Best IT Recipes

Using the django-rest interface

I have a django application with which I would like to add some rest interfaces. I saw http://code.google.com/p/django-rest-interface/ but it looks pretty simplistic. For example, it does not seem to have a way to ensure security. How can I limit what people can view and manipulate through the interface of the rest? Usually I put such logic in my views. Is this the right place or do I need to move some more logic into the model? Alternatively, is there a better library there or do I need to roll on my own?

+20
python rest django
Oct 17 '08 at 16:53
source share
4 answers

I would consider using django-piston http://bitbucket.org/jespern/django-piston/wiki/Home if security is your main concern.

I used the django-rest interface in the past, it is reliable and although simple can be quite powerful, but the django-piston looks more flexible in the future.

+12
Jun 15 '09 at 14:28
source share

Well, in terms of things, there is an authentication parameter for Collection . (see this example: authentication.py )

Secondly (even if Django does not already have this), there probably should be middleware that performs CSRF / XSRF form validation. (Oh, it seems to be one .) You should also be able to use login_required and permission_required decorators in urls.py.

+3
Oct 18 '08 at 1:52
source share

Even with the Authentication option, you do not have small-scale control over what people can do. The current implementation of the Django-REST interface does not track user information, so you do not have this information to perform small-scale authorization checks.

See Problem No. 32 .

However, it is relatively easy to extend it to add some features. I use many subclasses to add functions.

Updating a request with login information, however, is difficult in Django. Instead, I leave the information in the Collection.

Right now, I would appreciate that between the patches and subclasses, what I wrote is about the same as porting my own RESTful view functions.

Django-REST, however, elegantly and accurately handles HTTP Digest authentication. I'm not looking forward to replacing them with some kind of decorator for my Django view functions.

[Perhaps we should open the original forge project and work out a clean replacement?]

+3
Oct 18 '08 at 11:49
source share

Please take a look at the django-rest-framework, I just switched from tastypie to this new structure, it works great!

http://django-rest-framework.org/

Specifically, view-based classes and viewable api! and many other benefits (such as downloading images)

+2
Aug 16 2018-12-16T00:
source share


More articles:


All Articles