• Get Review Board
  • What's New
  • Products
  • Review Board Code review, image review, and document review
  • Documentation
  • Release Notes
  • Power Pack Enterprise integrations, reports, and enhanced document review
  • Try for 60 Days
  • Purchase
  • RBCommons Review Board as a Service, hosted by us
  • Pricing
  • RBTools Command line tools and Python API for Review Board
  • Documentation
  • Release Notes
  • Review Bot Automated code review, connecting tools you already use
  • Documentation
  • Release Notes
  • RB Gateway Manage Git and Mercurial repositories in your network
  • Documentation
  • Release Notes
  • Learn and Explore
  • What is Code Review?
  • Documentation
  • Frequently Asked Questions
  • Support Options
  • Third-Party Integrations
  • Demo
  • Review Board RBTools Power Pack Review Bot Djblets RB Gateway
    1. Djblets 3.x
    2. Version 5.x
    3. Version 4.x
    4. Version 3.x
    5. Version 2.x
    6. Version 2.0
    7. Version 1.0
    8. Version 0.9
    9. Djblets Documentation
    10. Module and Class References
    11. djblets.webapi.resources.base
  • Home
  • Guides
  • Avatar Services Guides
  • Writing Avatar Services
  • Extension Guides
  • Writing Extensions
  • Testing Extensions
  • Feature Checks Guides
  • Introduction to Feature Checks
  • Writing Features
  • Writing Feature Checkers
  • Testing with Feature Checks
  • Integration Guides
  • Supporting Integrations
  • Writing Integrations
  • Privacy Compliance Guides
  • Getting and Checking Consent
  • Working with Personally Identifiable Information
  • Service Integrations
  • reCAPTCHA Guides
  • Using reCAPTCHA
  • Registries Guides
  • Writing Registries
  • Web API Guides
  • Writing Web API Resources
  • Adding OAuth2 Support
  • Module and Class References
  • djblets
  • djblets.deprecation
  • djblets.auth.forms
  • djblets.auth.ratelimit
  • djblets.auth.signals
  • djblets.auth.util
  • djblets.auth.views
  • djblets.avatars.errors
  • djblets.avatars.forms
  • djblets.avatars.registry
  • djblets.avatars.services
  • djblets.avatars.services.base
  • djblets.avatars.services.fallback
  • djblets.avatars.services.file_upload
  • djblets.avatars.services.gravatar
  • djblets.avatars.services.url
  • djblets.avatars.settings
  • djblets.cache.backend
  • djblets.cache.backend_compat
  • djblets.cache.context_processors
  • djblets.cache.errors
  • djblets.cache.forwarding_backend
  • djblets.cache.serials
  • djblets.cache.synchronizer
  • djblets.conditions
  • djblets.conditions.choices
  • djblets.conditions.conditions
  • djblets.conditions.errors
  • djblets.conditions.operators
  • djblets.conditions.values
  • djblets.configforms.forms
  • djblets.configforms.mixins
  • djblets.configforms.pages
  • djblets.configforms.registry
  • djblets.configforms.views
  • djblets.datagrid.grids
  • djblets.db.backends.mysql.base
  • djblets.db.fields
  • djblets.db.fields.base64_field
  • djblets.db.fields.counter_field
  • djblets.db.fields.json_field
  • djblets.db.fields.modification_timestamp_field
  • djblets.db.fields.relation_counter_field
  • djblets.db.managers
  • djblets.db.query
  • djblets.db.validators
  • djblets.extensions.admin
  • djblets.extensions.errors
  • djblets.extensions.extension
  • djblets.extensions.forms
  • djblets.extensions.hooks
  • djblets.extensions.loaders
  • djblets.extensions.manager
  • djblets.extensions.middleware
  • djblets.extensions.models
  • djblets.extensions.packaging
  • djblets.extensions.resources
  • djblets.extensions.settings
  • djblets.extensions.signals
  • djblets.extensions.staticfiles
  • djblets.extensions.testing
  • djblets.extensions.testing.testcases
  • djblets.extensions.urls
  • djblets.extensions.views
  • djblets.extensions.templatetags.djblets_extensions
  • djblets.features
  • djblets.features.checkers
  • djblets.features.decorators
  • djblets.features.errors
  • djblets.features.feature
  • djblets.features.level
  • djblets.features.registry
  • djblets.features.testing
  • djblets.features.templatetags.features
  • djblets.feedview.views
  • djblets.feedview.templatetags.feedtags
  • djblets.forms.fields
  • djblets.forms.fieldsets
  • djblets.forms.forms
  • djblets.forms.forms.key_value_form
  • djblets.forms.widgets
  • djblets.gravatars
  • djblets.gravatars.templatetags.gravatars
  • djblets.http.middleware
  • djblets.integrations.errors
  • djblets.integrations.forms
  • djblets.integrations.hooks
  • djblets.integrations.integration
  • djblets.integrations.manager
  • djblets.integrations.mixins
  • djblets.integrations.models
  • djblets.integrations.urls
  • djblets.integrations.views
  • djblets.log
  • djblets.log.middleware
  • djblets.log.siteconfig
  • djblets.log.urls
  • djblets.log.views
  • djblets.mail.dmarc
  • djblets.mail.message
  • djblets.mail.testing
  • djblets.mail.utils
  • djblets.markdown
  • djblets.markdown.extensions.escape_html
  • djblets.markdown.extensions.wysiwyg
  • djblets.markdown.extensions.wysiwyg_email
  • djblets.pipeline.compilers.es6.ES6Compiler
  • djblets.pipeline.compilers.less.LessCompiler
  • djblets.pipeline.settings
  • djblets.privacy.consent
  • djblets.privacy.consent.base
  • djblets.privacy.consent.common
  • djblets.privacy.consent.errors
  • djblets.privacy.consent.forms
  • djblets.privacy.consent.hooks
  • djblets.privacy.consent.registry
  • djblets.privacy.consent.tracker
  • djblets.privacy.models
  • djblets.privacy.pii
  • djblets.privacy.templatetags.djblets_privacy
  • djblets.recaptcha.mixins
  • djblets.recaptcha.siteconfig
  • djblets.recaptcha.templatetags.djblets_recaptcha
  • djblets.recaptcha.widgets
  • djblets.registries
  • djblets.registries.errors
  • djblets.registries.importer
  • djblets.registries.mixins
  • djblets.registries.registry
  • djblets.registries.signals
  • djblets.secrets
  • djblets.secrets.crypto
  • djblets.secrets.token_generators
  • djblets.secrets.token_generators.base
  • djblets.secrets.token_generators.legacy_sha1
  • djblets.secrets.token_generators.registry
  • djblets.secrets.token_generators.vendor_checksum
  • djblets.siteconfig
  • djblets.siteconfig.admin
  • djblets.siteconfig.context_processors
  • djblets.siteconfig.django_settings
  • djblets.siteconfig.forms
  • djblets.siteconfig.managers
  • djblets.siteconfig.middleware
  • djblets.siteconfig.models
  • djblets.siteconfig.signals
  • djblets.siteconfig.views
  • djblets.template.caches
  • djblets.template.context
  • djblets.template.loaders.conditional_cached
  • djblets.template.loaders.namespaced_app_dirs
  • djblets.testing.decorators
  • djblets.testing.testcases
  • djblets.testing.testrunners
  • djblets.urls.context_processors
  • djblets.urls.decorators
  • djblets.urls.patterns
  • djblets.urls.resolvers
  • djblets.urls.root
  • djblets.urls.staticfiles
  • djblets.util.compat.django.core.cache
  • djblets.util.compat.python.past
  • djblets.util.contextmanagers
  • djblets.util.dates
  • djblets.util.decorators
  • djblets.util.filesystem
  • djblets.util.html
  • djblets.util.http
  • djblets.util.humanize
  • djblets.util.json_utils
  • djblets.util.properties
  • djblets.util.serializers
  • djblets.util.symbols
  • djblets.util.templatetags.djblets_deco
  • djblets.util.templatetags.djblets_email
  • djblets.util.templatetags.djblets_forms
  • djblets.util.templatetags.djblets_images
  • djblets.util.templatetags.djblets_js
  • djblets.util.templatetags.djblets_utils
  • djblets.util.typing
  • djblets.util.views
  • djblets.views.generic.base
  • djblets.views.generic.etag
  • djblets.webapi.auth
  • djblets.webapi.auth.backends
  • djblets.webapi.auth.backends.api_tokens
  • djblets.webapi.auth.backends.base
  • djblets.webapi.auth.backends.basic
  • djblets.webapi.auth.backends.oauth2_tokens
  • djblets.webapi.auth.views
  • djblets.webapi.decorators
  • djblets.webapi.encoders
  • djblets.webapi.errors
  • djblets.webapi.fields
  • djblets.webapi.managers
  • djblets.webapi.models
  • djblets.webapi.oauth2_scopes
  • djblets.webapi.resources
  • djblets.webapi.resources.base
  • djblets.webapi.resources.group
  • djblets.webapi.resources.registry
  • djblets.webapi.resources.root
  • djblets.webapi.resources.user
  • djblets.webapi.resources.mixins.api_tokens
  • djblets.webapi.resources.mixins.forms
  • djblets.webapi.resources.mixins.oauth2_tokens
  • djblets.webapi.resources.mixins.queries
  • djblets.webapi.responses
  • djblets.webapi.signals
  • djblets.webapi.testing
  • djblets.webapi.testing.decorators
  • djblets.webapi.testing.testcases
  • General Index
  • Python Module Index
  • Release Notes
  • This documentation covers Djblets 3.x. You can select a version above or view the latest documentation.

    djblets.webapi.resources.base¶

    Base class for a resource in an API.

    class WebAPIResource¶

    Bases: object

    A resource handling HTTP operations for part of the API.

    A WebAPIResource is a RESTful resource living at a specific URL. It can represent either an object or a list of objects, and can respond to various HTTP methods (GET, POST, PUT, DELETE).

    Subclasses are expected to override functions and variables in order to provide specific functionality, such as modifying the resource or creating a new resource.

    For information on writing an API resource, see Writing Web API Resources.

    model = None¶
    fields = {}¶
    uri_object_key_regex = '[0-9]+'¶
    uri_object_key = None¶
    model_object_key = 'pk'¶
    model_parent_key = None¶
    last_modified_field = None¶
    etag_field = None¶
    autogenerate_etags = False¶
    singleton = False¶
    list_child_resources = []¶
    item_child_resources = []¶
    allowed_methods = ('GET',)¶
    mimetype_vendor = None¶
    mimetype_list_resource_name = None¶
    mimetype_item_resource_name = None¶
    paginated_cls¶

    The class to use for paginated results in get_list.

    alias of WebAPIResponsePaginated

    method_mapping = {'DELETE': 'delete', 'GET': 'get', 'POST': 'post', 'PUT': 'put'}¶
    __init__()¶
    allowed_mimetypes = [{'list': 'application/json', 'item': 'application/json'}, {'list': 'application/xml', 'item': 'application/xml'}]¶
    __call__(request, api_format=None, *args, **kwargs)¶

    Invokes the correct HTTP handler based on the type of request.

    __name__ = 'WebAPIResource'¶
    property name¶

    Returns the name of the object, used for keys in the payloads.

    property name_plural¶

    Returns the plural name of the object, used for lists.

    property item_result_key¶

    Returns the key for single objects in the payload.

    property list_result_key¶

    Returns the key for lists of objects in the payload.

    property uri_name¶

    Returns the name of the resource in the URI.

    This can be overridden when the name in the URI needs to differ from the name used for the resource.

    property link_name¶

    Returns the name of the resource for use in a link.

    This can be overridden when the name in the link needs to differ from the name used for the resource.

    uri_template_name()¶

    Returns the name of the resource for use in URI templates.

    This will be used as the key for this resource in :py:class`djblets.webapi.resource.root.RootResource`’s list of URI templates. This can be overridden when the URI template name for this resource needs to differ from the name used for the resource.

    This must be unique to the resource. If set to None this resource will be excluded from the URI templates list.

    New in version 3.1.0.

    Type:

    str or None

    uri_template_name_plural()¶

    Returns the plural name of the resource for use in URI templates.

    This will be used as the key for the list version of this resource in :py:class`djblets.webapi.resource.root.RootResource`’s list of URI templates. This can be overridden when the URI template name for this resource needs to differ from the name used for the resource.

    This must be unique to the resource. If set to None the list version of this resource will be excluded from the URI templates list.

    New in version 3.1.0.

    Type:

    str or None

    call_method_view(request, method, view, *args, **kwargs)¶

    Calls the given method view.

    This will just call the given view by default, passing in all args and kwargs.

    This can be overridden by subclasses to perform additional checks or pass additional data to the view.

    build_response_args(request)¶
    get_object(request, id_field=None, *args, **kwargs)¶

    Returns an object, given captured parameters from a URL.

    This will perform a query for the object, taking into account model_object_key, uri_object_key, and any captured parameters from the URL.

    This requires that model and uri_object_key be set.

    Throws django.core.exceptions.ObjectDoesNotExist if the requested object does not exist.

    post(*args, **kwargs)¶

    Handles HTTP POSTs.

    This is not meant to be overridden unless there are specific needs.

    This will invoke create if doing an HTTP POST on a list resource.

    By default, an HTTP POST is not allowed on individual object resourcces.

    put(request, *args, **kwargs)¶

    Handles HTTP PUTs.

    This is not meant to be overridden unless there are specific needs.

    This will just invoke update.

    get(**kwargs)¶

    Handles HTTP GETs to individual object resources.

    By default, this will check for access permissions and query for the object. It will then return a serialized form of the object.

    This may need to be overridden if needing more complex logic.

    get_list(**kwargs)¶

    Handles HTTP GETs to list resources.

    By default, this will query for a list of objects and return the list in a serialized form.

    create(**kwargs)¶

    Handles HTTP POST requests to list resources.

    This is used to create a new object on the list, given the data provided in the request. It should usually return HTTP 201 Created upon success.

    By default, this returns HTTP 405 Method Not Allowed.

    update(**kwargs)¶

    Handles HTTP PUT requests to object resources.

    This is used to update an object, given full or partial data provided in the request. It should usually return HTTP 200 OK upon success.

    By default, this returns HTTP 405 Method Not Allowed.

    delete(**kwargs)¶

    Handles HTTP DELETE requests to object resources.

    This is used to delete an object, if the user has permissions to do so.

    By default, this deletes the object and returns HTTP 204 No Content.

    get_queryset(request, is_list=False, *args, **kwargs)¶

    Returns a queryset used for querying objects or lists of objects.

    Throws django.core.exceptions.ObjectDoesNotExist if the requested object does not exist.

    This can be overridden to filter the object list, such as for hiding non-public objects.

    The is_list parameter can be used to specialize the query based on whether an individual object or a list of objects is being queried.

    get_url_patterns()¶

    Returns the Django URL patterns for this object and its children.

    This is used to automatically build up the URL hierarchy for all objects. Projects should call this for top-level resources and return them in the urls.py files.

    has_access_permissions(request, obj, *args, **kwargs)¶

    Returns whether or not the user has read access to this object.

    has_list_access_permissions(request, *args, **kwargs)¶

    Returns whether or not the user has read access to this list.

    has_modify_permissions(request, obj, *args, **kwargs)¶

    Returns whether or not the user can modify this object.

    has_delete_permissions(request, obj, *args, **kwargs)¶

    Returns whether or not the user can delete this object.

    get_link_serializer(field)¶

    Return the function to use for serializing a link field.

    serialize_link(obj, *args, **kwargs)¶

    Serialize a link to the object into a Python dictionary.

    get_object_title(obj, request=None, *args, **kwargs)¶

    Return the object’s title.

    By default, this returns the object’s unicode representation.

    Parameters:
    • obj (object) – The object to serialize.

    • request (django.http.HttpRequest) – The current request.

    • *args (tuple) – Additional positional arguments.

    • **kwargs (dict) – Additional keyword arguments.

    Returns:

    The object’s title.

    Return type:

    unicode

    serialize_object(obj, *args, **kwargs)¶

    Serializes the object into a Python dictionary.

    get_only_fields(request)¶

    Returns the list of the only fields that the payload should include.

    If the user has requested that no fields should be provided, this will return an empty list.

    If all fields will be included in the payload, this will return None.

    get_only_links(request)¶

    Returns the list of the only links that the payload should include.

    If the user has requested that no links should be provided, this will return an empty list.

    If all links will be included in the payload, this will return None.

    get_serializer_for_object(obj)¶

    Returns the serializer used to serialize an object.

    This is called when serializing objects for payloads returned by this resource instance. It must return the resource instance that will be responsible for serializing the given object for the payload.

    By default, this calls get_resource_for_object to find the appropriate resource.

    get_links(resources=[], obj=None, request=None, *args, **kwargs)¶

    Returns a dictionary of links coming off this resource.

    The resulting links will point to the resources passed in resources, and will also provide special resources for self (which points back to the official location for this resource) and one per HTTP method/operation allowed on this resource.

    get_related_links(obj=None, request=None, *args, **kwargs)¶

    Returns links related to this resource.

    The result should be a dictionary of link names to a dictionary of information. The information should contain:

    • ‘method’ - The HTTP method

    • ‘href’ - The URL

    • ‘title’ - The title of the link (optional)

    • ‘resource’ - The WebAPIResource instance

    • ‘list-resource’ - True if this links to a list resource (optional)

    get_href(obj, request, *args, **kwargs)¶

    Returns the URL for this object.

    get_list_url(**kwargs)¶

    Return the URL to the list version of this resource.

    This will generate a URL for the list resource, given the provided arguments for the URL pattern.

    Parameters:

    kwargs (dict) – The keyword arguments needed for URL resolution.

    Returns:

    The resulting absolute URL to the list resource.

    Return type:

    unicode

    get_item_url(**kwargs)¶

    Return the URL to the item version of this resource.

    This will generate a URL for the item resource, given the provided arguments for the URL pattern.

    Parameters:

    kwargs (dict) – The keyword arguments needed for URL resolution.

    Returns:

    The resulting absolute URL to the item resource.

    Return type:

    unicode

    build_resource_url(name, request=None, **kwargs)¶

    Build a resource URL for the given name and keyword arguments.

    This can be overridden by subclasses that have special requirements for URL resolution.

    Parameters:
    • name (unicode) – The name of the resource.

    • request (HttpRequest) – The HTTP request from the client.

    • kwargs (dict) – The keyword arguments needed for URL resolution.

    Returns:

    The resulting absolute URL to the resource.

    Return type:

    unicode

    get_href_parent_ids(obj, **kwargs)¶

    Returns a dictionary mapping parent object keys to their values for an object.

    get_parent_object(obj)¶

    Returns the parent of an object.

    By default, this uses model_parent_key to figure out the parent, but it can be overridden for more complex behavior.

    get_last_modified(request, obj)¶

    Returns the last modified timestamp of an object.

    By default, this uses last_modified_field to determine what field in the model represents the last modified timestamp of the object.

    This can be overridden for more complex behavior.

    get_etag(request, obj, *args, **kwargs)¶

    Returns the ETag representing the state of the object.

    By default, this uses etag_field to determine what field in the model is unique enough to represent the state of the object.

    This can be overridden for more complex behavior. Any overridden functions should make sure to pass the result through encode_etag before returning a value.

    encode_etag(request, etag, *args, **kwargs)¶

    Encodes an ETag for usage in a header.

    This will take a precomputed ETag, augment it with additional information, encode it as a SHA1, and return it.

    are_cache_headers_current(request, last_modified=None, etag=None)¶

    Determines if cache headers from the client are current.

    This will compare the optionally-provided timestamp and ETag against any conditional cache headers sent by the client to determine if the headers are current. If they are, the caller can return HttpResponseNotModified instead of a payload.

    get_no_access_error(request, *args, **kwargs)¶

    Returns an appropriate error when access is denied.

    By default, this will return PERMISSION_DENIED if the user is logged in, and NOT_LOGGED_IN if the user is anonymous.

    Subclasses can override this to return different or more detailed errors.

    Keep up with the latest Review Board releases, security updates, and helpful information.

    About
    News
    Demo
    RBCommons Hosting
    Integrations
    Happy Users
    Support Options
    Documentation
    FAQ
    User Manual
    RBTools
    Administration Guide
    Power Pack
    Release Notes
    Downloads
    Review Board
    RBTools
    Djblets
    Power Pack
    Package Store
    PGP Signatures
    Contributing
    Bug Tracker
    Submit Patches
    Development Setup
    Wiki
    Follow Us
    Mailing Lists
    Reddit
    Twitter
    Mastodon
    Facebook
    YouTube

    Copyright © 2006-2025 Beanbag, Inc. All rights reserved.

    Terms of Service — Privacy Policy — AI Ethics Policy — Branding

    On this page

    • [Top]
    • WebAPIResource
      • WebAPIResource.model
      • WebAPIResource.fields
      • WebAPIResource.uri_object_key_regex
      • WebAPIResource.uri_object_key
      • WebAPIResource.model_object_key
      • WebAPIResource.model_parent_key
      • WebAPIResource.last_modified_field
      • WebAPIResource.etag_field
      • WebAPIResource.autogenerate_etags
      • WebAPIResource.singleton
      • WebAPIResource.list_child_resources
      • WebAPIResource.item_child_resources
      • WebAPIResource.allowed_methods
      • WebAPIResource.mimetype_vendor
      • WebAPIResource.mimetype_list_resource_name
      • WebAPIResource.mimetype_item_resource_name
      • WebAPIResource.paginated_cls
      • WebAPIResource.method_mapping
      • WebAPIResource.__init__()
      • WebAPIResource.allowed_mimetypes
      • WebAPIResource.__call__()
      • WebAPIResource.__name__
      • WebAPIResource.name
      • WebAPIResource.name_plural
      • WebAPIResource.item_result_key
      • WebAPIResource.list_result_key
      • WebAPIResource.uri_name
      • WebAPIResource.link_name
      • WebAPIResource.uri_template_name()
      • WebAPIResource.uri_template_name_plural()
      • WebAPIResource.call_method_view()
      • WebAPIResource.build_response_args()
      • WebAPIResource.get_object()
      • WebAPIResource.post()
      • WebAPIResource.put()
      • WebAPIResource.get()
      • WebAPIResource.get_list()
      • WebAPIResource.create()
      • WebAPIResource.update()
      • WebAPIResource.delete()
      • WebAPIResource.get_queryset()
      • WebAPIResource.get_url_patterns()
      • WebAPIResource.has_access_permissions()
      • WebAPIResource.has_list_access_permissions()
      • WebAPIResource.has_modify_permissions()
      • WebAPIResource.has_delete_permissions()
      • WebAPIResource.get_link_serializer()
      • WebAPIResource.serialize_link()
      • WebAPIResource.get_object_title()
      • WebAPIResource.serialize_object()
      • WebAPIResource.get_only_fields()
      • WebAPIResource.get_only_links()
      • WebAPIResource.get_serializer_for_object()
      • WebAPIResource.get_links()
      • WebAPIResource.get_related_links()
      • WebAPIResource.get_href()
      • WebAPIResource.get_list_url()
      • WebAPIResource.get_item_url()
      • WebAPIResource.build_resource_url()
      • WebAPIResource.get_href_parent_ids()
      • WebAPIResource.get_parent_object()
      • WebAPIResource.get_last_modified()
      • WebAPIResource.get_etag()
      • WebAPIResource.encode_etag()
      • WebAPIResource.are_cache_headers_current()
      • WebAPIResource.get_no_access_error()