Re: Best way to add bulk operation routes under standard ModelViewSet route

2019-02-16 Thread Chris Foresman 
I agree with Carlton. While separate APIViews does lead to more code, I prefer 
it because “explicit is better than implicit.” If you have a clear path from 
the route to the class that implements the functionality, I find it much easier 
to maintain and modify it later. IME ViewSets are a convenience that does a lot 
of magic for you, but once you start twisting them much beyond basic CRUD 
operations, it can start down a dark, twisty path that could be hard for the 
next developer—which could always be your future self—to navigate. 

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Encode and shorten UUIDs in URLs

2018-08-24 Thread Chris Foresman 
Yes, this is a better idea than mine.

On Fri, Aug 24, 2018 at 8:17 AM gordon  wrote:

> You could also make a custom uuid field that handles this.  Use a uuid
> subclass that uses base 58 for string conversion. And then convert to
> correct database representation in the field methods
>
> On Fri, Aug 24, 2018, 9:13 AM Chris Foresman  wrote:
>
>> It almost sounds like you'd need to patch Django's URL resolver to look
>> for capture groups that might be a primary key, and then base58 decode the
>> value before passing it as a value to the view method being called. Then
>> you would need to write your own function, `my_reverse`, which would look
>> for kwargs that would be primary keys, and base58 encode them before
>> passing them on to reverse and then returning that.
>
>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django REST framework" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-rest-framework+unsubscr...@googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Django REST framework" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/django-rest-framework/ePEfWaamnxA/unsubscribe
> .
> To unsubscribe from this group and all its topics, send an email to
> django-rest-framework+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Encode and shorten UUIDs in URLs

2018-08-24 Thread Chris Foresman 
It almost sounds like you'd need to patch Django's URL resolver to look for 
capture groups that might be a primary key, and then base58 decode the value 
before passing it as a value to the view method being called. Then you would 
need to write your own function, `my_reverse`, which would look for kwargs that 
would be primary keys, and base58 encode them before passing them on to reverse 
and then returning that.

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Help on structure for routes with multiple lookup arguments, FK models, e.g. /labs/1/parameters/1

2017-12-15 Thread Chris Foresman 
Honestly, there probably is a way to do it with viewsets if you override enough 
stuff but I've personally never used viewsets. It's probably like 10 lines of 
"custom" code to do with with a CreateListView and a ReadUpdateDeleteView (or 
whatever hey are called, I can't remember ATM).

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Help on structure for routes with multiple lookup arguments, FK models, e.g. /labs/1/parameters/1

2017-12-14 Thread Chris Foresman 
Is there some reason you can't get both numbers from the URL and use them for 
the relevant query? I mean, you may not be able to use default routers, but you 
can still use CBV and customize them. 

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django rest framework serializer.save() return “Invalid data. Expected a dictionary, but got group”

2017-11-07 Thread Chris Foresman 
It might help to see how your models are arranged, but are you trying to 
_create_ a new Log that has a specific group attached to it? Because the 
serializer you've defined doesn't handle that case, I don't think. But, try 
this:

data = {
   "group": {
   "id": group.pk,
   "name": group.name,
   },
   # other relavant fields here
}



On Monday, November 6, 2017 at 10:22:00 PM UTC-6, Gary Ng wrote:
>
> There is a route /group/task, every time it is called, the log will be 
> generated.
>
> This is views.py
>
> class GroupViewSet(viewsets.ViewSet):
> 
> @detail_route(methods=['post'], url_path='task')
> def get_task(self, request, pk=None):
> group = get_object_or_404(Group, pk=pk)
> #group = ServerSerializer(group) <--- tried but not work
>
> data = {
> "group": group,
> #"group": group.data, <--- tried but not work
> }
> log_serializer = LogSerializer(data=data)
> if log_serializer.is_valid(raise_exception=True):
> log_serializer.save()
>
>
> This is serializer.py
>
> class GroupSerializer(serializers.ModelSerializer):
> class Meta:
> model = Group
> fields = ('id', 'name')
>
> class LogSerializer(serializers.ModelSerializer):
> group = GroupSerializer()
> class Meta:
> model = Log
> fields = ('group', 'created')
>
>
> The post responese:
>
> {
> "group": {
> "non_field_errors": [
> "Invalid data. Expected a dictionary, but got group."
> ]
> }}
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: MkDocs logo

2016-09-29 Thread Chris Foresman 
So far, MkDocs has 47% of the vote!


On Wednesday, September 28, 2016 at 5:26:05 PM UTC-5, Tom Christie wrote:
>
> Slight aside, this, but related...
>
> A designer is offering a logo redesign for MkDocs, the documentation tool 
> that we use for REST framework, and that was originally built specifically 
> for REST framework's documentation.
>
> Would appreciate your support if you'd like to see MkDocs get a bit of 
> design love (I very much would).
>
> Here's the promo - https://twitter.com/jdorfman/status/781249424488095744 
> - Just follow the link and choose one of the OSS projects.
>
> Ta,
>
>   Tom
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Authenticate external Django app to use the API

2016-07-13 Thread Chris Foresman 
The complication you have here is that Django's auth system is entirely 
built around users. Once you auth a request, an instance if either Django's 
built-in auth.User or your own custom User as attached to the request. If 
Site A's endpoint does NOT require any connection to an existing user, you 
could create a custom auth system as you described. But all the permissions 
checking revolves around the auth'd user, so you'd basically end up having 
to allow anonymous users (i.e. non-auth'd requests) to access that 
endpoint. I don't see a good way to really avoid creating a pseudo-user in 
this instance. But it's fairly trivial to do, and you can assign it an 
"unusable" password 
(https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#django.contrib.auth.hashers.make_password)
 
and generate an API token for that pseudo user that never expires. That way 
someone could never log in as that pseudo-user accidentally.

Hope that helps.

On Tuesday, July 12, 2016 at 5:46:50 PM UTC-5, Christine Pan wrote:
>
> Hi there,
>
> I have two Django web applications hosted on different domains. Site A has 
> an API endpoint that creates a model instance. Site B needs to be able to 
> access this endpoint on Site A. What is the best way to authenticate Site B 
> to use Site A's API? I've read custom-authentication 
> 
>  in 
> the docs and it seems authentication depends on whether the entity trying 
> to be authenticated is a user on Site A. As I have users representing 
> actual persons already in Site A's Django database, I would like to avoid 
> creating a "pseudo-user" to represent Site B. Are there any suggestions on 
> how to best design this authentication?
>
> My initial idea is to assign Site B credentials, create a custom 
> authentication class on Site A and attach it to the endpoint.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Rolling over an authtoken

2016-07-11 Thread Chris Foresman 
I'd also add that it's pretty trivial to write your own implementation. We 
did this at my last job, since we needed to maintain multiple tokens to 
allow users to log in from both mobile and web simultaneously. Definitely 
use a third-party one if it suits your needs and is well-tested, but it's 
really easy to roll your own if you need to.



On Monday, July 11, 2016 at 4:29:47 AM UTC-5, Tom Christie wrote:
>
> AuthToken is just a simplest-possible implementation.
> For more mature alternatives it's worth looking at the available 
> third-party packages, in particular the JWT package.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: authenticate_credentials method raises an exception

2016-07-06 Thread Chris Foresman 
Actually, I see where the confusion is. Here is the recommended pattern for 
authentication backends 
<http://www.django-rest-framework.org/api-guide/authentication/#custom-authentication>,
 
which the included TokenAuthentication follows:

In some circumstances instead of returning None, you may want to raise an 
> AuthenticationFailed exception from the .authenticate() method.
> Typically the approach you should take is:
>
>- If authentication is not attempted, return None. Any other 
>authentication schemes also in use will still be checked.
>
>
>- If authentication is attempted but fails, raise a 
>AuthenticationFailed exception. An error response will be returned 
>immediately, regardless of any permissions checks, and without checking 
> any 
>other authentication schemes.
>
> So, because a request has a token, the authentication is checked. However, 
because the token in invalid, the AuthenticationFailed exception is raised, 
which triggers and error response immediately, regardless of permissions. 
So, if you wanted to change that behavior, you could subclass 
TokenAuthentication and override .authenticate() to return None instead of 
raising the exception.



On Wednesday, July 6, 2016 at 10:43:48 AM UTC-5, Chris Foresman wrote:
>
> From the documentation (
> http://www.django-rest-framework.org/api-guide/authentication/):
>
> *Note:* Don't forget that *authentication by itself won't allow or 
>> disallow an incoming request*, it simply identifies the credentials that 
>> the request was made with.
>> ...
>> If no class authenticates, request.user will be set to an instance of 
>> django.contrib.auth.models.AnonymousUser, and request.auth will be set 
>> to None.
>
>
> Are you finding an instance where this is not the case? Can you post/link 
> to some sample code to discuss further?
>
>
>
> On Tuesday, July 5, 2016 at 4:20:53 PM UTC-5, Nadya Ionova wrote:
>>
>>
>> Hi, 
>>
>>  
>>
>> Can anybody explain, why TokenAuthentication.authenticate_credentials 
>> method raises an AuthenticationFailed exception?   
>>
>> Seems, since it is an authentication method, it shouldn’t allow or 
>> disallow an incoming request. 
>>
>> On practice, user can have invalid token in cookies, but he/she still 
>> should have access to AllowAny pages, for example. 
>>
>>
>> Thanks for any thoughts
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: authenticate_credentials method raises an exception

2016-07-06 Thread Chris Foresman 
>From the documentation 
(http://www.django-rest-framework.org/api-guide/authentication/):

*Note:* Don't forget that *authentication by itself won't allow or disallow 
> an incoming request*, it simply identifies the credentials that the 
> request was made with.
> ...
> If no class authenticates, request.user will be set to an instance of 
> django.contrib.auth.models.AnonymousUser, and request.auth will be set to 
> None.


Are you finding an instance where this is not the case? Can you post/link 
to some sample code to discuss further?



On Tuesday, July 5, 2016 at 4:20:53 PM UTC-5, Nadya Ionova wrote:
>
>
> Hi, 
>
>  
>
> Can anybody explain, why TokenAuthentication.authenticate_credentials 
> method raises an AuthenticationFailed exception?   
>
> Seems, since it is an authentication method, it shouldn’t allow or 
> disallow an incoming request. 
>
> On practice, user can have invalid token in cookies, but he/she still 
> should have access to AllowAny pages, for example. 
>
>
> Thanks for any thoughts
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Markdown and API

2016-05-13 Thread Chris Foresman 
It's not clear at all what you expect to happen. Can you describe  your 
desired output a little more clearly?



On Wednesday, May 11, 2016 at 12:07:29 PM UTC-5, Pete LoGiudice wrote:
>
> I'm back to visiting with DRF and have my browseable api working.
>
> I installed markdown and django-filter with pip, but I have no clue how to 
> use them in the API to make the result show up when I go to my web site and 
> view it.  The text shows up with no formatting and markdown i.e. *Test* 
> shows up instead of *Test*.
>
> What am I missing here?
>
> Thanks,
>
> Pete
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django REST framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-rest-framework+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.