[Django]-Using django-rest-interface

by

12👍

✅

I would look into using django-piston http://bitbucket.org/jespern/django-piston/wiki/Home application if security is your main concern.

I have used django-rest-interface in the past, its reliable and though simple can be quite powerful, however django-piston seems more flexible going forward.

👤Mark Ellul

3👍

Well, from the look of things, there’s an authentication parameter to Collection. (see this example: authentication.py)

Second, (even if Django doesn’t have it yet,) there should probably be a middleware that does CSRF/XSRF form checking. (Oh, there seems to be one.) You should also be able to use the login_required and permission_required decorators in the urls.py.

👤Anders Eurenius

3👍

Even with the Authentication parameter, you don’t have fine-grained control over what people can do. The current implementation of the Django-REST interface doesn’t track the user information, so you don’t have this information available for doing fine-grained authorization checks.

See Issue #32.

However, it’s relatively easy to extend it to add some features. I use a lot of subclasses to add features.

Updating the request with login information, however, is tricky in Django. Rather than do that, I leave the information in the Collection.

Right now, I’d estimate that between patches and subclasses, what I’ve written is about as big as rolling my own RESTful view functions.

Django-REST, however, gracefully and neatly handles HTTP Digest Authentication. I don’t look forward to replacing theirs with some kind of decorator for my Django view functions.

[Maybe we should open a source forge project and work out a clean replacement?]

👤S.Lott

2👍

Please do have a look at django-rest-framework, I just stepped over from tastypie to this new framework, works great!

http://django-rest-framework.org/

Especially the class based views and the browsable api! and many other advantages (e..g. to upload images)

👤michel.iamit

Leave a comment