{"id":38337546,"url":"https://github.com/fmitra/django-rest-secureview","last_synced_at":"2026-01-17T02:57:38.749Z","repository":{"id":49708221,"uuid":"77427079","full_name":"fmitra/django-rest-secureview","owner":"fmitra","description":"Enforce ViewSet requirements for Django REST Framework","archived":false,"fork":false,"pushed_at":"2021-06-10T18:12:38.000Z","size":24,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-27T18:22:36.454Z","etag":null,"topics":["django-rest-framework"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fmitra.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-12-27T05:03:55.000Z","updated_at":"2020-09-15T15:14:46.000Z","dependencies_parsed_at":"2022-08-26T07:02:41.759Z","dependency_job_id":null,"html_url":"https://github.com/fmitra/django-rest-secureview","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/fmitra/django-rest-secureview","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fdjango-rest-secureview","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fdjango-rest-secureview/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fdjango-rest-secureview/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fdjango-rest-secureview/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fmitra","download_url":"https://codeload.github.com/fmitra/django-rest-secureview/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fmitra%2Fdjango-rest-secureview/sbom","scorecard":{"id":405480,"data":{"date":"2025-08-11","repo":{"name":"github.com/fmitra/django-rest-secureview","commit":"0637afa570c89d7b37877cc88d93193d4c3efe81"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":1.7,"checks":[{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: PYSEC-2017-9 / GHSA-37hp-765x-j95x","Warn: Project is vulnerable to: PYSEC-2021-98 / GHSA-68w8-qjq3-2gfm","Warn: Project is vulnerable to: GHSA-7xr5-9hcq-chf9","Warn: Project is vulnerable to: GHSA-8x94-hmjh-97hq","Warn: Project is vulnerable to: PYSEC-2017-44 / GHSA-9r8w-6x8c-6jr9","Warn: Project is vulnerable to: PYSEC-2017-10 / GHSA-h4hv-m4h4-mhwg","Warn: Project is vulnerable to: GHSA-hmr4-m2h5-33qx","Warn: Project is vulnerable to: GHSA-rrqc-c2jx-6jgv","Warn: Project is vulnerable to: PYSEC-2019-16 / GHSA-vfq6-hq5r-27r6","Warn: Project is vulnerable to: PYSEC-2020-263 / GHSA-fx83-3ph3-9j2q","Warn: Project is vulnerable to: GHSA-gw84-84pc-xp82"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T21:08:58.334Z","repository_id":49708221,"created_at":"2025-08-18T21:08:58.334Z","updated_at":"2025-08-18T21:08:58.334Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28492593,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T02:39:23.645Z","status":"ssl_error","status_checked_at":"2026-01-17T02:34:19.649Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["django-rest-framework"],"created_at":"2026-01-17T02:57:37.125Z","updated_at":"2026-01-17T02:57:38.738Z","avatar_url":"https://github.com/fmitra.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![PyPI version](https://badge.fury.io/py/django-rest-secureview.svg)](https://badge.fury.io/py/django-rest-secureview)\n[![Build Status](https://travis-ci.org/fmitra/django-rest-secureview.svg?branch=master)](https://travis-ci.org/fmitra/django-rest-secureview)\n\n\n# django-rest-secureview\n\nA collection of decorators to enforce conditions on [Django REST Framework](http://www.django-rest-framework.org/) API routes that are accessed by the User. At the moment, it focuses on enforcing specific model keys in POST params, or requiring that a User has a foreign key relation to a model they are accessing. \n\n## Requirements\n\n1. Python 2 or Python 3\n2. Django\n3. Django REST Framework\n\n## Usuage\n\n1. Install package\n\n\t`pip install django-rest-secureview`\n\n2. Import decorators and viewset rules\n\n\t``` python\n\tfrom django_rest_secureview.decorators import require\n\tfrom django_rest_secureview.view_rules import Params\n\t```\n\n3. Decorate ViewSets\n\n\t``` python\n\tfrom rest_framework.viewsets import ModelViewSet\n\tfrom django_rest_secureview.decorators import require\n\tfrom django_rest_secureview.view_rule import Params\n\t\n\tclass ApiEndpoint(ModelViewSet):\n\t    @require(Params, params=['dog', 'cat'])\n\t    def create(self, request):\n\t        pass\n\t```\n\n## ViewRules\n\nViewRules contain the logic behind the API conditions being enforced. Using the `require` decorator requires a ViewRule at the minimum. The default ViewRules in this package all expect a certain keyword arguments to compliment them. If you need additional functionality, you can create your own ViewRule (explained below)\n\n1. `Params`: Requires specific POST params to be submitted in reqeusts\n  * kwargs: `params` list\n  * Usuage: `@require(Params, params=['animal', 'name'])`\n\n2. `Owner`: Requires authenticated User to have a foreign key relationship with the requested Model instance in a detailed endpint \n\t* kwargs: `model` Django Model\n\t* Usuage: `@require(Owner, model=Pet)`\n\t* Note: This only works in detailed endpoints using the default `pk` attribute \n\n3. `OwnerParams`: Combinds both `Params` and `Owner` conditions\n\t* kwargs: `model` Django Model, `params` list\n\t* Usuage: `@require(Owner, model=Pet, params=['animal'])`\n\t* Note: This only works in detailed endpoints using the default `pk` attribute \n\n## Decorators\n\n1. `require`: Accepts a ViewRule detailing API conditions and an arbitrary number of keyword values. For more information, reference the ViewRule documentation.\n\n\t``` python\n\t# Expects an animal and name param to be provided in the POST request\n\t@require(Params, params=['animal', 'name'])\n\tdef create(self, request):\n\t    pass\n\n\t# Expects the accessing User to have a foreign key relation to \n\t# the Pet model\n\t@require(Owner, model=Pet)\n\tdef retrieve(self, request, pk=None):\n\t    pass\n\t\n\t# Expects the accessing User to have a foreign key relation to \n\t# the Pet model as well as name and color values in the POST params\n\t@require_owner(OwnerParams, model=Pet, params=['name', 'color'])\n\tdef update(self, request, pk=None):\n\t    pass\n\t```\n\n## Creating Your Own ViewRules\n\nWe can create our own ViewRules by extending the ViewRule abstract class supplied in the view_rules module and implementing an `enforce` method. For convenience, HTTP status codes from the Django REST Framework are available in the class's `status` attribute and arguments in the request object are available in the class's `request` attribute.\n\nAll ViewRules are expected to have an `enforce` method that returns a JSON-serializable response if specific conditions are not met. If conditions are not met, the ViewSet will deliver this response instead of the response defined within the ViewSet's action method. \n\nMore status codes: [REST Framework Status Codes](http://www.django-rest-framework.org/api-guide/status-codes/)\n\n``` python\nfrom django_rest_secureview.view_rules import ViewRule\n\nclass MyCondition(ViewRule):\n    def enforce(self, params=None):\n        # Check who the User is if necessary\n        # user = self.request.user\n        # Some rules here\n        condition_met = False\n        if not condition_met:\n\t        code = self.status.HTTP_400_BAD_REQUEST\n\t        notice = {\"detail\":\"Whoops something went wrong\"}\n            return self.response(data=notice, status=code)\n```\n\n## Testing\n\n[Tox](https://tox.testrun.org) should be in your virtual environment in order to run tests. Other dependencies, such as the Django REST Framework will be packaged separately in Tox's virtual testing environment. \n\n``` sh\n./run_tests.sh\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffmitra%2Fdjango-rest-secureview","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffmitra%2Fdjango-rest-secureview","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffmitra%2Fdjango-rest-secureview/lists"}