Revert "Simplified some examples in tutorial"

This reverts commit d6806340.

Revert "Simplified some examples in tutorial"
This reverts commit d6806340.
74f1cf63 · amatellanes · d6806340 · 74f1cf63 · 74f1cf63 · 74f1cf63
Commit 74f1cf63 authored Dec 23, 2013 by amatellanes
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 6 deletions

docs/tutorial/1-serialization.md
+4 -2

docs/tutorial/2-requests-and-responses.md
+4 -2

docs/tutorial/4-authentication-and-permissions.md
+5 -2

No files found.
--- a/docs/tutorial/1-serialization.md
+++ b/docs/tutorial/1-serialization.md
@@ -263,7 +263,8 @@ The root of our API is going to be a view that supports listing all the existing
            if serializer.is_valid():
                serializer.save()
                return JSONResponse(serializer.data, status=201)
-            return JSONResponse(serializer.errors, status=400)
+            else:
+                return JSONResponse(serializer.errors, status=400)
 Note that because we want to be able to POST to this view from clients that won't have a CSRF token we need to mark the view as `csrf_exempt`.  This isn't something that you'd normally want to do, and REST framework views actually use more sensible behavior than this, but it'll do for our purposes right now. 
@@ -289,7 +290,8 @@ We'll also need a view which corresponds to an individual snippet, and can be us
            if serializer.is_valid():
                serializer.save()
                return JSONResponse(serializer.data)
-            return JSONResponse(serializer.errors, status=400)
+            else:
+                return JSONResponse(serializer.errors, status=400)
        elif request.method == 'DELETE':
            snippet.delete()

--- a/docs/tutorial/2-requests-and-responses.md
+++ b/docs/tutorial/2-requests-and-responses.md
@@ -59,7 +59,8 @@ We don't need our `JSONResponse` class in `views.py` anymore, so go ahead and de
            if serializer.is_valid():
                serializer.save()
                return Response(serializer.data, status=status.HTTP_201_CREATED)
-            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+            else:
+                return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 Our instance view is an improvement over the previous example.  It's a little more concise, and the code now feels very similar to if we were working with the Forms API.  We're also using named status codes, which makes the response meanings more obvious.
@@ -84,7 +85,8 @@ Here is the view for an individual snippet, in the `views.py` module.
            if serializer.is_valid():
                serializer.save()
                return Response(serializer.data)
-            return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+            else:
+                return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
        elif request.method == 'DELETE':
            snippet.delete()

--- a/docs/tutorial/4-authentication-and-permissions.md
+++ b/docs/tutorial/4-authentication-and-permissions.md
@@ -163,12 +163,15 @@ In the snippets app, create a new file, `permissions.py`
        """
        Custom permission to only allow owners of an object to edit it.
        """
        def has_object_permission(self, request, view, obj):
            # Read permissions are allowed to any request,
            # so we'll always allow GET, HEAD or OPTIONS requests.
+            if request.method in permissions.SAFE_METHODS:            
+                return True
            # Write permissions are only allowed to the owner of the snippet
-            return request.method in permissions.SAFE_METHODS or obj.owner == request.user
+            return obj.owner == request.user
 Now we can add that custom permission to our snippet instance endpoint, by editing the `permission_classes` property on the `SnippetDetail` class: