coderanger
diff --git a/‎api-guide/fields/index.html
Lines changed: 7 additions & 2 deletions b/‎api-guide/fields/index.html
Lines changed: 7 additions & 2 deletions
diff --git a/‎api-guide/filtering/index.html
Lines changed: 1 addition & 1 deletion b/‎api-guide/filtering/index.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎api-guide/generic-views/index.html
Lines changed: 3 additions & 0 deletions b/‎api-guide/generic-views/index.html
Lines changed: 3 additions & 0 deletions
diff --git a/‎api-guide/pagination/index.html
Lines changed: 1 addition & 1 deletion b/‎api-guide/pagination/index.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎api-guide/permissions/index.html
Lines changed: 3 additions & 3 deletions b/‎api-guide/permissions/index.html
Lines changed: 3 additions & 3 deletions
diff --git a/‎api-guide/relations/index.html
Lines changed: 25 additions & 0 deletions b/‎api-guide/relations/index.html
Lines changed: 25 additions & 0 deletions
diff --git a/‎api-guide/serializers/index.html
Lines changed: 14 additions & 2 deletions b/‎api-guide/serializers/index.html
Lines changed: 14 additions & 2 deletions
diff --git a/‎api-guide/testing/index.html
Lines changed: 2 additions & 2 deletions b/‎api-guide/testing/index.html
Lines changed: 2 additions & 2 deletions
diff --git a/‎api-guide/views/index.html
Lines changed: 1 addition & 0 deletions b/‎api-guide/views/index.html
Lines changed: 1 addition & 0 deletions
diff --git a/‎api-guide/viewsets/index.html
Lines changed: 1 addition & 1 deletion b/‎api-guide/viewsets/index.html
Lines changed: 1 addition & 1 deletion
@@ -683,7 +683,12 @@ <h3 id="allow_null"><a class="toclink" href="#allow_null"><code>allow_null</code
 <p>Note that, without an explicit <code>default</code>, setting this argument to <code>True</code> will imply a <code>default</code> value of <code>null</code> for serialization output, but does not imply a default for input deserialization.</p>
 <p>Defaults to <code>False</code></p>
 <h3 id="source"><a class="toclink" href="#source"><code>source</code></a></h3>
-<p>The name of the attribute that will be used to populate the field.  May be a method that only takes a <code>self</code> argument, such as <code>URLField(source='get_absolute_url')</code>, or may use dotted notation to traverse attributes, such as <code>EmailField(source='user.email')</code>. When serializing fields with dotted notation, it may be necessary to provide a <code>default</code> value if any object is not present or is empty during attribute traversal.</p>
+<p>The name of the attribute that will be used to populate the field.  May be a method that only takes a <code>self</code> argument, such as <code>URLField(source='get_absolute_url')</code>, or may use dotted notation to traverse attributes, such as <code>EmailField(source='user.email')</code>. </p>
+<p>When serializing fields with dotted notation, it may be necessary to provide a <code>default</code> value if any object is not present or is empty during attribute traversal. Beware of possible n+1 problems when using source attribute if you are accessing a relational orm model. For example:</p>
+<pre><code>class CommentSerializer(serializers.Serializer):
+    email = serializers.EmailField(source="user.email")
+</code></pre>
+<p>would require user object to be fetched from database when it is not prefetched. If that is not wanted, be sure to be using <code>prefetch_related</code> and <code>select_related</code> methods appropriately. For more information about the methods refer to <a href="https://docs.djangoproject.com/en/3.1/ref/models/querysets/#django.db.models.query.QuerySet.select_related">django documentation</a>.</p>
 <p>The value <code>source='*'</code> has a special meaning, and is used to indicate that the entire object should be passed through to the field.  This can be useful for creating nested representations, or for fields which require access to the complete object in order to determine the output representation.</p>
 <p>Defaults to the name of the field.</p>
 <h3 id="validators"><a class="toclink" href="#validators"><code>validators</code></a></h3>
@@ -850,7 +855,7 @@ <h2 id="datetimefield"><a class="toclink" href="#datetimefield">DateTimeField</a
 <ul>
 <li><code>format</code> - A string representing the output format. If not specified, this defaults to the same value as the <code>DATETIME_FORMAT</code> settings key, which will be <code>'iso-8601'</code> unless set. Setting to a format string indicates that <code>to_representation</code> return values should be coerced to string output. Format strings are described below. Setting this value to <code>None</code> indicates that Python <code>datetime</code> objects should be returned by <code>to_representation</code>. In this case the datetime encoding will be determined by the renderer.</li>
 <li><code>input_formats</code> - A list of strings representing the input formats which may be used to parse the date.  If not specified, the <code>DATETIME_INPUT_FORMATS</code> setting will be used, which defaults to <code>['iso-8601']</code>.</li>
-<li><code>default_timezone</code> - A <code>pytz.timezone</code> representing the timezone. If not specified and the <code>USE_TZ</code> setting is enabled, this defaults to the <a href="https://docs.djangoproject.com/en/stable/topics/i18n/timezones/#default-time-zone-and-current-time-zone">current timezone</a>. If <code>USE_TZ</code> is disabled, then datetime objects will be naive.</li>
+<li><code>default_timezone</code> - A <code>tzinfo</code> subclass (<code>zoneinfo</code> or <code>pytz</code>) prepresenting the timezone. If not specified and the <code>USE_TZ</code> setting is enabled, this defaults to the <a href="https://docs.djangoproject.com/en/stable/topics/i18n/timezones/#default-time-zone-and-current-time-zone">current timezone</a>. If <code>USE_TZ</code> is disabled, then datetime objects will be naive.</li>
 </ul>
 <h4 id="datetimefield-format-strings"><a class="toclink" href="#datetimefield-format-strings"><code>DateTimeField</code> format strings.</a></h4>
 <p>Format strings may either be <a href="https://docs.python.org/3/library/datetime.html#strftime-and-strptime-behavior">Python strftime formats</a> which explicitly specify the format, or the special string <code>'iso-8601'</code>, which indicates that <a href="https://www.w3.org/TR/NOTE-datetime">ISO 8601</a> style datetimes should be used. (eg <code>'2013-01-29T12:34:56.000000Z'</code>)</p>
 
@@ -703,7 +703,7 @@ <h2 id="searchfilter"><a class="toclink" href="#searchfilter">SearchFilter</a></
     def get_search_fields(self, view, request):
         if request.query_params.get('title_only'):
             return ['title']
-        return super(CustomSearchFilter, self).get_search_fields(view, request)
+        return super().get_search_fields(view, request)
 </code></pre>
 <p>For more details, see the <a href="https://docs.djangoproject.com/en/stable/ref/contrib/admin/#django.contrib.admin.ModelAdmin.search_fields">Django documentation</a>.</p>
 <hr />
 
@@ -615,6 +615,9 @@ <h4 id="get_querysetself"><a class="toclink" href="#get_querysetself"><code>get_
     user = self.request.user
     return user.accounts.all()
 </code></pre>
+<hr />
+<p><strong>Note:</strong> If the serializer_class used in the generic view spans orm relations, leading to an n+1 problem, you could optimize your queryset in this method using <code>select_related</code> and <code>prefetch_related</code>. To get more information about n+1 problem and use cases of the mentioned methods refer to related section in <a href="https://docs.djangoproject.com/en/3.1/ref/models/querysets/#django.db.models.query.QuerySet.select_related">django documentation</a>.</p>
+<hr />
 <h4 id="get_objectself"><a class="toclink" href="#get_objectself"><code>get_object(self)</code></a></h4>
 <p>Returns an object instance that should be used for detail views.  Defaults to using the <code>lookup_field</code> parameter to filter the base queryset.</p>
 <p>May be overridden to provide more complex behavior, such as object lookups based on more than one URL kwarg.</p>
 
@@ -729,7 +729,7 @@ <h2 id="drf-extensions"><a class="toclink" href="#drf-extensions">DRF-extensions
 <h2 id="drf-proxy-pagination"><a class="toclink" href="#drf-proxy-pagination">drf-proxy-pagination</a></h2>
 <p>The <a href="https://github.com/tuffnatty/drf-proxy-pagination"><code>drf-proxy-pagination</code> package</a> includes a <code>ProxyPagination</code> class which allows to choose pagination class with a query parameter.</p>
 <h2 id="link-header-pagination"><a class="toclink" href="#link-header-pagination">link-header-pagination</a></h2>
-<p>The <a href="https://github.com/tbeadle/django-rest-framework-link-header-pagination"><code>django-rest-framework-link-header-pagination</code> package</a> includes a <code>LinkHeaderPagination</code> class which provides pagination via an HTTP <code>Link</code> header as described in <a href="github-link-pagination">Github's developer documentation</a>.</p>
+<p>The <a href="https://github.com/tbeadle/django-rest-framework-link-header-pagination"><code>django-rest-framework-link-header-pagination</code> package</a> includes a <code>LinkHeaderPagination</code> class which provides pagination via an HTTP <code>Link</code> header as described in <a href="https://docs.github.com/en/rest/guides/traversing-with-pagination">GitHub REST API documentation</a>.</p>
 
 
           </div> <!--/span-->
 
@@ -543,8 +543,8 @@ <h1 id="permissions"><a class="toclink" href="#permissions">Permissions</a></h1>
 <h2 id="how-permissions-are-determined"><a class="toclink" href="#how-permissions-are-determined">How permissions are determined</a></h2>
 <p>Permissions in REST framework are always defined as a list of permission classes.</p>
 <p>Before running the main body of the view each permission in the list is checked.
-If any permission check fails an <code>exceptions.PermissionDenied</code> or <code>exceptions.NotAuthenticated</code> exception will be raised, and the main body of the view will not run.</p>
-<p>When the permissions checks fail either a "403 Forbidden" or a "401 Unauthorized" response will be returned, according to the following rules:</p>
+If any permission check fails, an <code>exceptions.PermissionDenied</code> or <code>exceptions.NotAuthenticated</code> exception will be raised, and the main body of the view will not run.</p>
+<p>When the permission checks fail, either a "403 Forbidden" or a "401 Unauthorized" response will be returned, according to the following rules:</p>
 <ul>
 <li>The request was successfully authenticated, but permission was denied. <em>&mdash; An HTTP 403 Forbidden response will be returned.</em></li>
 <li>The request was not successfully authenticated, and the highest priority authentication class <em>does not</em> use <code>WWW-Authenticate</code> headers. <em>&mdash; An HTTP 403 Forbidden response will be returned.</em></li>
@@ -753,7 +753,7 @@ <h1 id="overview-of-access-restriction-methods"><a class="toclink" href="#overvi
 <tr>
 <td>Action: list</td>
 <td>global</td>
-<td>no</td>
+<td>global</td>
 <td>object-level*</td>
 </tr>
 <tr>
 
@@ -547,6 +547,31 @@ <h1 id="serializer-relations"><a class="toclink" href="#serializer-relations">Se
 <hr />
 <p><strong>Note:</strong> The relational fields are declared in <code>relations.py</code>, but by convention you should import them from the <code>serializers</code> module, using <code>from rest_framework import serializers</code> and refer to fields as <code>serializers.&lt;FieldName&gt;</code>.</p>
 <hr />
+<hr />
+<p><strong>Note:</strong> REST Framework does not attempt to automatically optimize querysets passed to serializers in terms of <code>select_related</code> and <code>prefetch_related</code> since it would be too much magic. A serializer with a field spanning an orm relation through its source attribute could require an additional database hit to fetch related object from the database. It is the programmer's responsibility to optimize queries to avoid additional database hits which could occur while using such a serializer.</p>
+<p>For example, the following serializer would lead to a database hit each time evaluating the tracks field if it is not prefetched:</p>
+<pre><code>class AlbumSerializer(serializers.ModelSerializer):
+    tracks = serializers.SlugRelatedField(
+        many=True,
+        read_only=True,
+        slug_field='title'
+    )
+
+    class Meta:
+        model = Album
+        fields = ['album_name', 'artist', 'tracks']
+
+# For each album object, tracks should be fetched from database
+qs = Album.objects.all()
+print(AlbumSerializer(qs, many=True).data)
+</code></pre>
+<p>If <code>AlbumSerializer</code> is used to serialize a fairly large queryset with <code>many=True</code> then it could be a serious performance problem. Optimizing the queryset passed to <code>AlbumSerializer</code> with:</p>
+<pre><code>qs = Album.objects.prefetch_related('tracks')
+# No additional database hits required
+print(AlbumSerializer(qs, many=True).data)
+</code></pre>
+<p>would solve the issue.</p>
+<hr />
 <h4 id="inspecting-relationships"><a class="toclink" href="#inspecting-relationships">Inspecting relationships.</a></h4>
 <p>When using the <code>ModelSerializer</code> class, serializer fields and relationships will be automatically generated for you. Inspecting these automatically generated fields can be a useful tool for determining how to customize the relationship style.</p>
 <p>To do so, open the Django shell, using <code>python manage.py shell</code>, then import the serializer class, instantiate it, and print the object representation…</p>
 
@@ -519,6 +519,14 @@ <h3 id="myModalLabel">Documentation search</h3>
                       <a href="#allow_empty">allow_empty</a>
                     </li>
 
+                    <li>
+                      <a href="#max_length">max_length</a>
+                    </li>
+                  
+                    <li>
+                      <a href="#min_length">min_length</a>
+                    </li>
+                  
                     <li>
                       <a href="#customizing-listserializer-behavior">Customizing ListSerializer behavior</a>
                     </li>
@@ -741,7 +749,7 @@ <h2 id="saving-instances"><a class="toclink" href="#saving-instances">Saving ins
 # .save() will update the existing `comment` instance.
 serializer = CommentSerializer(comment, data=data)
 </code></pre>
-<p>Both the <code>.create()</code> and <code>.update()</code> methods are optional. You can implement either neither, one, or both of them, depending on the use-case for your serializer class.</p>
+<p>Both the <code>.create()</code> and <code>.update()</code> methods are optional. You can implement either none, one, or both of them, depending on the use-case for your serializer class.</p>
 <h4 id="passing-additional-attributes-to-save"><a class="toclink" href="#passing-additional-attributes-to-save">Passing additional attributes to <code>.save()</code></a></h4>
 <p>Sometimes you'll want your view code to be able to inject additional data at the point of saving the instance. This additional data might include information like the current user, the current time, or anything else that is not part of the request data.</p>
 <p>You can do so by including additional keyword arguments when calling <code>.save()</code>. For example:</p>
@@ -1204,6 +1212,10 @@ <h1 id="listserializer"><a class="toclink" href="#listserializer">ListSerializer
 <p>The following argument can also be passed to a <code>ListSerializer</code> field or a serializer that is passed <code>many=True</code>:</p>
 <h3 id="allow_empty"><a class="toclink" href="#allow_empty"><code>allow_empty</code></a></h3>
 <p>This is <code>True</code> by default, but can be set to <code>False</code> if you want to disallow empty lists as valid input.</p>
+<h3 id="max_length"><a class="toclink" href="#max_length"><code>max_length</code></a></h3>
+<p>This is <code>None</code> by default, but can be set to a positive integer if you want to validates that the list contains no more than this number of elements.</p>
+<h3 id="min_length"><a class="toclink" href="#min_length"><code>min_length</code></a></h3>
+<p>This is <code>None</code> by default, but can be set to a positive integer if you want to validates that the list contains no fewer than this number of elements.</p>
 <h3 id="customizing-listserializer-behavior"><a class="toclink" href="#customizing-listserializer-behavior">Customizing <code>ListSerializer</code> behavior</a></h3>
 <p>There <em>are</em> a few use cases when you might want to customize the <code>ListSerializer</code> behavior. For example:</p>
 <ul>
@@ -1483,7 +1495,7 @@ <h3 id="example"><a class="toclink" href="#example">Example</a></h3>
         fields = kwargs.pop('fields', None)
 
         # Instantiate the superclass normally
-        super(DynamicFieldsModelSerializer, self).__init__(*args, **kwargs)
+        super().__init__(*args, **kwargs)
 
         if fields is not None:
             # Drop any fields that are not specified in the `fields` argument.
 
@@ -713,7 +713,7 @@ <h2 id="csrf"><a class="toclink" href="#csrf">CSRF</a></h2>
 <p>If you're using <code>SessionAuthentication</code> then you'll need to include a CSRF token
 for any <code>POST</code>, <code>PUT</code>, <code>PATCH</code> or <code>DELETE</code> requests.</p>
 <p>You can do so by following the same flow that a JavaScript based client would use.
-First make a <code>GET</code> request in order to obtain a CRSF token, then present that
+First, make a <code>GET</code> request in order to obtain a CSRF token, then present that
 token in the following request.</p>
 <p>For example...</p>
 <pre><code>client = RequestsClient()
@@ -734,7 +734,7 @@ <h2 id="live-tests"><a class="toclink" href="#live-tests">Live tests</a></h2>
 <p>With careful usage both the <code>RequestsClient</code> and the <code>CoreAPIClient</code> provide
 the ability to write test cases that can run either in development, or be run
 directly against your staging server or production environment.</p>
-<p>Using this style to create basic tests of a few core piece of functionality is
+<p>Using this style to create basic tests of a few core pieces of functionality is
 a powerful way to validate your live service. Doing so may require some careful
 attention to setup and teardown to ensure that the tests run in a way that they
 do not directly affect customer data.</p>
 
@@ -558,6 +558,7 @@ <h2 id="api_view"><a class="toclink" href="#api_view">@api_view()</a></h2>
 <p><strong>Signature:</strong> <code>@api_view(http_method_names=['GET'])</code></p>
 <p>The core of this functionality is the <code>api_view</code> decorator, which takes a list of HTTP methods that your view should respond to. For example, this is how you would write a very simple view that just manually returns some data:</p>
 <pre><code>from rest_framework.decorators import api_view
+from rest_framework.response import Response
 
 @api_view()
 def hello_world(request):
 
@@ -587,7 +587,7 @@ <h2 id="introspecting-viewset-actions"><a class="toclink" href="#introspecting-v
     if self.action == 'list':
         permission_classes = [IsAuthenticated]
     else:
-        permission_classes = [IsAdmin]
+        permission_classes = [IsAdminUser]
     return [permission() for permission in permission_classes]
 </code></pre>
 <h2 id="marking-extra-actions-for-routing"><a class="toclink" href="#marking-extra-actions-for-routing">Marking extra actions for routing</a></h2>