diff --git a/docs/api-guide/fields.md b/docs/api-guide/fields.md index ea944e1fff..94b6e7c21a 100644 --- a/docs/api-guide/fields.md +++ b/docs/api-guide/fields.md @@ -68,14 +68,6 @@ When serializing the instance, default will be used if the object attribute or d Note that setting a `default` value implies that the field is not required. Including both the `default` and `required` keyword arguments is invalid and will raise an error. -Notes regarding default value propagation from model to serializer: - -All the default values from model will pass as default to the serializer and the options method. - -If the default is callable then it will be propagated to & evaluated every time in the serializer but not in options method. - -If the value for given field is not given then default value will be present in the serializer and available in serializer's methods. Specified validation on given field will be evaluated on default value as that field will be present in the serializer. - ### `allow_null` Normally an error will be raised if `None` is passed to a serializer field. Set this keyword argument to `True` if `None` should be considered a valid value. diff --git a/docs/api-guide/permissions.md b/docs/api-guide/permissions.md index 5e0b6a153d..775888fb66 100644 --- a/docs/api-guide/permissions.md +++ b/docs/api-guide/permissions.md @@ -173,12 +173,11 @@ This permission is suitable if you want to your API to allow read permissions to This permission class ties into Django's standard `django.contrib.auth` [model permissions][contribauth]. This permission must only be applied to views that have a `.queryset` property or `get_queryset()` method. Authorization will only be granted if the user *is authenticated* and has the *relevant model permissions* assigned. The appropriate model is determined by checking `get_queryset().model` or `queryset.model`. -* `GET` requests require the user to have the `view` or `change` permission on the model * `POST` requests require the user to have the `add` permission on the model. * `PUT` and `PATCH` requests require the user to have the `change` permission on the model. * `DELETE` requests require the user to have the `delete` permission on the model. -The default behaviour can also be overridden to support custom model permissions. +The default behavior can also be overridden to support custom model permissions. For example, you might want to include a `view` model permission for `GET` requests. To use custom model permissions, override `DjangoModelPermissions` and set the `.perms_map` property. Refer to the source code for details. diff --git a/docs/api-guide/schemas.md b/docs/api-guide/schemas.md index 7af98dbf5e..c387af9727 100644 --- a/docs/api-guide/schemas.md +++ b/docs/api-guide/schemas.md @@ -56,10 +56,11 @@ The following sections explain more. ### Install dependencies - pip install pyyaml uritemplate + pip install pyyaml uritemplate inflection * `pyyaml` is used to generate schema into YAML-based OpenAPI format. * `uritemplate` is used internally to get parameters in path. +* `inflection` is used to pluralize operations more appropriately in the list endpoints. ### Generating a static schema with the `generateschema` management command diff --git a/docs/community/3.15-announcement.md b/docs/community/3.15-announcement.md index 5bcff6969d..848d534b24 100644 --- a/docs/community/3.15-announcement.md +++ b/docs/community/3.15-announcement.md @@ -31,10 +31,6 @@ The current minimum versions of Django still is 3.0 and Python 3.6. `ModelSerializer` generates validators for [UniqueConstraint](https://docs.djangoproject.com/en/4.0/ref/models/constraints/#uniqueconstraint) (both UniqueValidator and UniqueTogetherValidator) -## ValidationErrors improvements - -The `ValidationError` has been aligned with Django's, currently supporting the same style (signature) and nesting. - ## SimpleRouter non-regex matching support By default the URLs created by `SimpleRouter` use regular expressions. This behavior can be modified by setting the `use_regex_path` argument to `False` when instantiating the router. @@ -47,10 +43,6 @@ Dependency on pytz has been removed and deprecation warnings have been added, Dj Searches now may contain _quoted phrases_ with spaces, each phrase is considered as a single search term, and it will raise a validation error if any null-character is provided in search. See the [Filtering API guide](../api-guide/filtering.md) for more information. -## Default values propagation - -Model fields' default values are now propagated to serializer fields, for more information see the [Serializer fields API guide](../api-guide/fields.md#default). - ## Other fixes and improvements There are a number of fixes and minor improvements in this release, ranging from documentation, internal infrastructure (typing, testing, requirements, deprecation, etc.), security and overall behaviour. diff --git a/docs/community/release-notes.md b/docs/community/release-notes.md index ab591db3bb..6da3efb9f5 100644 --- a/docs/community/release-notes.md +++ b/docs/community/release-notes.md @@ -36,12 +36,19 @@ You can determine your currently installed version using `pip show`: ## 3.15.x series +### 3.15.1 + +Date: 22nd March 2024 + +* Fix `SearchFilter` handling of quoted and comma separated strings, when `.get_search_terms` is being called into by a custom class. See [[#9338](https://github.com/encode/django-rest-framework/issues/9338)] +* Revert number of 3.15.0 issues which included unintended side-effects. See [[#9331](https://github.com/encode/django-rest-framework/issues/9331)] + ### 3.15.0 Date: 15th March 2024 -* Django 5.0 and Python 3.12 support [[#9157] (https://github.com/encode/django-rest-framework/pull/9157)] -* Use POST method instead of GET to perform logout in browsable API [[9208] (https://github.com/encode/django-rest-framework/pull/9208)] +* Django 5.0 and Python 3.12 support [[#9157](https://github.com/encode/django-rest-framework/pull/9157)] +* Use POST method instead of GET to perform logout in browsable API [[9208](https://github.com/encode/django-rest-framework/pull/9208)] * Added jQuery 3.7.1 support & dropped previous version [[#9094](https://github.com/encode/django-rest-framework/pull/9094)] * Use str as default path converter [[#9066](https://github.com/encode/django-rest-framework/pull/9066)] * Document support for http.HTTPMethod in the @action decorator added in Python 3.11 [[#9067](https://github.com/encode/django-rest-framework/pull/9067)] @@ -92,7 +99,7 @@ Date: 15th March 2024 * Use autocomplete widget for user selection in Token admin [[#8534](https://github.com/encode/django-rest-framework/pull/8534)] * Make browsable API compatible with strong CSP [[#8784](https://github.com/encode/django-rest-framework/pull/8784)] * Avoid inline script execution for injecting CSRF token [[#7016](https://github.com/encode/django-rest-framework/pull/7016)] -* Mitigate global dependency on inflection #8017 [[#8017](https://github.com/encode/django-rest-framework/pull/8017)] [[#8781](https://github.com/encode/django-rest-framework/pull/8781)] +* Mitigate global dependency on inflection [[#8017](https://github.com/encode/django-rest-framework/pull/8017)] [[#8781](https://github.com/encode/django-rest-framework/pull/8781)] * Register Django urls [[#8778](https://github.com/encode/django-rest-framework/pull/8778)] * Implemented Verbose Name Translation for TokenProxy [[#8713](https://github.com/encode/django-rest-framework/pull/8713)] * Properly handle OverflowError in DurationField deserialization [[#8042](https://github.com/encode/django-rest-framework/pull/8042)] @@ -110,7 +117,7 @@ Date: 15th March 2024 * Add `__eq__` method for `OperandHolder` class [[#8710](https://github.com/encode/django-rest-framework/pull/8710)] * Avoid importing `django.test` package when not testing [[#8699](https://github.com/encode/django-rest-framework/pull/8699)] * Preserve exception messages for wrapped Django exceptions [[#8051](https://github.com/encode/django-rest-framework/pull/8051)] -* Include `examples` and `format` to OpenAPI schema of CursorPagination [[#8687] (https://github.com/encode/django-rest-framework/pull/8687)] [[#8686](https://github.com/encode/django-rest-framework/pull/8686)] +* Include `examples` and `format` to OpenAPI schema of CursorPagination [[#8687](https://github.com/encode/django-rest-framework/pull/8687)] [[#8686](https://github.com/encode/django-rest-framework/pull/8686)] * Fix infinite recursion with deepcopy on Request [[#8684](https://github.com/encode/django-rest-framework/pull/8684)] * Refactor: Replace try/except with contextlib.suppress() [[#8676](https://github.com/encode/django-rest-framework/pull/8676)] * Minor fix to SerializeMethodField docstring [[#8629](https://github.com/encode/django-rest-framework/pull/8629)] diff --git a/docs/community/third-party-packages.md b/docs/community/third-party-packages.md index 3a4ba58488..a92da82fca 100644 --- a/docs/community/third-party-packages.md +++ b/docs/community/third-party-packages.md @@ -125,6 +125,7 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque ### Misc +* [drf-sendables][drf-sendables] - User messages for Django REST Framework * [cookiecutter-django-rest][cookiecutter-django-rest] - A cookiecutter template that takes care of the setup and configuration so you can focus on making your REST apis awesome. * [djangorestrelationalhyperlink][djangorestrelationalhyperlink] - A hyperlinked serializer that can can be used to alter relationships via hyperlinks, but otherwise like a hyperlink model serializer. * [django-rest-framework-proxy][django-rest-framework-proxy] - Proxy to redirect incoming request to another API server. @@ -157,6 +158,7 @@ To submit new content, [open an issue][drf-create-issue] or [create a pull reque * [drf-redesign][drf-redesign] - A project that gives a fresh look to the browse-able API using Bootstrap 5. * [drf-material][drf-material] - A project that gives a sleek and elegant look to the browsable API using Material Design. +[drf-sendables]: https://github.com/amikrop/drf-sendables [cite]: http://www.software-ecosystems.com/Software_Ecosystems/Ecosystems.html [cookiecutter]: https://github.com/jpadilla/cookiecutter-django-rest-framework [new-repo]: https://github.com/new diff --git a/rest_framework/__init__.py b/rest_framework/__init__.py index 45ff909806..fe2eab04ba 100644 --- a/rest_framework/__init__.py +++ b/rest_framework/__init__.py @@ -10,7 +10,7 @@ import django __title__ = 'Django REST framework' -__version__ = '3.15.0' +__version__ = '3.15.1' __author__ = 'Tom Christie' __license__ = 'BSD 3-Clause' __copyright__ = 'Copyright 2011-2023 Encode OSS Ltd' diff --git a/rest_framework/authtoken/admin.py b/rest_framework/authtoken/admin.py index 163328eb07..eabb8fca8b 100644 --- a/rest_framework/authtoken/admin.py +++ b/rest_framework/authtoken/admin.py @@ -28,7 +28,6 @@ class TokenAdmin(admin.ModelAdmin): search_help_text = _('Username') ordering = ('-created',) actions = None # Actions not compatible with mapped IDs. - autocomplete_fields = ("user",) def get_changelist(self, request, **kwargs): return TokenChangeList diff --git a/rest_framework/compat.py b/rest_framework/compat.py index 472b8ad244..afc06b6cb7 100644 --- a/rest_framework/compat.py +++ b/rest_framework/compat.py @@ -46,6 +46,12 @@ def unicode_http_header(value): except ImportError: yaml = None +# inflection is optional +try: + import inflection +except ImportError: + inflection = None + # requests is optional try: diff --git a/rest_framework/exceptions.py b/rest_framework/exceptions.py index bc20fcaa37..09f111102e 100644 --- a/rest_framework/exceptions.py +++ b/rest_framework/exceptions.py @@ -144,30 +144,17 @@ class ValidationError(APIException): status_code = status.HTTP_400_BAD_REQUEST default_detail = _('Invalid input.') default_code = 'invalid' - default_params = {} - def __init__(self, detail=None, code=None, params=None): + def __init__(self, detail=None, code=None): if detail is None: detail = self.default_detail if code is None: code = self.default_code - if params is None: - params = self.default_params # For validation failures, we may collect many errors together, # so the details should always be coerced to a list if not already. - if isinstance(detail, str): - detail = [detail % params] - elif isinstance(detail, ValidationError): - detail = detail.detail - elif isinstance(detail, (list, tuple)): - final_detail = [] - for detail_item in detail: - if isinstance(detail_item, ValidationError): - final_detail += detail_item.detail - else: - final_detail += [detail_item % params if isinstance(detail_item, str) else detail_item] - detail = final_detail + if isinstance(detail, tuple): + detail = list(detail) elif not isinstance(detail, dict) and not isinstance(detail, list): detail = [detail] diff --git a/rest_framework/filters.py b/rest_framework/filters.py index 86effe24e3..5742f512ee 100644 --- a/rest_framework/filters.py +++ b/rest_framework/filters.py @@ -24,15 +24,19 @@ def search_smart_split(search_terms): """generator that first splits string by spaces, leaving quoted phrases together, then it splits non-quoted phrases by commas. """ + split_terms = [] for term in smart_split(search_terms): # trim commas to avoid bad matching for quoted phrases term = term.strip(',') if term.startswith(('"', "'")) and term[0] == term[-1]: # quoted phrases are kept together without any other split - yield unescape_string_literal(term) + split_terms.append(unescape_string_literal(term)) else: # non-quoted tokens are split by comma, keeping only non-empty ones - yield from (sub_term.strip() for sub_term in term.split(',') if sub_term) + for sub_term in term.split(','): + if sub_term: + split_terms.append(sub_term.strip()) + return split_terms class BaseFilterBackend: @@ -85,7 +89,8 @@ def get_search_terms(self, request): """ value = request.query_params.get(self.search_param, '') field = CharField(trim_whitespace=False, allow_blank=True) - return field.run_validation(value) + cleaned_value = field.run_validation(value) + return search_smart_split(cleaned_value) def construct_search(self, field_name, queryset): lookup = self.lookup_prefixes.get(field_name[0]) @@ -163,7 +168,7 @@ def filter_queryset(self, request, queryset, view): reduce( operator.or_, (models.Q(**{orm_lookup: term}) for orm_lookup in orm_lookups) - ) for term in search_smart_split(search_terms) + ) for term in search_terms ) queryset = queryset.filter(reduce(operator.and_, conditions)) diff --git a/rest_framework/metadata.py b/rest_framework/metadata.py index fd0f4e163d..364ca5b14d 100644 --- a/rest_framework/metadata.py +++ b/rest_framework/metadata.py @@ -11,7 +11,6 @@ from django.utils.encoding import force_str from rest_framework import exceptions, serializers -from rest_framework.fields import empty from rest_framework.request import clone_request from rest_framework.utils.field_mapping import ClassLookupDict @@ -150,7 +149,4 @@ def get_field_info(self, field): for choice_value, choice_name in field.choices.items() ] - if getattr(field, 'default', None) and field.default != empty and not callable(field.default): - field_info['default'] = field.default - return field_info diff --git a/rest_framework/mixins.py b/rest_framework/mixins.py index 6ac6366c75..7fa8947cb9 100644 --- a/rest_framework/mixins.py +++ b/rest_framework/mixins.py @@ -4,8 +4,6 @@ We don't bind behaviour to http method handlers yet, which allows mixin classes to be composed in interesting ways. """ -from django.db.models.query import prefetch_related_objects - from rest_framework import status from rest_framework.response import Response from rest_framework.settings import api_settings @@ -69,13 +67,10 @@ def update(self, request, *args, **kwargs): serializer.is_valid(raise_exception=True) self.perform_update(serializer) - queryset = self.filter_queryset(self.get_queryset()) - if queryset._prefetch_related_lookups: + if getattr(instance, '_prefetched_objects_cache', None): # If 'prefetch_related' has been applied to a queryset, we need to - # forcibly invalidate the prefetch cache on the instance, - # and then re-prefetch related objects + # forcibly invalidate the prefetch cache on the instance. instance._prefetched_objects_cache = {} - prefetch_related_objects([instance], *queryset._prefetch_related_lookups) return Response(serializer.data) diff --git a/rest_framework/permissions.py b/rest_framework/permissions.py index 8fb4569cb1..71de226f98 100644 --- a/rest_framework/permissions.py +++ b/rest_framework/permissions.py @@ -186,9 +186,9 @@ class DjangoModelPermissions(BasePermission): # Override this if you need to also provide 'view' permissions, # or if you want to provide custom permission codes. perms_map = { - 'GET': ['%(app_label)s.view_%(model_name)s'], + 'GET': [], 'OPTIONS': [], - 'HEAD': ['%(app_label)s.view_%(model_name)s'], + 'HEAD': [], 'POST': ['%(app_label)s.add_%(model_name)s'], 'PUT': ['%(app_label)s.change_%(model_name)s'], 'PATCH': ['%(app_label)s.change_%(model_name)s'], @@ -239,13 +239,8 @@ def has_permission(self, request, view): queryset = self._queryset(view) perms = self.get_required_permissions(request.method, queryset.model) - change_perm = self.get_required_permissions('PUT', queryset.model) - - user = request.user - if request.method == 'GET': - return user.has_perms(perms) or user.has_perms(change_perm) - return user.has_perms(perms) + return request.user.has_perms(perms) class DjangoModelPermissionsOrAnonReadOnly(DjangoModelPermissions): diff --git a/rest_framework/schemas/openapi.py b/rest_framework/schemas/openapi.py index c154494e2e..38031e646d 100644 --- a/rest_framework/schemas/openapi.py +++ b/rest_framework/schemas/openapi.py @@ -14,7 +14,7 @@ from rest_framework import ( RemovedInDRF315Warning, exceptions, renderers, serializers ) -from rest_framework.compat import uritemplate +from rest_framework.compat import inflection, uritemplate from rest_framework.fields import _UnvalidatedField, empty from rest_framework.settings import api_settings @@ -247,9 +247,8 @@ def get_operation_id_base(self, path, method, action): name = name[:-len(action)] if action == 'list': - from inflection import pluralize - - name = pluralize(name) + assert inflection, '`inflection` must be installed for OpenAPI schema support.' + name = inflection.pluralize(name) return name diff --git a/rest_framework/utils/field_mapping.py b/rest_framework/utils/field_mapping.py index 30bb65e0cf..fc63f96fe0 100644 --- a/rest_framework/utils/field_mapping.py +++ b/rest_framework/utils/field_mapping.py @@ -9,7 +9,6 @@ from django.utils.text import capfirst from rest_framework.compat import postgres_fields -from rest_framework.fields import empty from rest_framework.validators import UniqueValidator NUMERIC_FIELD_TYPES = ( @@ -128,9 +127,6 @@ def get_field_kwargs(field_name, model_field): kwargs['read_only'] = True return kwargs - if model_field.default is not None and model_field.default != empty and not callable(model_field.default): - kwargs['default'] = model_field.default - if model_field.has_default() or model_field.blank or model_field.null: kwargs['required'] = False diff --git a/rest_framework/versioning.py b/rest_framework/versioning.py index a1c0ce4d7b..c2764c7a40 100644 --- a/rest_framework/versioning.py +++ b/rest_framework/versioning.py @@ -119,16 +119,15 @@ class NamespaceVersioning(BaseVersioning): def determine_version(self, request, *args, **kwargs): resolver_match = getattr(request, 'resolver_match', None) - if resolver_match is not None and resolver_match.namespace: - # Allow for possibly nested namespaces. - possible_versions = resolver_match.namespace.split(':') - for version in possible_versions: - if self.is_allowed_version(version): - return version - - if not self.is_allowed_version(self.default_version): - raise exceptions.NotFound(self.invalid_version_message) - return self.default_version + if resolver_match is None or not resolver_match.namespace: + return self.default_version + + # Allow for possibly nested namespaces. + possible_versions = resolver_match.namespace.split(':') + for version in possible_versions: + if self.is_allowed_version(version): + return version + raise exceptions.NotFound(self.invalid_version_message) def reverse(self, viewname, args=None, kwargs=None, request=None, format=None, **extra): if request.version is not None: diff --git a/rest_framework/views.py b/rest_framework/views.py index 4c30029fdc..411c1ee384 100644 --- a/rest_framework/views.py +++ b/rest_framework/views.py @@ -421,7 +421,7 @@ def finalize_response(self, request, response, *args, **kwargs): """ # Make the error obvious if a proper response is not returned assert isinstance(response, HttpResponseBase), ( - 'Expected a `Response`, `HttpResponse` or `HttpStreamingResponse` ' + 'Expected a `Response`, `HttpResponse` or `StreamingHttpResponse` ' 'to be returned from the view, but received a `%s`' % type(response) ) diff --git a/tests/test_metadata.py b/tests/test_metadata.py index 387b9ecded..1bdc8697c4 100644 --- a/tests/test_metadata.py +++ b/tests/test_metadata.py @@ -184,135 +184,6 @@ def get_serializer(self): assert response.status_code == status.HTTP_200_OK assert response.data == expected - def test_actions_with_default(self): - """ - On generic views OPTIONS should return an 'actions' key with metadata - on the fields with default that may be supplied to PUT and POST requests. - """ - class NestedField(serializers.Serializer): - a = serializers.IntegerField(default=2) - b = serializers.IntegerField() - - class ExampleSerializer(serializers.Serializer): - choice_field = serializers.ChoiceField(['red', 'green', 'blue'], default='red') - integer_field = serializers.IntegerField( - min_value=1, max_value=1000, default=1 - ) - char_field = serializers.CharField( - min_length=3, max_length=40, default="example" - ) - list_field = serializers.ListField( - child=serializers.ListField( - child=serializers.IntegerField(default=1) - ) - ) - nested_field = NestedField() - uuid_field = serializers.UUIDField(label="UUID field") - - class ExampleView(views.APIView): - """Example view.""" - def post(self, request): - pass - - def get_serializer(self): - return ExampleSerializer() - - view = ExampleView.as_view() - response = view(request=request) - expected = { - 'name': 'Example', - 'description': 'Example view.', - 'renders': [ - 'application/json', - 'text/html' - ], - 'parses': [ - 'application/json', - 'application/x-www-form-urlencoded', - 'multipart/form-data' - ], - 'actions': { - 'POST': { - 'choice_field': { - 'type': 'choice', - 'required': False, - 'read_only': False, - 'label': 'Choice field', - "choices": [ - {'value': 'red', 'display_name': 'red'}, - {'value': 'green', 'display_name': 'green'}, - {'value': 'blue', 'display_name': 'blue'} - ], - 'default': 'red' - }, - 'integer_field': { - 'type': 'integer', - 'required': False, - 'read_only': False, - 'label': 'Integer field', - 'min_value': 1, - 'max_value': 1000, - 'default': 1 - }, - 'char_field': { - 'type': 'string', - 'required': False, - 'read_only': False, - 'label': 'Char field', - 'min_length': 3, - 'max_length': 40, - 'default': 'example' - }, - 'list_field': { - 'type': 'list', - 'required': True, - 'read_only': False, - 'label': 'List field', - 'child': { - 'type': 'list', - 'required': True, - 'read_only': False, - 'child': { - 'type': 'integer', - 'required': False, - 'read_only': False, - 'default': 1 - } - } - }, - 'nested_field': { - 'type': 'nested object', - 'required': True, - 'read_only': False, - 'label': 'Nested field', - 'children': { - 'a': { - 'type': 'integer', - 'required': False, - 'read_only': False, - 'label': 'A', - 'default': 2 - }, - 'b': { - 'type': 'integer', - 'required': True, - 'read_only': False, - 'label': 'B' - } - } - }, - 'uuid_field': { - 'type': 'string', - 'required': True, - 'read_only': False, - 'label': 'UUID field' - } - } - } - } - assert response.status_code == status.HTTP_200_OK - assert response.data == expected - def test_global_permissions(self): """ If a user does not have global permissions on an action, then any diff --git a/tests/test_model_serializer.py b/tests/test_model_serializer.py index 5b6551a986..d69f1652d4 100644 --- a/tests/test_model_serializer.py +++ b/tests/test_model_serializer.py @@ -174,7 +174,7 @@ class Meta: TestSerializer\(\): auto_field = IntegerField\(read_only=True\) big_integer_field = IntegerField\(.*\) - boolean_field = BooleanField\(default=False, required=False\) + boolean_field = BooleanField\(required=False\) char_field = CharField\(max_length=100\) comma_separated_integer_field = CharField\(max_length=100, validators=\[\]\) date_field = DateField\(\) @@ -183,7 +183,7 @@ class Meta: email_field = EmailField\(max_length=100\) float_field = FloatField\(\) integer_field = IntegerField\(.*\) - null_boolean_field = BooleanField\(allow_null=True, default=False, required=False\) + null_boolean_field = BooleanField\(allow_null=True, required=False\) positive_integer_field = IntegerField\(.*\) positive_small_integer_field = IntegerField\(.*\) slug_field = SlugField\(allow_unicode=False, max_length=100\) @@ -210,7 +210,7 @@ class Meta: length_limit_field = CharField\(max_length=12, min_length=3\) blank_field = CharField\(allow_blank=True, max_length=10, required=False\) null_field = IntegerField\(allow_null=True,.*required=False\) - default_field = IntegerField\(default=0,.*required=False\) + default_field = IntegerField\(.*required=False\) descriptive_field = IntegerField\(help_text='Some help text', label='A label'.*\) choices_field = ChoiceField\(choices=(?:\[|\()\('red', 'Red'\), \('blue', 'Blue'\), \('green', 'Green'\)(?:\]|\))\) text_choices_field = ChoiceField\(choices=(?:\[|\()\('red', 'Red'\), \('blue', 'Blue'\), \('green', 'Green'\)(?:\]|\))\) diff --git a/tests/test_permissions.py b/tests/test_permissions.py index 428480dc7e..aefff981ee 100644 --- a/tests/test_permissions.py +++ b/tests/test_permissions.py @@ -80,8 +80,7 @@ def setUp(self): user.user_permissions.set([ Permission.objects.get(codename='add_basicmodel'), Permission.objects.get(codename='change_basicmodel'), - Permission.objects.get(codename='delete_basicmodel'), - Permission.objects.get(codename='view_basicmodel') + Permission.objects.get(codename='delete_basicmodel') ]) user = User.objects.create_user('updateonly', 'updateonly@example.com', 'password') @@ -140,15 +139,6 @@ def test_get_queryset_has_create_permissions(self): response = get_queryset_list_view(request, pk=1) self.assertEqual(response.status_code, status.HTTP_201_CREATED) - def test_has_get_permissions(self): - request = factory.get('/', HTTP_AUTHORIZATION=self.permitted_credentials) - response = root_view(request) - self.assertEqual(response.status_code, status.HTTP_200_OK) - - request = factory.get('/1', HTTP_AUTHORIZATION=self.updateonly_credentials) - response = root_view(request, pk=1) - self.assertEqual(response.status_code, status.HTTP_200_OK) - def test_has_put_permissions(self): request = factory.put('/1', {'text': 'foobar'}, format='json', HTTP_AUTHORIZATION=self.permitted_credentials) @@ -166,15 +156,6 @@ def test_does_not_have_create_permissions(self): response = root_view(request, pk=1) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - def test_does_not_have_get_permissions(self): - request = factory.get('/', HTTP_AUTHORIZATION=self.disallowed_credentials) - response = root_view(request) - self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - - request = factory.get('/1', HTTP_AUTHORIZATION=self.disallowed_credentials) - response = root_view(request, pk=1) - self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) - def test_does_not_have_put_permissions(self): request = factory.put('/1', {'text': 'foobar'}, format='json', HTTP_AUTHORIZATION=self.disallowed_credentials) diff --git a/tests/test_prefetch_related.py b/tests/test_prefetch_related.py index 8e7bcf4ace..b07087c978 100644 --- a/tests/test_prefetch_related.py +++ b/tests/test_prefetch_related.py @@ -1,5 +1,4 @@ from django.contrib.auth.models import Group, User -from django.db.models.query import Prefetch from django.test import TestCase from rest_framework import generics, serializers @@ -9,84 +8,51 @@ class UserSerializer(serializers.ModelSerializer): - permissions = serializers.SerializerMethodField() - - def get_permissions(self, obj): - ret = [] - for g in obj.groups.all(): - ret.extend([p.pk for p in g.permissions.all()]) - return ret - class Meta: model = User - fields = ('id', 'username', 'email', 'groups', 'permissions') - - -class UserRetrieveUpdate(generics.RetrieveUpdateAPIView): - queryset = User.objects.exclude(username='exclude').prefetch_related( - Prefetch('groups', queryset=Group.objects.exclude(name='exclude')), - 'groups__permissions', - ) - serializer_class = UserSerializer + fields = ('id', 'username', 'email', 'groups') -class UserUpdateWithoutPrefetchRelated(generics.UpdateAPIView): - queryset = User.objects.exclude(username='exclude') +class UserUpdate(generics.UpdateAPIView): + queryset = User.objects.exclude(username='exclude').prefetch_related('groups') serializer_class = UserSerializer class TestPrefetchRelatedUpdates(TestCase): def setUp(self): self.user = User.objects.create(username='tom', email='tom@example.com') - self.groups = [Group.objects.create(name=f'group {i}') for i in range(10)] + self.groups = [Group.objects.create(name='a'), Group.objects.create(name='b')] self.user.groups.set(self.groups) - self.user.groups.add(Group.objects.create(name='exclude')) - self.expected = { - 'id': self.user.pk, - 'username': 'tom', - 'groups': [group.pk for group in self.groups], - 'email': 'tom@example.com', - 'permissions': [], - } - self.view = UserRetrieveUpdate.as_view() def test_prefetch_related_updates(self): - self.groups.append(Group.objects.create(name='c')) - request = factory.put( - '/', {'username': 'new', 'groups': [group.pk for group in self.groups]}, format='json' - ) - self.expected['username'] = 'new' - self.expected['groups'] = [group.pk for group in self.groups] - response = self.view(request, pk=self.user.pk) - assert User.objects.get(pk=self.user.pk).groups.count() == 12 - assert response.data == self.expected - # Update and fetch should get same result - request = factory.get('/') - response = self.view(request, pk=self.user.pk) - assert response.data == self.expected + view = UserUpdate.as_view() + pk = self.user.pk + groups_pk = self.groups[0].pk + request = factory.put('/', {'username': 'new', 'groups': [groups_pk]}, format='json') + response = view(request, pk=pk) + assert User.objects.get(pk=pk).groups.count() == 1 + expected = { + 'id': pk, + 'username': 'new', + 'groups': [1], + 'email': 'tom@example.com' + } + assert response.data == expected def test_prefetch_related_excluding_instance_from_original_queryset(self): """ Regression test for https://github.com/encode/django-rest-framework/issues/4661 """ - request = factory.put( - '/', {'username': 'exclude', 'groups': [self.groups[0].pk]}, format='json' - ) - response = self.view(request, pk=self.user.pk) - assert User.objects.get(pk=self.user.pk).groups.count() == 2 - self.expected['username'] = 'exclude' - self.expected['groups'] = [self.groups[0].pk] - assert response.data == self.expected - - def test_db_query_count(self): - request = factory.put( - '/', {'username': 'new'}, format='json' - ) - with self.assertNumQueries(7): - self.view(request, pk=self.user.pk) - - request = factory.put( - '/', {'username': 'new2'}, format='json' - ) - with self.assertNumQueries(16): - UserUpdateWithoutPrefetchRelated.as_view()(request, pk=self.user.pk) + view = UserUpdate.as_view() + pk = self.user.pk + groups_pk = self.groups[0].pk + request = factory.put('/', {'username': 'exclude', 'groups': [groups_pk]}, format='json') + response = view(request, pk=pk) + assert User.objects.get(pk=pk).groups.count() == 1 + expected = { + 'id': pk, + 'username': 'exclude', + 'groups': [1], + 'email': 'tom@example.com' + } + assert response.data == expected diff --git a/tests/test_validation_error.py b/tests/test_validation_error.py index 7b8b3190fa..341c4342a5 100644 --- a/tests/test_validation_error.py +++ b/tests/test_validation_error.py @@ -109,89 +109,3 @@ def test_validation_error_details(self): assert len(error.detail) == 2 assert str(error.detail[0]) == 'message1' assert str(error.detail[1]) == 'message2' - - -class TestValidationErrorWithDjangoStyle(TestCase): - def test_validation_error_details(self): - error = ValidationError('Invalid value: %(value)s', params={'value': '42'}) - assert str(error.detail[0]) == 'Invalid value: 42' - - def test_validation_error_details_tuple(self): - error = ValidationError( - detail=('Invalid value: %(value1)s', 'Invalid value: %(value2)s'), - params={'value1': '42', 'value2': '43'}, - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 2 - assert str(error.detail[0]) == 'Invalid value: 42' - assert str(error.detail[1]) == 'Invalid value: 43' - - def test_validation_error_details_list(self): - error = ValidationError( - detail=['Invalid value: %(value1)s', 'Invalid value: %(value2)s', ], - params={'value1': '42', 'value2': '43'} - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 2 - assert str(error.detail[0]) == 'Invalid value: 42' - assert str(error.detail[1]) == 'Invalid value: 43' - - def test_validation_error_details_validation_errors(self): - error = ValidationError( - detail=ValidationError( - detail='Invalid value: %(value1)s', - params={'value1': '42'}, - ), - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 1 - assert str(error.detail[0]) == 'Invalid value: 42' - - def test_validation_error_details_validation_errors_list(self): - error = ValidationError( - detail=[ - ValidationError( - detail='Invalid value: %(value1)s', - params={'value1': '42'}, - ), - ValidationError( - detail='Invalid value: %(value2)s', - params={'value2': '43'}, - ), - 'Invalid value: %(value3)s' - ], - params={'value3': '44'} - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 3 - assert str(error.detail[0]) == 'Invalid value: 42' - assert str(error.detail[1]) == 'Invalid value: 43' - assert str(error.detail[2]) == 'Invalid value: 44' - - def test_validation_error_details_validation_errors_nested_list(self): - error = ValidationError( - detail=[ - ValidationError( - detail='Invalid value: %(value1)s', - params={'value1': '42'}, - ), - ValidationError( - detail=[ - 'Invalid value: %(value2)s', - ValidationError( - detail='Invalid value: %(value3)s', - params={'value3': '44'}, - ) - ], - params={'value2': '43'}, - ), - 'Invalid value: %(value4)s' - ], - params={'value4': '45'} - ) - assert isinstance(error.detail, list) - assert len(error.detail) == 4 - assert str(error.detail[0]) == 'Invalid value: 42' - assert str(error.detail[1]) == 'Invalid value: 43' - assert str(error.detail[2]) == 'Invalid value: 44' - assert str(error.detail[3]) == 'Invalid value: 45' diff --git a/tests/test_versioning.py b/tests/test_versioning.py index 1ccecae0bf..b216461840 100644 --- a/tests/test_versioning.py +++ b/tests/test_versioning.py @@ -272,7 +272,7 @@ class FakeResolverMatch(ResolverMatch): assert response.status_code == status.HTTP_404_NOT_FOUND -class TestAcceptHeaderAllowedAndDefaultVersion: +class TestAllowedAndDefaultVersion: def test_missing_without_default(self): scheme = versioning.AcceptHeaderVersioning view = AllowedVersionsView.as_view(versioning_class=scheme) @@ -318,97 +318,6 @@ def test_missing_with_default_and_none_allowed(self): assert response.data == {'version': 'v2'} -class TestNamespaceAllowedAndDefaultVersion: - def test_no_namespace_without_default(self): - class FakeResolverMatch: - namespace = None - - scheme = versioning.NamespaceVersioning - view = AllowedVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_404_NOT_FOUND - - def test_no_namespace_with_default(self): - class FakeResolverMatch: - namespace = None - - scheme = versioning.NamespaceVersioning - view = AllowedAndDefaultVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': 'v2'} - - def test_no_match_without_default(self): - class FakeResolverMatch: - namespace = 'no_match' - - scheme = versioning.NamespaceVersioning - view = AllowedVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_404_NOT_FOUND - - def test_no_match_with_default(self): - class FakeResolverMatch: - namespace = 'no_match' - - scheme = versioning.NamespaceVersioning - view = AllowedAndDefaultVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': 'v2'} - - def test_with_default(self): - class FakeResolverMatch: - namespace = 'v1' - - scheme = versioning.NamespaceVersioning - view = AllowedAndDefaultVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': 'v1'} - - def test_no_match_without_default_but_none_allowed(self): - class FakeResolverMatch: - namespace = 'no_match' - - scheme = versioning.NamespaceVersioning - view = AllowedWithNoneVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': None} - - def test_no_match_with_default_and_none_allowed(self): - class FakeResolverMatch: - namespace = 'no_match' - - scheme = versioning.NamespaceVersioning - view = AllowedWithNoneAndDefaultVersionsView.as_view(versioning_class=scheme) - - request = factory.get('/endpoint/') - request.resolver_match = FakeResolverMatch - response = view(request) - assert response.status_code == status.HTTP_200_OK - assert response.data == {'version': 'v2'} - - class TestHyperlinkedRelatedField(URLPatternsTestCase, APITestCase): included = [ path('namespaced//', dummy_pk_view, name='namespaced'),