docs')
diff --git a/docs/topics/browser-enhancements.md b/docs/topics/browser-enhancements.md
index 8b191423..ce07fe95 100644
--- a/docs/topics/browser-enhancements.md
+++ b/docs/topics/browser-enhancements.md
@@ -21,11 +21,9 @@ For example, given the following form:
## HTTP header based method overriding
-REST framework also supports method overriding via the `X-HTTP-Method-Override`
-header. This is useful if you are working with non-form content such as
-JSON and are working with an older web server and/or hosting provider
-(e.g. [Amazon Web Services ELB][aws_elb]) that doesn't recognise particular
-HTTP methods such as `PATCH`.
+REST framework also supports method overriding via the semi-standard `X-HTTP-Method-Override` header. This can be useful if you are working with non-form content such as JSON and are working with an older web server and/or hosting provider that doesn't recognise particular HTTP methods such as `PATCH`. For example [Amazon Web Services ELB][aws_elb].
+
+To use it, make a `POST` request, setting the `X-HTTP-Method-Override` header.
For example, making a `PATCH` request via `POST` in jQuery:
--
cgit v1.2.3
From 208407d569b4c794f7ea6ec114b662b6faf56845 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Tue, 12 Mar 2013 20:49:44 +0000
Subject: Update release notes.
---
docs/topics/release-notes.md | 1 +
1 file changed, 1 insertion(+)
(limited to 'docs')
diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index ac201e20..d0b46c36 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -44,6 +44,7 @@ You can determine your currently installed version using `pip freeze`:
* OAuth 2 support.
* OAuth 1.0a support.
+* Support X-HTTP-Method-Override header.
* Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404)
* Deal with error data nicely when deserializing lists of objects.
* Extra override hook to configure `DjangoModelPermissions` for unauthenticated users.
--
cgit v1.2.3
From 1aecd71eb49111009f2c55fe8bd3901b3ea35dd5 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Tue, 12 Mar 2013 20:52:04 +0000
Subject: Added @kuhnza for work on #695. Thanks!
---
docs/topics/credits.md | 2 ++
1 file changed, 2 insertions(+)
(limited to 'docs')
diff --git a/docs/topics/credits.md b/docs/topics/credits.md
index b0f0cfa2..b533daa9 100644
--- a/docs/topics/credits.md
+++ b/docs/topics/credits.md
@@ -111,6 +111,7 @@ The following people have helped make REST framework great.
* Ian Dash - [bitmonkey]
* Bouke Haarsma - [bouke]
* Pierre Dulac - [dulaccc]
+* Dave Kuhn - [kuhnza]
Many thanks to everyone who's contributed to the project.
@@ -256,3 +257,4 @@ You can also contact [@_tomchristie][twitter] directly on twitter.
[bitmonkey]: https://github.com/bitmonkey
[bouke]: https://github.com/bouke
[dulaccc]: https://github.com/dulaccc
+[kuhnza]: https://github.com/kuhnza
--
cgit v1.2.3
From a798a5350a6aa3100695d41d4d37ec7e2e073bdd Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 13 Mar 2013 11:42:12 +0000
Subject: Fix duplicated database queries for paginated lists.
Closes #713.
---
docs/topics/release-notes.md | 1 +
1 file changed, 1 insertion(+)
(limited to 'docs')
diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index d0b46c36..4eaa42ba 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -48,6 +48,7 @@ You can determine your currently installed version using `pip freeze`:
* Filtering backends are now applied to the querysets for object lookups as well as lists. (Eg you can use a filtering backend to control which objects should 404)
* Deal with error data nicely when deserializing lists of objects.
* Extra override hook to configure `DjangoModelPermissions` for unauthenticated users.
+* Bugfix: Fix regression which caused extra database query on paginated list views.
* Bugfix: Fix pk relationship bug for some types of 1-to-1 relations.
* Bugfix: Workaround for Django bug causing case where `Authtoken` could be registered for cascade delete from `User` even if not installed.
--
cgit v1.2.3
From 4b68089d44d3ede878eff58f6e3cdad86f5c832e Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 13 Mar 2013 13:07:46 +0000
Subject: Version 2.2.4
---
docs/topics/release-notes.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
(limited to 'docs')
diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 4eaa42ba..5a96c09c 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -40,7 +40,9 @@ You can determine your currently installed version using `pip freeze`:
## 2.2.x series
-### Master
+### 2.2.4
+
+**Date**: 13th March 2013
* OAuth 2 support.
* OAuth 1.0a support.
--
cgit v1.2.3
From a53596ce28359e24313a5fb9bd8f3564eb12678e Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 13 Mar 2013 13:13:30 +0000
Subject: Docs for TokenHasReadWriteScope
---
docs/api-guide/permissions.md | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
(limited to 'docs')
diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md
index 719ac1ef..4772c5e0 100644
--- a/docs/api-guide/permissions.md
+++ b/docs/api-guide/permissions.md
@@ -105,6 +105,21 @@ The default behaviour can also be overridden to support custom model permissions
To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property. Refer to the source code for details.
+## TokenHasReadWriteScope
+
+This permission class is intended for use with either of the `OAuthAuthentication` and `OAuth2Authentication` classes, and ties into the scoping that their backends provide.
+
+Requests with a safe methods of `GET`, `OPTIONS` or `HEAD` will be allowed if the authenticated token has read permission.
+
+Requests for `POST`, `PUT`, `PATCH` and `DELETE` will be allowed if the authenticated token has write permission.
+
+This permission class relies on the implementations of the [django-oauth-plus][django-oauth-plus] and [django-oauth2-provider][django-oauth2-provider] libraries, which both provide limited support for controlling the scope of access tokens:
+
+* `django-oauth-plus`: Tokens are associated with a `Resource` class which has a `name`, `url` and `is_readonly` properties.
+* `django-oauth2-provider`: Tokens are associated with a bitwise `scope` attribute, that defaults to providing bitwise values for `read` and/or `write`.
+
+If you require more advanced scoping for your API, such as restricting tokens to accessing a subset of functionality of your API then you will need to provide a custom permission class. See the source of the `django-oauth-plus` or `django-oauth2-provider` package for more details on scoping token access.
+
---
# Custom permissions
@@ -173,5 +188,7 @@ Also note that the generic views will only check the object-level permissions fo
[throttling]: throttling.md
[contribauth]: https://docs.djangoproject.com/en/1.0/topics/auth/#permissions
[guardian]: https://github.com/lukaszb/django-guardian
+[django-oauth-plus]: http://code.larlet.fr/django-oauth-plus
+[django-oauth2-provider]: https://github.com/caffeinehit/django-oauth2-provider
[2.2-announcement]: ../topics/2.2-announcement.md
[filtering]: filtering.md
--
cgit v1.2.3
From acc8c1faa4f85dda00723d755e56bb3c980dbc75 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 13 Mar 2013 20:40:39 +0000
Subject: force_insert, force_update arguments. Closes #484.
Confirmed by `assertNumQueries(…)` in tests.
---
docs/topics/release-notes.md | 4 ++++
1 file changed, 4 insertions(+)
(limited to 'docs')
diff --git a/docs/topics/release-notes.md b/docs/topics/release-notes.md
index 5a96c09c..c45fff88 100644
--- a/docs/topics/release-notes.md
+++ b/docs/topics/release-notes.md
@@ -40,6 +40,10 @@ You can determine your currently installed version using `pip freeze`:
## 2.2.x series
+### Master
+
+* `Serializer.save()` now supports arbitrary keyword args which are passed through to the object `.save()` method. Mixins use `force_insert` and `force_update` where appropriate, resulting in one less database query.
+
### 2.2.4
**Date**: 13th March 2013
--
cgit v1.2.3
From 08bc203f905f838fdcc2f7cc09b91eab4e595bd1 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 13 Mar 2013 20:53:39 +0000
Subject: Docs tweaks.
---
docs/index.md | 6 +++---
docs/template.html | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
(limited to 'docs')
diff --git a/docs/index.md b/docs/index.md
index 8e5097b3..5f9d1553 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -9,9 +9,9 @@
# Django REST framework
-**A toolkit for building well-connected, self-describing Web APIs.**
+**Web APIs for Django, made easy.**
-Django REST framework is a lightweight library that makes it easy to build Web APIs. It is designed as a modular and easy to customize architecture, based on Django's class based views.
+Django REST framework is a flexible, powerful library that makes it incredibly easy to build Web APIs. It is designed as a modular and easy to customize architecture, based on Django's class based views.
Web APIs built using REST framework are fully self-describing and web browseable - a huge useability win for your developers. It also supports a wide range of media types, authentication and permission policies out of the box.
@@ -75,7 +75,7 @@ Note that the URL path can be whatever you want, but you must include `'rest_fra
## Quickstart
-Can't wait to get started? The [quickstart guide][quickstart] is the fastest way to get up and running with REST framework.
+Can't wait to get started? The [quickstart guide][quickstart] is the fastest way to get up and running, and building APIs with REST framework.
## Tutorial
diff --git a/docs/template.html b/docs/template.html
index e0f88daf..08620882 100644
--- a/docs/template.html
+++ b/docs/template.html
@@ -2,7 +2,7 @@
- Django REST framework
+ Django REST framework - APIs made easy.
--
cgit v1.2.3
From da76bd704726830b0b76aabe7aef91b2deb72b02 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Wed, 13 Mar 2013 20:56:16 +0000
Subject: Tweak text.
---
docs/index.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
(limited to 'docs')
diff --git a/docs/index.md b/docs/index.md
index 5f9d1553..5357536d 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -13,7 +13,7 @@
Django REST framework is a flexible, powerful library that makes it incredibly easy to build Web APIs. It is designed as a modular and easy to customize architecture, based on Django's class based views.
-Web APIs built using REST framework are fully self-describing and web browseable - a huge useability win for your developers. It also supports a wide range of media types, authentication and permission policies out of the box.
+APIs built using REST framework are fully self-describing and web browseable - a huge useability win for your developers. It also supports a wide range of media types, authentication and permission policies out of the box.
If you are considering using REST framework for your API, we recommend reading the [REST framework 2 announcement][rest-framework-2-announcement] which gives a good overview of the framework and it's capabilities.
--
cgit v1.2.3
From 22a389d0ba4dd5ac7b4fa3839491ec2708bbe7df Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Fri, 15 Mar 2013 13:41:22 +0000
Subject: Better titles & descriptions
---
docs/template.html | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
(limited to 'docs')
diff --git a/docs/template.html b/docs/template.html
index 08620882..3e0f29aa 100644
--- a/docs/template.html
+++ b/docs/template.html
@@ -2,11 +2,11 @@
- Django REST framework - APIs made easy.
+ {{ title }}
-
-
+
+
--
cgit v1.2.3