<li><code>request.auth</code> will be <code>None</code>.</li>
<li><code>request.auth</code> will be <code>None</code>.</li>
</ul>
</ul>
<p>Unauthenticated responses that are denied permission will result in an <code>HTTP 403 Forbidden</code> response.</p>
<p>Unauthenticated responses that are denied permission will result in an <code>HTTP 403 Forbidden</code> response.</p>
<p>If you're using an AJAX style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as <code>PUT</code>, <code>PATCH</code>, <code>POST</code> or <code>DELETE</code> requests. See the <ahref="https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#ajax">Django CSRF documentation</a> for more details.</p>
<p>If you're using an AJAX style API with SessionAuthentication, you'll need to make sure you include a valid CSRF token for any "unsafe" HTTP method calls, such as <code>PUT</code>, <code>PATCH</code>, <code>POST</code> or <code>DELETE</code> requests. See the <ahref="https://docs.djangoproject.com/en/dev/ref/csrf/#ajax">Django CSRF documentation</a> for more details.</p>
<p>This authentication uses <ahref="http://oauth.net/core/1.0a">OAuth 1.0a</a> authentication scheme. OAuth 1.0a provides signature validation which provides a reasonable level of security over plain non-HTTPS connections. However, it may also be considered more complicated than OAuth2, as it requires clients to sign their requests.</p>
<p>This authentication uses <ahref="http://oauth.net/core/1.0a">OAuth 1.0a</a> authentication scheme. OAuth 1.0a provides signature validation which provides a reasonable level of security over plain non-HTTPS connections. However, it may also be considered more complicated than OAuth2, as it requires clients to sign their requests.</p>
<p>This authentication class depends on the optional <code>django-oauth-plus</code> and <code>oauth2</code> packages. In order to make it work you must install these packages and add <code>oauth_provider</code> to your <code>INSTALLED_APPS</code>:</p>
<p>This authentication class depends on the optional <code>django-oauth-plus</code> and <code>oauth2</code> packages. In order to make it work you must install these packages and add <code>oauth_provider</code> to your <code>INSTALLED_APPS</code>:</p>
<p>A <code>RegexField</code> that validates the input against a URL matching pattern. Expects fully qualified URLs of the form <code>http://<host>/<path></code>.</p>
<p>A <code>RegexField</code> that validates the input against a URL matching pattern. Expects fully qualified URLs of the form <code>http://<host>/<path></code>.</p>
<p>Corresponds to <code>django.db.models.fields.URLField</code>. Uses Django's <code>django.core.validators.URLValidator</code> for validation.</p>
<p>Corresponds to <code>django.db.models.fields.URLField</code>. Uses Django's <code>django.core.validators.URLValidator</code> for validation.</p>
<p>A field that ensures the input is a valid UUID string. The <code>to_internal_value</code> method will return a <code>uuid.UUID</code> instance. On output the field will return a string in the canonical hyphenated format, for example:</p>
<p>Both the <code>allow_blank</code> and <code>allow_null</code> are valid options on <code>ChoiceField</code>, although it is highly recommended that you only use one and not both. <code>allow_blank</code> should be preferred for textual choices, and <code>allow_null</code> should be preferred for numeric or other non-textual choices.</p>
<p>Both the <code>allow_blank</code> and <code>allow_null</code> are valid options on <code>ChoiceField</code>, although it is highly recommended that you only use one and not both. <code>allow_blank</code> should be preferred for textual choices, and <code>allow_null</code> should be preferred for numeric or other non-textual choices.</p>
<p>A field that can accept a set of zero, one or many values, chosen from a limited set of choices. Takes a single mandatory argument. <code>to_internal_representation</code> returns a <code>set</code> containing the selected values.</p>
<p>A field that can accept a set of zero, one or many values, chosen from a limited set of choices. Takes a single mandatory argument. <code>to_internal_value</code> returns a <code>set</code> containing the selected values.</p>
<li><code>child</code> - A field instance that should be used for validating the objects in the list.</li>
<li><code>child</code> - A field instance that should be used for validating the objects in the list. If this argument is not provided then objects in the list will not be validated.</li>
</ul>
</ul>
<p>For example, to validate a list of integers you might use something like the following:</p>
<p>For example, to validate a list of integers you might use something like the following:</p>
<p>We can now reuse our custom <code>StringListField</code> class throughout our application, without having to provide a <code>child</code> argument to it.</p>
<p>We can now reuse our custom <code>StringListField</code> class throughout our application, without having to provide a <code>child</code> argument to it.</p>
<h2id="dictfield">DictField</h2>
<p>A field class that validates a dictionary of objects. The keys in <code>DictField</code> are always assumed to be string values.</p>
<li><code>child</code> - A field instance that should be used for validating the values in the dictionary. If this argument is not provided then values in the mapping will not be validated.</li>
</ul>
<p>For example, to create a field that validates a mapping of strings to strings, you would write something like this:</p>
<p>This is a read-only field. It gets its value by calling a method on the serializer class it is attached to. It can be used to add any sort of data to the serialized representation of your object.</p>
<p>This is a read-only field. It gets its value by calling a method on the serializer class it is attached to. It can be used to add any sort of data to the serialized representation of your object.</p>
<li><code>method-name</code> - The name of the method on the serializer to be called. If not included this defaults to <code>get_<field_name></code>.</li>
<li><code>method_name</code> - The name of the method on the serializer to be called. If not included this defaults to <code>get_<field_name></code>.</li>
</ul>
</ul>
<p>The serializer method referred to by the <code>method_name</code> argument should accept a single argument (in addition to <code>self</code>), which is the object being serialized. It should return whatever you want to be included in the serialized representation of the object. For example:</p>
<p>The serializer method referred to by the <code>method_name</code> argument should accept a single argument (in addition to <code>self</code>), which is the object being serialized. It should return whatever you want to be included in the serialized representation of the object. For example:</p>
<pre><code>from django.contrib.auth.models import User
<pre><code>from django.contrib.auth.models import User
@@ -757,8 +757,8 @@ class ProductFilter(django_filters.FilterSet):
...
@@ -757,8 +757,8 @@ class ProductFilter(django_filters.FilterSet):
<p>We could achieve the same behavior by overriding <code>get_queryset()</code> on the views, but using a filter backend allows you to more easily add this restriction to multiple views, or to apply it across the entire API.</p>
<p>We could achieve the same behavior by overriding <code>get_queryset()</code> on the views, but using a filter backend allows you to more easily add this restriction to multiple views, or to apply it across the entire API.</p>
<h1id="third-party-packages">Third party packages</h1>
<h1id="third-party-packages">Third party packages</h1>
<p>The following third party packages provide additional filter implementations.</p>
<p>The following third party packages provide additional filter implementations.</p>
<p>The <ahref="https://github.com/philipn/django-rest-framework-chain">django-rest-framework-chain package</a> works together with the <code>DjangoFilterBackend</code> class, and allows you to easily create filters across relationships, or create multiple filter lookup types for a given field.</p>
<p>The <ahref="https://github.com/philipn/django-rest-framework-filters">django-rest-framework-filters package</a> works together with the <code>DjangoFilterBackend</code> class, and allows you to easily create filters across relationships, or create multiple filter lookup types for a given field.</p>
@@ -548,7 +548,7 @@ class UserViewSet(viewsets.ModelViewSet):
...
@@ -548,7 +548,7 @@ class UserViewSet(viewsets.ModelViewSet):
def set_password(self, request, pk=None):
def set_password(self, request, pk=None):
...
...
</code></pre>
</code></pre>
<p>Theses decorators will route <code>GET</code> requests by default, but may also accept other HTTP methods, by using the <code>methods</code> argument. For example:</p>
<p>These decorators will route <code>GET</code> requests by default, but may also accept other HTTP methods, by using the <code>methods</code> argument. For example:</p>
<li><ahref="http://singinghorsestudio.com"rel="nofollow"style="background-image:url(../../img/sponsors/2-singing-horse.png);">Singing Horse Studio Ltd.</a></li>
<li><ahref="http://singinghorsestudio.com"rel="nofollow"style="background-image:url(../../img/sponsors/2-singing-horse.png);">Singing Horse Studio Ltd.</a></li>
<p><strong>Date</strong>: <ahref="https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%223.0.4+Release%22">28th January 2015</a>.</p>
<li>Add <code>DictField</code> and support Django 1.8 <code>HStoreField</code>. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2451">#2451</a>, <ahref="https://github.com/tomchristie/django-rest-framework/issues/2106">#2106</a>)</li>
<li>Add <code>UUIDField</code> and support Django 1.8 <code>UUIDField</code>. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2448">#2448</a>, <ahref="https://github.com/tomchristie/django-rest-framework/issues/2433">#2433</a>, <ahref="https://github.com/tomchristie/django-rest-framework/issues/2432">#2432</a>)</li>
<li><code>BaseRenderer.render</code> now raises <code>NotImplementedError</code>. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2434">#2434</a>)</li>
<li>Fix timedelta JSON serialization on Python 2.6. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2430">#2430</a>)</li>
<li><code>ResultDict</code> and <code>ResultList</code> now appear as standard dict/list. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2421">#2421</a>)</li>
<li>Fix visible <code>HiddenField</code> in the HTML form of the web browsable API page. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2410">#2410</a>)</li>
<li>Use <code>OrderedDict</code> for <code>RelatedField.choices</code>. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2408">#2408</a>)</li>
<li>Fix ident format when using <code>HTTP_X_FORWARDED_FOR</code>. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2401">#2401</a>)</li>
<li>Fix invalid key with memcached while using throttling. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2400">#2400</a>)</li>
<li>Fix <code>FileUploadParser</code> with version 3.x. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2399">#2399</a>)</li>
<li>Fix the serializer inheritance. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2388">#2388</a>)</li>
<li>Fix caching issues with <code>ReturnDict</code>. (<ahref="https://github.com/tomchristie/django-rest-framework/issues/2360">#2360</a>)</li>
</ul>
<h3id="303">3.0.3</h3>
<h3id="303">3.0.3</h3>
<p><strong>Date</strong>: <ahref="https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%223.0.3+Release%22">8th January 2015</a>.</p>
<p><strong>Date</strong>: <ahref="https://github.com/tomchristie/django-rest-framework/issues?q=milestone%3A%223.0.3+Release%22">8th January 2015</a>.</p>
<p>Our <code>SnippetSerializer</code> class is replicating a lot of information that's also contained in the <code>Snippet</code> model. It would be nice if we could keep our code a bit more concise.</p>
<p>Our <code>SnippetSerializer</code> class is replicating a lot of information that's also contained in the <code>Snippet</code> model. It would be nice if we could keep our code a bit more concise.</p>
<p>In the same way that Django provides both <code>Form</code> classes and <code>ModelForm</code> classes, REST framework includes both <code>Serializer</code> classes, and <code>ModelSerializer</code> classes.</p>
<p>In the same way that Django provides both <code>Form</code> classes and <code>ModelForm</code> classes, REST framework includes both <code>Serializer</code> classes, and <code>ModelSerializer</code> classes.</p>
<p>Let's look at refactoring our serializer using the <code>ModelSerializer</code> class.
<p>Let's look at refactoring our serializer using the <code>ModelSerializer</code> class.
Open the file <code>snippets/serializers.py</code> again, and edit the <code>SnippetSerializer</code> class.</p>
Open the file <code>snippets/serializers.py</code> again, and replace the <code>SnippetSerializer</code> class with the following.</p>
<p>One nice property that serializers have is that you can inspect all the fields in a serializer instance, by printing it's representation. Open the Django shell with <code>python manage.py shell</code>, then try the following:</p>
<p>One nice property that serializers have is that you can inspect all the fields in a serializer instance, by printing its representation. Open the Django shell with <code>python manage.py shell</code>, then try the following:</p>
<pre><code>>>> from snippets.serializers import SnippetSerializer
<pre><code>>>> from snippets.serializers import SnippetSerializer
@@ -543,7 +543,7 @@ class IsOwnerOrReadOnly(permissions.BasePermission):
...
@@ -543,7 +543,7 @@ class IsOwnerOrReadOnly(permissions.BasePermission):
# Write permissions are only allowed to the owner of the snippet.
# Write permissions are only allowed to the owner of the snippet.
return obj.owner == request.user
return obj.owner == request.user
</code></pre>
</code></pre>
<p>Now we can add that custom permission to our snippet instance endpoint, by editing the <code>permission_classes</code> property on the <code>SnippetDetail</code> class:</p>
<p>Now we can add that custom permission to our snippet instance endpoint, by editing the <code>permission_classes</code> property on the <code>SnippetDetail</code>view class:</p>
@@ -482,7 +482,9 @@ class UserSerializer(serializers.HyperlinkedModelSerializer):
...
@@ -482,7 +482,9 @@ class UserSerializer(serializers.HyperlinkedModelSerializer):
<li>Our snippet and user serializers include <code>'url'</code> fields that by default will refer to <code>'{model_name}-detail'</code>, which in this case will be <code>'snippet-detail'</code> and <code>'user-detail'</code>.</li>
<li>Our snippet and user serializers include <code>'url'</code> fields that by default will refer to <code>'{model_name}-detail'</code>, which in this case will be <code>'snippet-detail'</code> and <code>'user-detail'</code>.</li>
</ul>
</ul>
<p>After adding all those names into our URLconf, our final <code>snippets/urls.py</code> file should look something like this:</p>
<p>After adding all those names into our URLconf, our final <code>snippets/urls.py</code> file should look something like this:</p>
<pre><code># API endpoints
<pre><code>from django.conf.urls import url, include
