Merge branch 'master' of https://github.com/tomchristie/django-rest-framework

Author: tomchristie

docs/api-guide/throttling.md

@@ -12,7 +12,7 @@ As with permissions, multiple throttles may be used.  Your API might have a rest
 
 Another scenario where you might want to use multiple throttles would be if you need to impose different constraints on different parts of the API, due to some services being particularly resource-intensive.
 
-Multiple throttles can also be used if you want to impose both burst throttling  rates, and sustained throttling rates.  For example, you might want to limit a user to a maximum of 60 requests per minute, and 1000 requests per day.
+Multiple throttles can also be used if you want to impose both burst throttling rates, and sustained throttling rates.  For example, you might want to limit a user to a maximum of 60 requests per minute, and 1000 requests per day.
 
 Throttles do not necessarily only refer to rate-limiting requests.  For example a storage service might also need to throttle against bandwidth, and a paid data service might want to throttle against a certain number of a records being accessed.
 
@@ -44,7 +44,7 @@ You can also set the throttling policy on a per-view or per-viewset basis,
 using the `APIView` class based views.
 
     class ExampleView(APIView):
-        throttle_classes = (UserThrottle,)
+        throttle_classes = (UserRateThrottle,)
 
         def get(self, request, format=None):
             content = {
@@ -55,7 +55,7 @@ using the `APIView` class based views.
 Or, if you're using the `@api_view` decorator with function based views.
 
     @api_view('GET')
-    @throttle_classes(UserThrottle)
+    @throttle_classes(UserRateThrottle)
     def example_view(request, format=None):
         content = {
             'status': 'request was permitted'
@@ -72,22 +72,22 @@ The throttle classes provided by REST framework use Django's cache backend.  You
 
 ## AnonRateThrottle
 
-The `AnonThrottle` will only ever throttle unauthenticated users.  The IP address of the incoming request is used to generate a unique key to throttle against.
+The `AnonRateThrottle` will only ever throttle unauthenticated users.  The IP address of the incoming request is used to generate a unique key to throttle against.
 
 The allowed request rate is determined from one of the following (in order of preference).
 
-* The `rate` property on the class, which may be provided by overriding `AnonThrottle` and setting the property.
+* The `rate` property on the class, which may be provided by overriding `AnonRateThrottle` and setting the property.
 * The `DEFAULT_THROTTLE_RATES['anon']` setting.
 
-`AnonThrottle` is suitable if you want to restrict the rate of requests from unknown sources.
+`AnonRateThrottle` is suitable if you want to restrict the rate of requests from unknown sources.
 
 ## UserRateThrottle
 
-The `UserThrottle` will throttle users to a given rate of requests across the API.  The user id is used to generate a unique key to throttle against.  Unauthenticated requests will fall back to using the IP address of the incoming request to generate a unique key to throttle against.
+The `UserRateThrottle` will throttle users to a given rate of requests across the API.  The user id is used to generate a unique key to throttle against.  Unauthenticated requests will fall back to using the IP address of the incoming request to generate a unique key to throttle against.
 
 The allowed request rate is determined from one of the following (in order of preference).
 
-* The `rate` property on the class, which may be provided by overriding `UserThrottle` and setting the property.
+* The `rate` property on the class, which may be provided by overriding `UserRateThrottle` and setting the property.
 * The `DEFAULT_THROTTLE_RATES['user']` setting.
 
 An API may have multiple `UserRateThrottles` in place at the same time.  To do so, override `UserRateThrottle` and set a unique "scope" for each class.
@@ -113,11 +113,11 @@ For example, multiple user throttle rates could be implemented by using the foll
         }
     }
 
-`UserThrottle` is suitable if you want simple global rate restrictions per-user.
+`UserRateThrottle` is suitable if you want simple global rate restrictions per-user.
 
 ## ScopedRateThrottle
 
-The `ScopedThrottle` class can be used to restrict access to specific parts of the API.  This throttle will only be applied if the view that is being accessed includes a `.throttle_scope` property.  The unique throttle key will then be formed by concatenating the "scope" of the request with the unique user id or IP address.
+The `ScopedRateThrottle` class can be used to restrict access to specific parts of the API.  This throttle will only be applied if the view that is being accessed includes a `.throttle_scope` property.  The unique throttle key will then be formed by concatenating the "scope" of the request with the unique user id or IP address.
 
 The allowed request rate is determined by the `DEFAULT_THROTTLE_RATES` setting using a key from the request "scope".
 

docs/api-guide/viewsets.md

@@ -98,6 +98,7 @@ For example:
 
     from django.contrib.auth.models import User
     from rest_framework import viewsets
+    from rest_framework import status
     from rest_framework.decorators import action
     from rest_framework.response import Response
     from myapp.serializers import UserSerializer, PasswordSerializer

docs/topics/ajax-csrf-cors.md

@@ -23,7 +23,7 @@ To guard against these type of attacks, you need to do two things:
 
 If you're using `SessionAuthentication` you'll need to include valid CSRF tokens for any `POST`, `PUT`, `PATCH` or `DELETE` operations.
 
-The Django documentation describes how to [include CSRF tokens in AJAX requests][csrf-ajax].
+In order to make AJAX requests, you need to include CSRF token in the HTTP header, as [described in the Django documentation][csrf-ajax].
 
 ## CORS
 

docs/topics/browsable-api.md

@@ -75,6 +75,7 @@ All of the blocks available in the browsable API base template that can be used
 * `branding`                   - Branding section of the navbar, see [Bootstrap components][bcomponentsnav].
 * `breadcrumbs`                - Links showing resource nesting, allowing the user to go back up the resources.  It's recommended to preserve these, but they can be overridden using the breadcrumbs block.
 * `footer`                     - Any copyright notices or similar footer materials can go here (by default right-aligned).
+* `script`                     - JavaScript files for the page.
 * `style`                      - CSS stylesheets for the page.
 * `title`                      - Title of the page.
 * `userlinks`                  - This is a list of links on the right of the header, by default containing login/logout links.  To add links instead of replace, use `{{ block.super }}` to preserve the authentication links.
@@ -170,4 +171,4 @@ You can now add the `autocomplete_light.ChoiceWidget` widget to the serializer f
 [autocomplete-packages]: https://www.djangopackages.com/grids/g/auto-complete/
 [django-autocomplete-light]: https://github.com/yourlabs/django-autocomplete-light
 [django-autocomplete-light-install]: http://django-autocomplete-light.readthedocs.org/en/latest/#install
-[autocomplete-image]: ../img/autocomplete.png
+[autocomplete-image]: ../img/autocomplete.png

docs/topics/credits.md

@@ -147,6 +147,10 @@ The following people have helped make REST framework great.
 * Rudolf Olah - [omouse]
 * Gertjan Oude Lohuis - [gertjanol]
 * Matthias Jacob - [cyroxx]
+* Pavel Zinovkin - [pzinovkin]
+* Will Kahn-Greene - [willkg]
+* Kevin Brown - [kevin-brown]
+* Rodrigo Martell - [coderigo]
 
 Many thanks to everyone who's contributed to the project.
 
@@ -330,3 +334,7 @@ You can also contact [@_tomchristie][twitter] directly on twitter.
 [omouse]: https://github.com/omouse
 [gertjanol]: https://github.com/gertjanol
 [cyroxx]: https://github.com/cyroxx
+[pzinovkin]: https://github.com/pzinovkin
+[coderigo]: https://github.com/coderigo
+[willkg]: https://github.com/willkg
+[kevin-brown]: https://github.com/kevin-brown

docs/tutorial/5-relationships-and-hyperlinked-apis.md

@@ -80,7 +80,7 @@ We can easily re-write our existing serializers to use hyperlinking.
         highlight = serializers.HyperlinkedIdentityField(view_name='snippet-highlight', format='html')
 
         class Meta:
-            model = models.Snippet
+            model = Snippet
             fields = ('url', 'highlight', 'owner',
                       'title', 'code', 'linenos', 'language', 'style')
 

rest_framework/fields.py

@@ -512,7 +512,7 @@ class EmailField(CharField):
     form_field_class = forms.EmailField
 
     default_error_messages = {
-        'invalid': _('Enter a valid e-mail address.'),
+        'invalid': _('Enter a valid email address.'),
     }
     default_validators = [validators.validate_email]
 

rest_framework/serializers.py

@@ -690,7 +690,7 @@ def get_default_fields(self):
             assert field_name in ret, \
                 "Noexistant field '%s' specified in `read_only_fields` " \
                 "on serializer '%s'." % \
-                (self.__class__.__name__, field_name)
+                (field_name, self.__class__.__name__)
             ret[field_name].read_only = True
 
         return ret

rest_framework/tests/test_serializer.py

@@ -494,7 +494,7 @@ def test_wrong_data(self):
         }
         serializer = self.CommentSerializerWithFieldValidator(data=wrong_data)
         self.assertFalse(serializer.is_valid())
-        self.assertEqual(serializer.errors, {'email': ['Enter a valid e-mail address.']})
+        self.assertEqual(serializer.errors, {'email': ['Enter a valid email address.']})
 
 
 class PositiveIntegerAsChoiceTests(TestCase):