coderanger
diff --git a/‎api-guide/caching/index.html
Lines changed: 1 addition & 1 deletion b/‎api-guide/caching/index.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎api-guide/fields/index.html
Lines changed: 8 additions & 1 deletion b/‎api-guide/fields/index.html
Lines changed: 8 additions & 1 deletion
diff --git a/‎api-guide/filtering/index.html
Lines changed: 9 additions & 3 deletions b/‎api-guide/filtering/index.html
Lines changed: 9 additions & 3 deletions
diff --git a/‎api-guide/pagination/index.html
Lines changed: 1 addition & 1 deletion b/‎api-guide/pagination/index.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎api-guide/permissions/index.html
Lines changed: 15 additions & 6 deletions b/‎api-guide/permissions/index.html
Lines changed: 15 additions & 6 deletions
diff --git a/‎api-guide/relations/index.html
Lines changed: 3 additions & 3 deletions b/‎api-guide/relations/index.html
Lines changed: 3 additions & 3 deletions
diff --git a/‎api-guide/requests/index.html
Lines changed: 1 addition & 1 deletion b/‎api-guide/requests/index.html
Lines changed: 1 addition & 1 deletion
diff --git a/‎api-guide/serializers/index.html
Lines changed: 6 additions & 6 deletions b/‎api-guide/serializers/index.html
Lines changed: 6 additions & 6 deletions
@@ -436,7 +436,7 @@ <h1 id="caching"><a class="toclink" href="#caching">Caching</a></h1>
 <h2 id="using-cache-with-apiview-and-viewsets"><a class="toclink" href="#using-cache-with-apiview-and-viewsets">Using cache with apiview and viewsets</a></h2>
 <p>Django provides a <a href="https://docs.djangoproject.com/en/dev/topics/class-based-views/intro/#decorating-the-class"><code>method_decorator</code></a> to use
 decorators with class based views. This can be used with
-with other cache decorators such as <a href="https://docs.djangoproject.com/en/dev/topics/cache/#the-per-view-cache"><code>cache_page</code></a> and
+other cache decorators such as <a href="https://docs.djangoproject.com/en/dev/topics/cache/#the-per-view-cache"><code>cache_page</code></a> and
 <a href="https://docs.djangoproject.com/en/dev/topics/http/decorators/#django.views.decorators.vary.vary_on_cookie"><code>vary_on_cookie</code></a>.</p>
 <pre><code class="python">from rest_framework.response import Response
 from rest_framework.views import APIView
 
@@ -707,7 +707,14 @@ <h1 id="boolean-fields"><a class="toclink" href="#boolean-fields">Boolean fields
 <h2 id="booleanfield"><a class="toclink" href="#booleanfield">BooleanField</a></h2>
 <p>A boolean representation.</p>
 <p>When using HTML encoded form input be aware that omitting a value will always be treated as setting a field to <code>False</code>, even if it has a <code>default=True</code> option specified. This is because HTML checkbox inputs represent the unchecked state by omitting the value, so REST framework treats omission as if it is an empty checkbox input.</p>
-<p>Note that default <code>BooleanField</code> instances will be generated with a <code>required=False</code> option (since Django <code>models.BooleanField</code> is always <code>blank=True</code>). If you want to change this behaviour explicitly declare the <code>BooleanField</code> on the serializer class.</p>
+<p>Note that Django 2.1 removed the <code>blank</code> kwarg from <code>models.BooleanField</code>.
+Prior to Django 2.1 <code>models.BooleanField</code> fields were always <code>blank=True</code>. Thus
+since Django 2.1 default <code>serializers.BooleanField</code> instances will be generated
+without the <code>required</code> kwarg (i.e. equivalent to <code>required=True</code>) whereas with
+previous versions of Django, default <code>BooleanField</code> instances will be generated
+with a <code>required=False</code> option.  If you want to control this behaviour manually,
+explicitly declare the <code>BooleanField</code> on the serializer class, or use the
+<code>extra_kwargs</code> option to set the <code>required</code> flag.</p>
 <p>Corresponds to <code>django.db.models.fields.BooleanField</code>.</p>
 <p><strong>Signature:</strong> <code>BooleanField()</code></p>
 <h2 id="nullbooleanfield"><a class="toclink" href="#nullbooleanfield">NullBooleanField</a></h2>
 
@@ -616,7 +616,7 @@ <h2 id="overriding-the-initial-queryset"><a class="toclink" href="#overriding-th
     """
     model = Product
     serializer_class = ProductSerializer
-    filter_class = ProductFilter
+    filterset_class = ProductFilter
 
     def get_queryset(self):
         user = self.request.user
@@ -642,12 +642,12 @@ <h2 id="djangofilterbackend"><a class="toclink" href="#djangofilterbackend">Djan
     ...
     filter_backends = (DjangoFilterBackend,)
 </code></pre>
-<p>If all you need is simple equality-based filtering, you can set a <code>filter_fields</code> attribute on the view, or viewset, listing the set of fields you wish to filter against.</p>
+<p>If all you need is simple equality-based filtering, you can set a <code>filterset_fields</code> attribute on the view, or viewset, listing the set of fields you wish to filter against.</p>
 <pre><code>class ProductList(generics.ListAPIView):
     queryset = Product.objects.all()
     serializer_class = ProductSerializer
     filter_backends = (DjangoFilterBackend,)
-    filter_fields = ('category', 'in_stock')
+    filterset_fields = ('category', 'in_stock')
 </code></pre>
 <p>This will automatically create a <code>FilterSet</code> class for the given fields, and will allow you to make requests such as:</p>
 <pre><code>http://example.com/api/products?category=clothing&amp;in_stock=True
@@ -686,6 +686,12 @@ <h2 id="searchfilter"><a class="toclink" href="#searchfilter">SearchFilter</a></
 <pre><code>search_fields = ('=username', '=email')
 </code></pre>
 <p>By default, the search parameter is named <code>'search</code>', but this may be overridden with the <code>SEARCH_PARAM</code> setting.</p>
+<p>To dynamically change search fields based on request content, it's possible to subclass the <code>SearchFilter</code> and override the <code>get_search_fields()</code> function. For example, the following subclass will only search on <code>title</code> if the query parameter <code>title_only</code> is in the request:</p>
+<pre><code>class CustomSearchFilter(self, view, request):
+    if request.query_params.get('title_only'):
+        return ('title',)
+    return super(CustomSearchFilter, self).get_search_fields(view, request)
+</code></pre>
 <p>For more details, see the <a href="https://docs.djangoproject.com/en/stable/ref/contrib/admin/#django.contrib.admin.ModelAdmin.search_fields">Django documentation</a>.</p>
 <hr />
 <h2 id="orderingfilter"><a class="toclink" href="#orderingfilter">OrderingFilter</a></h2>
 
@@ -726,7 +726,7 @@ <h2 id="drf-extensions"><a class="toclink" href="#drf-extensions">DRF-extensions
 <h2 id="drf-proxy-pagination"><a class="toclink" href="#drf-proxy-pagination">drf-proxy-pagination</a></h2>
 <p>The <a href="https://github.com/tuffnatty/drf-proxy-pagination"><code>drf-proxy-pagination</code> package</a> includes a <code>ProxyPagination</code> class which allows to choose pagination class with a query parameter.</p>
 <h2 id="link-header-pagination"><a class="toclink" href="#link-header-pagination">link-header-pagination</a></h2>
-<p>The <a href="https://github.com/tbeadle/django-rest-framework-link-header-pagination"><code>django-rest-framework-link-header-pagination</code> package</a> includes a <code>LinkHeaderPagination</code> class which provides pagination via an HTTP <code>Link</code> header as desribed in <a href="../github-link-pagination">Github's developer documentation</a>.</p>
+<p>The <a href="https://github.com/tbeadle/django-rest-framework-link-header-pagination"><code>django-rest-framework-link-header-pagination</code> package</a> includes a <code>LinkHeaderPagination</code> class which provides pagination via an HTTP <code>Link</code> header as described in <a href="../github-link-pagination">Github's developer documentation</a>.</p>
 
 
           </div> <!--/span-->
 
@@ -484,7 +484,7 @@ <h3 id="myModalLabel">Documentation search</h3>
                     </li>
 
                     <li>
-                      <a href="#django-rest-framework-api-key">Django Rest Framework API Key</a>
+                      <a href="#django-rest-framework-api-key">Django REST Framework API Key</a>
                     </li>
 
                     <li>
@@ -519,8 +519,8 @@ <h1 id="permissions"><a class="toclink" href="#permissions">Permissions</a></h1>
 </blockquote>
 <p>Together with <a href="../authentication/">authentication</a> and <a href="../throttling/">throttling</a>, permissions determine whether a request should be granted or denied access.</p>
 <p>Permission checks are always run at the very start of the view, before any other code is allowed to proceed.  Permission checks will typically use the authentication information in the <code>request.user</code> and <code>request.auth</code> properties to determine if the incoming request should be permitted.</p>
-<p>Permissions are used to grant or deny access different classes of users to different parts of the API.</p>
-<p>The simplest style of permission would be to allow access to any authenticated user, and deny access to any unauthenticated user. This corresponds the <code>IsAuthenticated</code> class in REST framework.</p>
+<p>Permissions are used to grant or deny access for different classes of users to different parts of the API.</p>
+<p>The simplest style of permission would be to allow access to any authenticated user, and deny access to any unauthenticated user. This corresponds to the <code>IsAuthenticated</code> class in REST framework.</p>
 <p>A slightly less strict style of permission would be to allow full access to authenticated users, but allow read-only access to unauthenticated users. This corresponds to the <code>IsAuthenticatedOrReadOnly</code> class in REST framework.</p>
 <h2 id="how-permissions-are-determined"><a class="toclink" href="#how-permissions-are-determined">How permissions are determined</a></h2>
 <p>Permissions in REST framework are always defined as a list of permission classes.</p>
@@ -545,6 +545,15 @@ <h2 id="object-level-permissions"><a class="toclink" href="#object-level-permiss
     self.check_object_permissions(self.request, obj)
     return obj
 </code></pre>
+<hr />
+<p><strong>Note</strong>: With the exception of <code>DjangoObjectPermissions</code>, the provided
+permission classes in <code>rest_framework.permssions</code> <strong>do not</strong> implement the
+methods necessary to check object permissions.</p>
+<p>If you wish to use the provided permission classes in order to check object
+permissions, <strong>you must</strong> subclass them and implement the
+<code>has_object_permission()</code> method described in the <a href="#custom-permissions"><em>Custom
+permissions</em></a> section (below).</p>
+<hr />
 <h4 id="limitations-of-object-level-permissions"><a class="toclink" href="#limitations-of-object-level-permissions">Limitations of object level permissions</a></h4>
 <p>For performance reasons the generic views will not automatically apply object level permissions to each instance in a queryset when returning a list of objects.</p>
 <p>Often when you're using object level permissions you'll also want to <a href="../filtering/">filter the queryset</a> appropriately, to ensure that users only have visibility onto instances that they are permitted to view.</p>
@@ -608,7 +617,7 @@ <h2 id="setting-the-permission-policy"><a class="toclink" href="#setting-the-per
         }
         return Response(content)
 </code></pre>
-<p><strong>Note:</strong> it only supports &amp; -and- and | -or-.</p>
+<p><strong>Note:</strong> it supports &amp; (and), | (or) and ~ (not).</p>
 <hr />
 <h1 id="api-reference"><a class="toclink" href="#api-reference">API Reference</a></h1>
 <h2 id="allowany"><a class="toclink" href="#allowany">AllowAny</a></h2>
@@ -719,8 +728,8 @@ <h2 id="dry-rest-permissions"><a class="toclink" href="#dry-rest-permissions">DR
 <p>The <a href="https://github.com/Helioscene/dry-rest-permissions">DRY Rest Permissions</a> package provides the ability to define different permissions for individual default and custom actions. This package is made for apps with permissions that are derived from relationships defined in the app's data model. It also supports permission checks being returned to a client app through the API's serializer. Additionally it supports adding permissions to the default and custom list actions to restrict the data they retrieve per user.</p>
 <h2 id="django-rest-framework-roles"><a class="toclink" href="#django-rest-framework-roles">Django Rest Framework Roles</a></h2>
 <p>The <a href="https://github.com/computer-lab/django-rest-framework-roles">Django Rest Framework Roles</a> package makes it easier to parameterize your API over multiple types of users.</p>
-<h2 id="django-rest-framework-api-key"><a class="toclink" href="#django-rest-framework-api-key">Django Rest Framework API Key</a></h2>
-<p>The <a href="https://github.com/manosim/django-rest-framework-api-key">Django Rest Framework API Key</a> package allows you to ensure that every request made to the server requires an API key header. You can generate one from the django admin interface.</p>
+<h2 id="django-rest-framework-api-key"><a class="toclink" href="#django-rest-framework-api-key">Django REST Framework API Key</a></h2>
+<p>The <a href="https://github.com/florimondmanca/djangorestframework-api-key">Django REST Framework API Key</a> package provides the ability to authorize clients based on customizable API key headers. This package is targeted at situations in which regular user-based authentication (e.g. <code>TokenAuthentication</code>) is not suitable, e.g. allowing non-human clients to safely use your API. API keys are generated and validated through cryptographic methods and can be created and revoked from the Django admin interface at anytime.</p>
 <h2 id="django-rest-framework-role-filters"><a class="toclink" href="#django-rest-framework-role-filters">Django Rest Framework Role Filters</a></h2>
 <p>The <a href="https://github.com/allisson/django-rest-framework-role-filters">Django Rest Framework Role Filters</a> package provides simple filtering over multiple types of roles.</p>
 
 
@@ -570,11 +570,11 @@ <h1 id="api-reference"><a class="toclink" href="#api-reference">API Reference</a
         unique_together = ('album', 'order')
         ordering = ['order']
 
-    def __unicode__(self):
+    def __str__(self):
         return '%d: %s' % (self.order, self.title)
 </code></pre>
 <h2 id="stringrelatedfield"><a class="toclink" href="#stringrelatedfield">StringRelatedField</a></h2>
-<p><code>StringRelatedField</code> may be used to represent the target of the relationship using its <code>__unicode__</code> method.</p>
+<p><code>StringRelatedField</code> may be used to represent the target of the relationship using its <code>__str__</code> method.</p>
 <p>For example, the following serializer.</p>
 <pre><code>class AlbumSerializer(serializers.ModelSerializer):
     tracks = serializers.StringRelatedField(many=True)
@@ -945,7 +945,7 @@ <h2 id="generic-relationships"><a class="toclink" href="#generic-relationships">
     object_id = models.PositiveIntegerField()
     tagged_object = GenericForeignKey('content_type', 'object_id')
 
-    def __unicode__(self):
+    def __str__(self):
         return self.tag_name
 </code></pre>
 <p>And the following two models, which may have associated tags:</p>
 
@@ -530,7 +530,7 @@ <h2 id="parsers"><a class="toclink" href="#parsers">.parsers</a></h2>
 <h1 id="content-negotiation"><a class="toclink" href="#content-negotiation">Content negotiation</a></h1>
 <p>The request exposes some properties that allow you to determine the result of the content negotiation stage. This allows you to implement behaviour such as selecting a different serialisation schemes for different media types.</p>
 <h2 id="accepted_renderer"><a class="toclink" href="#accepted_renderer">.accepted_renderer</a></h2>
-<p>The renderer instance what was selected by the content negotiation stage.</p>
+<p>The renderer instance that was selected by the content negotiation stage.</p>
 <h2 id="accepted_media_type"><a class="toclink" href="#accepted_media_type">.accepted_media_type</a></h2>
 <p>A string representing the media type that was accepted by the content negotiation stage.</p>
 <hr />
 
@@ -760,7 +760,7 @@ <h2 id="validation"><a class="toclink" href="#validation">Validation</a></h2>
 serializer.is_valid()
 # False
 serializer.errors
-# {'email': [u'Enter a valid e-mail address.'], 'created': [u'This field is required.']}
+# {'email': ['Enter a valid e-mail address.'], 'created': ['This field is required.']}
 </code></pre>
 <p>Each key in the dictionary will be the field name, and the values will be lists of strings of any error messages corresponding to that field.  The <code>non_field_errors</code> key may also be present, and will list any general validation errors. The name of the <code>non_field_errors</code> key may be customized using the <code>NON_FIELD_ERRORS_KEY</code> REST framework setting.</p>
 <p>When deserializing a list of items, errors will be returned as a list of dictionaries representing each of the deserialized items.</p>
@@ -838,7 +838,7 @@ <h2 id="accessing-the-initial-data-and-instance"><a class="toclink" href="#acces
 <h2 id="partial-updates"><a class="toclink" href="#partial-updates">Partial updates</a></h2>
 <p>By default, serializers must be passed values for all required fields or they will raise validation errors. You can use the <code>partial</code> argument in order to allow partial updates.</p>
 <pre><code># Update `comment` with partial data
-serializer = CommentSerializer(comment, data={'content': u'foo bar'}, partial=True)
+serializer = CommentSerializer(comment, data={'content': 'foo bar'}, partial=True)
 </code></pre>
 <h2 id="dealing-with-nested-objects"><a class="toclink" href="#dealing-with-nested-objects">Dealing with nested objects</a></h2>
 <p>The previous examples are fine for dealing with objects that only have simple datatypes, but sometimes we also need to be able to represent more complex objects, where some of the attributes of an object might not be simple datatypes such as strings, dates or integers.</p>
@@ -871,7 +871,7 @@ <h2 id="writable-nested-representations"><a class="toclink" href="#writable-nest
 serializer.is_valid()
 # False
 serializer.errors
-# {'user': {'email': [u'Enter a valid e-mail address.']}, 'created': [u'This field is required.']}
+# {'user': {'email': ['Enter a valid e-mail address.']}, 'created': ['This field is required.']}
 </code></pre>
 <p>Similarly, the <code>.validated_data</code> property will include nested data structures.</p>
 <h4 id="writing-create-methods-for-nested-representations"><a class="toclink" href="#writing-create-methods-for-nested-representations">Writing <code>.create()</code> methods for nested representations</a></h4>
@@ -971,7 +971,7 @@ <h2 id="including-extra-context"><a class="toclink" href="#including-extra-conte
 <p>You can provide arbitrary additional context by passing a <code>context</code> argument when instantiating the serializer.  For example:</p>
 <pre><code>serializer = AccountSerializer(account, context={'request': request})
 serializer.data
-# {'id': 6, 'owner': u'denvercoder9', 'created': datetime.datetime(2013, 2, 12, 09, 44, 56, 678870), 'details': 'http://example.com/accounts/6/details'}
+# {'id': 6, 'owner': 'denvercoder9', 'created': datetime.datetime(2013, 2, 12, 09, 44, 56, 678870), 'details': 'http://example.com/accounts/6/details'}
 </code></pre>
 <p>The context dictionary can be used within any serializer field logic, such as a custom <code>.to_representation()</code> method, by accessing the <code>self.context</code> attribute.</p>
 <hr />
@@ -1485,10 +1485,10 @@ <h3 id="example"><a class="toclink" href="#example">Example</a></h3>
 &gt;&gt;&gt;         model = User
 &gt;&gt;&gt;         fields = ('id', 'username', 'email')
 &gt;&gt;&gt;
-&gt;&gt;&gt; print UserSerializer(user)
+&gt;&gt;&gt; print(UserSerializer(user))
 {'id': 2, 'username': 'jonwatts', 'email': 'jon@example.com'}
 &gt;&gt;&gt;
-&gt;&gt;&gt; print UserSerializer(user, fields=('id', 'email'))
+&gt;&gt;&gt; print(UserSerializer(user, fields=('id', 'email')))
 {'id': 2, 'email': 'jon@example.com'}
 </code></pre>
 <h2 id="customizing-the-default-fields"><a class="toclink" href="#customizing-the-default-fields">Customizing the default fields</a></h2>