Reputation: 5422
Using django-rest-interface
I have a django application that I'd like to add some rest interfaces to. I've seen http://code.google.com/p/django-rest-interface/ but it seems to be pretty simplistic. For instance it doesn't seem to have a way of enforcing security. How would I go about limiting what people can view and manipulate through the rest interface? Normally I'd put this kind of logic in my views. Is this the right place or should I be moving some more logic down into the model? Alternatively is there a better library out there or do I need to roll my own?
Upvotes: 21
Views: 15008
Answers (4)
Reputation: 5916
Please do have a look at django-rest-framework, I just stepped over from tastypie to this new framework, works great!
http://django-rest-framework.org/
Especially the class based views and the browsable api! and many other advantages (e..g. to upload images)
Upvotes: 2
Reputation: 1906
I would look into using django-piston http://bitbucket.org/jespern/django-piston/wiki/Home application if security is your main concern.
I have used django-rest-interface in the past, its reliable and though simple can be quite powerful, however django-piston seems more flexible going forward.
Upvotes: 12
Reputation: 391992
Even with the Authentication parameter, you don't have fine-grained control over what people can do. The current implementation of the Django-REST interface doesn't track the user information, so you don't have this information available for doing fine-grained authorization checks.
See Issue #32.
However, it's relatively easy to extend it to add some features. I use a lot of subclasses to add features.
Updating the request with login information, however, is tricky in Django. Rather than do that, I leave the information in the Collection.
Right now, I'd estimate that between patches and subclasses, what I've written is about as big as rolling my own RESTful view functions.
Django-REST, however, gracefully and neatly handles HTTP Digest Authentication. I don't look forward to replacing theirs with some kind of decorator for my Django view functions.
[Maybe we should open a source forge project and work out a clean replacement?]
Upvotes: 3
Reputation: 4226
Well, from the look of things, there's an authentication parameter to Collection. (see this example: authentication.py)
Second, (even if Django doesn't have it yet,) there should probably be a middleware that does CSRF/XSRF form checking. (Oh, there seems to be one.) You should also be able to use the login_required and permission_required decorators in the urls.py.
Upvotes: 3
Related Questions
- About django/restframework request
- Implement a REST API and web interface in Django
- Django HTTP request to api
- Django and Restful APIs
- REST API in Django 1.7
- REST API in Python / Django
- Using the Django Rest Framework
- Django rest-framework
- RESTful interfaces in Django
- using django-rest-interface with http put