On 7/13/07, David Larlet <lar...
> * About users, how can I handle django users' permissions? John
> Sutherland had already done some work on django-crudapi  and it
> could be interesting to allow this access control.
Good question. I would subclass one of the authentication classes,
e.g. HttpBasicAuthentication, and add a has_perm() check dependent on
the request method to is_authenticated().
Currently, REST authentication is independent from Django's
authentication middleware. It might make sense to move most of the
code in HttpBasicAuthentication and HttpDigestAuthentication to
django.contrib.auth.backends and to let the middleware do most of the
> I'm not fond of CRUD names and I prefer to keep an information on
> the HTTP verb in the function name but it's maybe personal.
I chose the CRUD names as they better describe what the methods
actually do, but if the consensus is that it is more important to
highlight the HTTP method, I will change this.
> * About dispatch, why don't you use the __call__ trick?
Fixed, thanks for the pointer.
> * About verbs, I know this is not really GSoC related but what is the
> recommended way to handle fake PUT and DELETE from a browser? The
> HttpMethodMiddleware? Maybe a simple form/deletion in the polls
> application will be an interesting example for a real django case.
Yes, I recommend HttpMethodsMiddleware . I just added a "delete"
button to the template example and verified that it works if you add
HttpMethodsMiddleware to your middleware classes.
Thanks for your comments!