[Django] #22797: Base Generic View `_allowed_methods` could accept request args.
Django
-----------------------------------------+--------------------
Reporter: Keryn Knight <django@…> | Owner: nobody
Type: New feature | Status: new
Component: Generic views | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------------------+--------------------
Currently,
[https://github.com/django/django/blob/e2f142030b81a37e1c3187f5d336dcb6014fd1c0/django/views/generic/base.py#L107
View._allowed_methods] doesn't take into account the potential need for
the request to change the availability/discover of methods, if for example
the request comes with a token, cookie or whatever that grants additional
method access.
`_allowed_methods` is used in the base `View` by the
[https://github.com/django/django/blob/e2f142030b81a37e1c3187f5d336dcb6014fd1c0/django/views/generic/base.py#L103
options HTTP verb] and
[https://github.com/django/django/blob/e2f142030b81a37e1c3187f5d336dcb6014fd1c0/django/views/generic/base.py#L96
in http_method_not_allowed], both of which could pass on `request, *args,
**kwargs` to `_allowed_methods`, and looking at
[https://github.com/django/django/search?q=_allowed_methods&ref=cmdform
GitHub's results] seems to indicate that's the only place it's used.
Meanwhile [https://sourcegraph.com/search?q=%22_allowed_methods%22
Sourcegraph] suggests that the only real public usage (admittedly in a
largely depended upon package) downstream is in
[https://github.com/tomchristie/django-rest-
framework/blob/07cb436d610b0e9b6e60b84412c8d6552c0c55a0/rest_framework/views.py#L106
Django-Rest-Framework].
--
Ticket URL: <https://code.djangoproject.com/ticket/22797>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Keryn Knight | Owner: nobody
<django@…> | Status: new
Type: New feature | Version: master
Component: Generic views | Resolution:
Severity: Normal | Triage Stage: Accepted
Keywords: | Needs documentation: 0
Has patch: 0 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
Changes (by timo):
* needs_better_patch: => 0
* needs_docs: => 0
* needs_tests: => 0
* stage: Unreviewed => Accepted
Comment:
We'd probably want to make it a public method as well.
--
Ticket URL: <https://code.djangoproject.com/ticket/22797#comment:1>
Django
Reporter: Keryn Knight | Owner: nobody
Type: New feature | Version: master
Severity: Normal | Triage Stage: Accepted
Keywords: | Needs documentation: 0
Has patch: 0 | Patch needs improvement: 0
Needs tests: 0 | UI/UX: 0
Easy pickings: 0 |
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => wontfix
Comment:
I'm going to recommend that we don't treat `_allowed_methods` as an
overridable bit of public API, or allow for the use case of dynamically
altering the results for the `Allow` header.
The `Allow` header doesn't necessarily need to reflect which methods are
actually permitted, just which are valid.
In REST framework the only thing we do with `_allowed_methods` is promote
it to public, read-only API.
--
Ticket URL: <https://code.djangoproject.com/ticket/22797#comment:2>