Note that you'll want to ensure you place this code snippet in an installed `models.py` module, or some other location that will be imported by Django on startup.
If you've already created some users, you can generate tokens for all existing users like this:
If you've already created some users, you can generate tokens for all existing users like this:
from django.contrib.auth.models import User
from django.contrib.auth.models import User
...
@@ -336,6 +346,10 @@ If the `.authenticate_header()` method is not overridden, the authentication sch
...
@@ -336,6 +346,10 @@ If the `.authenticate_header()` method is not overridden, the authentication sch
The following example will authenticate any incoming request as the user given by the username in a custom request header named 'X_USERNAME'.
The following example will authenticate any incoming request as the user given by the username in a custom request header named 'X_USERNAME'.
from django.contrib.auth.models import User
from rest_framework import authentication
from rest_framework import exceptions
class ExampleAuthentication(authentication.BaseAuthentication):
class ExampleAuthentication(authentication.BaseAuthentication):
@@ -78,6 +78,9 @@ A generic, **read-only** field. You can use this field for any attribute that d
...
@@ -78,6 +78,9 @@ A generic, **read-only** field. You can use this field for any attribute that d
For example, using the following model.
For example, using the following model.
from django.db import models
from django.utils.timezone import now
class Account(models.Model):
class Account(models.Model):
owner = models.ForeignKey('auth.user')
owner = models.ForeignKey('auth.user')
name = models.CharField(max_length=100)
name = models.CharField(max_length=100)
...
@@ -85,13 +88,14 @@ For example, using the following model.
...
@@ -85,13 +88,14 @@ For example, using the following model.
payment_expiry = models.DateTimeField()
payment_expiry = models.DateTimeField()
def has_expired(self):
def has_expired(self):
now = datetime.datetime.now()
return now() > self.payment_expiry
return now > self.payment_expiry
A serializer definition that looked like this:
A serializer definition that looked like this:
from rest_framework import serializers
class AccountSerializer(serializers.HyperlinkedModelSerializer):
class AccountSerializer(serializers.HyperlinkedModelSerializer):
expired = Field(source='has_expired')
expired = serializers.Field(source='has_expired')
class Meta:
class Meta:
fields = ('url', 'owner', 'name', 'expired')
fields = ('url', 'owner', 'name', 'expired')
...
@@ -125,12 +129,11 @@ The `ModelField` class is generally intended for internal use, but can be used b
...
@@ -125,12 +129,11 @@ The `ModelField` class is generally intended for internal use, but can be used b
This is a read-only field. It gets its value by calling a method on the serializer class it is attached to. It can be used to add any sort of data to the serialized representation of your object. The field's constructor accepts a single argument, which is the name of the method on the serializer to be called. The method should accept a single argument (in addition to `self`), which is the object being serialized. It should return whatever you want to be included in the serialized representation of the object. For example:
This is a read-only field. It gets its value by calling a method on the serializer class it is attached to. It can be used to add any sort of data to the serialized representation of your object. The field's constructor accepts a single argument, which is the name of the method on the serializer to be called. The method should accept a single argument (in addition to `self`), which is the object being serialized. It should return whatever you want to be included in the serialized representation of the object. For example:
from rest_framework import serializers
from django.contrib.auth.models import User
from django.contrib.auth.models import User
from django.utils.timezone import now
from django.utils.timezone import now
from rest_framework import serializers
class UserSerializer(serializers.ModelSerializer):
class UserSerializer(serializers.ModelSerializer):
@@ -13,6 +13,7 @@ REST framework includes a `PaginationSerializer` class that makes it easy to ret
...
@@ -13,6 +13,7 @@ REST framework includes a `PaginationSerializer` class that makes it easy to ret
Let's start by taking a look at an example from the Django documentation.
Let's start by taking a look at an example from the Django documentation.
from django.core.paginator import Paginator
from django.core.paginator import Paginator
objects = ['john', 'paul', 'george', 'ringo']
objects = ['john', 'paul', 'george', 'ringo']
paginator = Paginator(objects, 2)
paginator = Paginator(objects, 2)
page = paginator.page(1)
page = paginator.page(1)
...
@@ -22,6 +23,7 @@ Let's start by taking a look at an example from the Django documentation.
...
@@ -22,6 +23,7 @@ Let's start by taking a look at an example from the Django documentation.
At this point we've got a page object. If we wanted to return this page object as a JSON response, we'd need to provide the client with context such as next and previous links, so that it would be able to page through the remaining results.
At this point we've got a page object. If we wanted to return this page object as a JSON response, we'd need to provide the client with context such as next and previous links, so that it would be able to page through the remaining results.
from rest_framework.pagination import PaginationSerializer
from rest_framework.pagination import PaginationSerializer
@@ -114,6 +116,9 @@ You can also override the name used for the object list field, by setting the `r
...
@@ -114,6 +116,9 @@ You can also override the name used for the object list field, by setting the `r
For example, to nest a pair of links labelled 'prev' and 'next', and set the name for the results field to 'objects', you might use something like this.
For example, to nest a pair of links labelled 'prev' and 'next', and set the name for the results field to 'objects', you might use something like this.
from rest_framework import pagination
from rest_framework import serializers
class LinksSerializer(serializers.Serializer):
class LinksSerializer(serializers.Serializer):
next = pagination.NextPageField(source='*')
next = pagination.NextPageField(source='*')
prev = pagination.PreviousPageField(source='*')
prev = pagination.PreviousPageField(source='*')
...
@@ -135,7 +140,7 @@ To have your custom pagination serializer be used by default, use the `DEFAULT_P
...
@@ -135,7 +140,7 @@ To have your custom pagination serializer be used by default, use the `DEFAULT_P
Alternatively, to set your custom pagination serializer on a per-view basis, use the `pagination_serializer_class` attribute on a generic class based view:
Alternatively, to set your custom pagination serializer on a per-view basis, use the `pagination_serializer_class` attribute on a generic class based view:
@@ -47,6 +47,10 @@ If not specified, this setting defaults to allowing unrestricted access:
...
@@ -47,6 +47,10 @@ If not specified, this setting defaults to allowing unrestricted access:
You can also set the authentication policy on a per-view, or per-viewset basis,
You can also set the authentication policy on a per-view, or per-viewset basis,
using the `APIView` class based views.
using the `APIView` class based views.
from rest_framework.permissions import IsAuthenticated
from rest_framework.responses import Response
from rest_framework.views import APIView
class ExampleView(APIView):
class ExampleView(APIView):
permission_classes = (IsAuthenticated,)
permission_classes = (IsAuthenticated,)
...
@@ -157,6 +161,8 @@ For more details see the [2.2 release announcement][2.2-announcement].
...
@@ -157,6 +161,8 @@ For more details see the [2.2 release announcement][2.2-announcement].
The following is an example of a permission class that checks the incoming request's IP address against a blacklist, and denies the request if the IP has been blacklisted.
The following is an example of a permission class that checks the incoming request's IP address against a blacklist, and denies the request if the IP has been blacklisted.
from rest_framework import permissions
class BlacklistPermission(permissions.BasePermission):
class BlacklistPermission(permissions.BasePermission):
@@ -183,7 +184,7 @@ When using `SlugRelatedField` as a read-write field, you will normally want to e
...
@@ -183,7 +184,7 @@ When using `SlugRelatedField` as a read-write field, you will normally want to e
This field can be applied as an identity relationship, such as the `'url'` field on a HyperlinkedModelSerializer. It can also be used for an attribute on the object. For example, the following serializer:
This field can be applied as an identity relationship, such as the `'url'` field on a HyperlinkedModelSerializer. It can also be used for an attribute on the object. For example, the following serializer:
class AlbumSerializer(serializers.HyperlinkedModelSerializer):
class AlbumSerializer(serializers.HyperlinkedModelSerializer):
Using bare status codes in your responses isn't recommended. REST framework includes a set of named constants that you can use to make more code more obvious and readable.
Using bare status codes in your responses isn't recommended. REST framework includes a set of named constants that you can use to make more code more obvious and readable.
from rest_framework import status
from rest_framework import status
from rest_framework.response import Response
def empty_view(self):
def empty_view(self):
content = {'please move along': 'nothing to see here'}
content = {'please move along': 'nothing to see here'}
The `APIRequestFactory` class supports an almost identical API to Django's standard `RequestFactory` class. This means the that standard `.get()`, `.post()`, `.put()`, `.patch()`, `.delete()`, `.head()` and `.options()` methods are all available.
The `APIRequestFactory` class supports an almost identical API to Django's standard `RequestFactory` class. This means the that standard `.get()`, `.post()`, `.put()`, `.patch()`, `.delete()`, `.head()` and `.options()` methods are all available.
from rest_framework.test import APIRequestFactory
# Using the standard RequestFactory API to create a form POST request
# Using the standard RequestFactory API to create a form POST request
@@ -72,6 +76,12 @@ To forcibly authenticate a request, use the `force_authenticate()` method.
...
@@ -72,6 +76,12 @@ To forcibly authenticate a request, use the `force_authenticate()` method.
The signature for the method is `force_authenticate(request, user=None, token=None)`. When making the call, either or both of the user and token may be set.
The signature for the method is `force_authenticate(request, user=None, token=None)`. When making the call, either or both of the user and token may be set.
For example, when forcibly authenticating using a token, you might do something like the following:
**Note**:When using `APIRequestFactory`, the object that is returned is Django's standard `HttpRequest`, and not REST framework's `Request` object, which is only generated once the view is called.
**Note**:When using `APIRequestFactory`, the object that is returned is Django's standard `HttpRequest`, and not REST framework's `Request` object, which is only generated once the view is called.
The `APIClient` class supports the same request interface as `APIRequestFactory`. This means the that standard `.get()`, `.post()`, `.put()`, `.patch()`, `.delete()`, `.head()` and `.options()` methods are all available. For example:
The `APIClient` class supports the same request interface as `APIRequestFactory`. This means the that standard `.get()`, `.post()`, `.put()`, `.patch()`, `.delete()`, `.head()` and `.options()` methods are all available. For example:
