Skip to content

Instantly share code, notes, and snippets.


Tom Christie tomchristie

Block or report user

Report or block tomchristie

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View gist:4030676


The root QuerySet provided by the Manager describes all objects in the database table. Usually, though, you'll need to select only a subset of the complete set of objects.

— [Django documentation][cite]

The default behavior of REST framework's generic list views is to return the entire queryset for a model manager. Often you will want your API to restrict the items that are returned by the queryset.

The simplest way to filter the queryset of any view that subclasses MultipleObjectAPIView is to override the .get_queryset() method.

tomchristie / gist:4285537
Created Dec 14, 2012
REST framework. CSRF
View gist:4285537
[13:33:03] <mikeywaites> whats the prefered way to disable csrf for resources?
[13:33:09] <mikeywaites> in v2.x
[13:33:47] <mikeywaites> ping tomchristie
[13:36:06] <tomchristie> mikeywaites: This needs docs.
[13:36:25] <tomchristie> If your using SessionAuthentication answer is dont do that.
[13:36:38] <tomchristie> If you using any other auth, csrf wont apply
[13:36:54] <tomchristie> Django docs have a section on using CSRF with AJAX
[13:37:23] <tomchristie> If you really want to be bad best answer would be use a custom auth
[13:37:37] <tomchristie> Crib from the session auth, and just drop the bit that performs CSRF
View gist:4568318
# Explicit registry
router = DefaultRouter()
router.register(r'^snippets/', resources.SnippetResource, 'snippet')
router.register(r'^users/', resources.UserResource, 'user')
urlpatterns = router.urlpatterns
# Auto register
router = DefaultRouter()
urlpatterns = router.urlpatterns
View gist:4595956
class LinksSerializer(serializers.Serializer):
next = pagination.NextPageField(source='*')
prev = pagination.PreviousPageField(source='*')
def field_to_native(self, obj, field_name):
if self.source == '*':
return self.to_native(obj)
return super(self, LinksSerializer).field_to_native(obj, field_name)
View gist:4608048
class IsOwner(permissions.BasePermission):
Custom permission to only allow owners of an object to edit it.
def has_permission(self, request, view, obj=None):
# Skip the check unless this is an object-level test
if obj is None:
return True
View gist:4664015
class NoCSRFSessionAuthentication(BaseAuthentication):
Use Django's session framework for authentication.
def authenticate(self, request):
Returns a `User` if the request session currently has a logged in user.
Otherwise returns `None`.
View gist:5012840
def field_from_native(self, data, files, field_name, into):
View gist:5262680
from rest_framework import serializers
stuff = {'name': 'toran', 'other_content': {'foo': 'things', 'bar': 'stuff'}}
class ExampleSerializer(serializers.Serializer):
name = serializers.Field()
foo = serializers.Field(source='')
bar = serializers.Field(source='')
serializer = ExampleSerializer(stuff)
View gist:5290867
# ``
@api_view(['GET', 'POST']) # Or whatever methods the view should support.
def whatever(request):
return Response(some_data) # `some_data` should be any native python json-serializable stuff.
# ``
View gist:5301151
from rest_framework import exceptions
data = request.DATA
except exceptions.ParseError
data = '[Invalid data in request]'
You can’t perform that action at this time.