Re: GSoC 2007 Status Update IV: Django REST interface
2007/8/3, Andreas Stuhlmüller <[EMAIL PROTECTED]>: > > On 7/13/07, David Larlet <[EMAIL PROTECTED]> wrote: > > * About users, how can I handle django users' permissions? John > > Sutherland had already done some work on django-crudapi [1] and it > > could be interesting to allow this access control. > > Good question. I would subclass one of the authentication classes, > e.g. HttpBasicAuthentication, and add a has_perm() check dependent on > the request method to is_authenticated(). > > Currently, REST authentication is independent from Django's > authentication middleware. It might make sense to move most of the > code in HttpBasicAuthentication and HttpDigestAuthentication to > django.contrib.auth.backends and to let the middleware do most of the > work. > Sounds good to me. > > I'm not fond of CRUD names and I prefer to keep an information on > > the HTTP verb in the function name but it's maybe personal. > > I chose the CRUD names as they better describe what the methods > actually do, but if the consensus is that it is more important to > highlight the HTTP method, I will change this. Eventually, I'm not against CRUD names but maybe we could be consistent with rails ones? > Thanks for your comments! > Thanks for your answer :) Regards, David --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: GSoC 2007 Status Update IV: Django REST interface
On 7/13/07, David Larlet <[EMAIL PROTECTED]> wrote: > * About users, how can I handle django users' permissions? John > Sutherland had already done some work on django-crudapi [1] and it > could be interesting to allow this access control. Good question. I would subclass one of the authentication classes, e.g. HttpBasicAuthentication, and add a has_perm() check dependent on the request method to is_authenticated(). Currently, REST authentication is independent from Django's authentication middleware. It might make sense to move most of the code in HttpBasicAuthentication and HttpDigestAuthentication to django.contrib.auth.backends and to let the middleware do most of the work. > I'm not fond of CRUD names and I prefer to keep an information on > the HTTP verb in the function name but it's maybe personal. I chose the CRUD names as they better describe what the methods actually do, but if the consensus is that it is more important to highlight the HTTP method, I will change this. > * About dispatch, why don't you use the __call__ trick? Fixed, thanks for the pointer. > * About verbs, I know this is not really GSoC related but what is the > recommended way to handle fake PUT and DELETE from a browser? The > HttpMethodMiddleware[4]? Maybe a simple form/deletion in the polls > application will be an interesting example for a real django case. Yes, I recommend HttpMethodsMiddleware [4]. I just added a "delete" button to the template example and verified that it works if you add HttpMethodsMiddleware to your middleware classes. Thanks for your comments! Regards, Andreas [4] http://www.djangosnippets.org/snippets/174/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
Re: GSoC 2007 Status Update IV: Django REST interface
2007/6/23, Andreas Stuhlmüller <[EMAIL PROTECTED]>: > > As always, criticism, ideas and suggestions are welcome! > Ok let's go :-) First of all, thanks for your awesome work, I eventually take time to review it and it sounds exactly what I expected. Here are some random thoughts about the current implementation: * About users, how can I handle django users' permissions? John Sutherland had already done some work on django-crudapi [1] and it could be interesting to allow this access control. * About dispatch, why don't you use the __call__ trick? Joe Gregorio uses it in djangocollection [2] and I find it really elegant. That the way Jacob Kaplan Moss describes RESTful web services in django too in the RESTful Web Services book [3] (which I recommend BTW). * About functions' names, I'm not fond of CRUD names and I prefer to keep an information on the HTTP verb in the function name but it's maybe personal. * About verbs, I know this is not really GSoC related but what is the recommended way to handle fake PUT and DELETE from a browser? The HttpMethodMiddleware[4]? Maybe a simple form/deletion in the polls application will be an interesting example for a real django case. Best regards, David [1] http://django-crudapi.googlecode.com/svn/trunk/views.py [2] http://djangocollection.googlecode.com/svn/trunk/djcollection/views.py [3] http://www.crummy.com/writing/RESTful-Web-Services/ [4] http://www.djangosnippets.org/snippets/174/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~--~~~~--~~--~--~---
