Merge branch 'master' of github.com:tomchristie/django-rest-framework

docs/tutorial/quickstart.md

@@ -83,8 +83,6 @@ Rather than write multiple views we're grouping together all the common behavior
 
 We can easily break these down into individual views if we need to, but using viewsets keeps the view logic nicely organized as well as being very concise.
 
-For trivial cases you can simply set a `model` attribute on the `ViewSet` class and the serializer and queryset will be automatically generated for you.  Setting the `queryset` and/or `serializer_class` attributes gives you more explicit control of the API behaviour, and is the recommended style for most applications.
-
 ## URLs
 
 Okay, now let's wire up the API URLs.  On to `tutorial/urls.py`...

requirements/requirements-optionals.txt

@@ -1,4 +1,4 @@
 # Optional packages which may be used with REST framework.
 markdown==2.5.2
-django-guardian==1.2.5
+django-guardian==1.3.0
 django-filter==0.10.0

rest_framework/filters.py

@@ -198,4 +198,7 @@ def filter_queryset(self, request, queryset, view):
             'model_name': get_model_name(model_cls)
         }
         permission = self.perm_format % kwargs
-        return guardian.shortcuts.get_objects_for_user(user, permission, queryset)
+        if guardian.VERSION >= (1, 3):
+            # Maintain behavior compatibility with versions prior to 1.3
+            extra = {'accept_global_perms': False}
+        return guardian.shortcuts.get_objects_for_user(user, permission, queryset, **extra)

rest_framework/serializers.py

@@ -153,6 +153,16 @@ def save(self, **kwargs):
             'You cannot call `.save()` on a serializer with invalid data.'
         )
 
+        # Guard against incorrect use of `serializer.save(commit=False)`
+        assert 'commit' not in kwargs, (
+            "'commit' is not a valid keyword argument to the 'save()' method. "
+            "If you need to access data before committing to the database then "
+            "inspect 'serializer.validated_data' instead. "
+            "You can also pass additional keyword arguments to 'save()' if you "
+            "need to set extra attributes on the saved model instance. "
+            "For example: 'serializer.save(owner=request.user)'.'"
+        )
+
         validated_data = dict(
             list(self.validated_data.items()) +
             list(kwargs.items())
@@ -611,6 +621,16 @@ def save(self, **kwargs):
         """
         Save and return a list of object instances.
         """
+        # Guard against incorrect use of `serializer.save(commit=False)`
+        assert 'commit' not in kwargs, (
+            "'commit' is not a valid keyword argument to the 'save()' method. "
+            "If you need to access data before committing to the database then "
+            "inspect 'serializer.validated_data' instead. "
+            "You can also pass additional keyword arguments to 'save()' if you "
+            "need to set extra attributes on the saved model instance. "
+            "For example: 'serializer.save(owner=request.user)'.'"
+        )
+
         validated_data = [
             dict(list(attrs.items()) + list(kwargs.items()))
             for attrs in self.validated_data