Kieran Kieran - 1 year ago 36
Python Question

What does create_list refer to in Tastypie's custom authorisation?

I've been studying the Tastypie API documentation for custom authorisation.

There are eight possible methods to implement to create a custom authorisation class.

  • read_list

  • read_detail

  • create_list

  • create_detail

  • update_list

  • update_detail

  • delete_list

  • delete_detail

I am really struggling to understand the semantics of each of these methods. How exactly do they correspond to HTTP verbs (GET, POST, PUT, PATCH, DELETE... etc.)?

Initially, I thought that the
methods might mean...

Give me a list of all objects that the user can [create, read, update, delete]

But the "create" case...

Give me a list of all objects that the user can create

...really doesn't make sense, since the objects have already been created. In order to make sense with my interpretation, this would have to be a list of all possible objects the user could create (which is clearly infeasible).

So what does
actually mean? What about
and how does it differ to

Thanks for clarifying!

Answer Source

The question is about philosophy and concepts, and there are actually 3 questions, but let me try to answer you question briefly.

*_list vs *_detail:

*_list methods are filters of objects user has an access to.

*_detail methods are booleans that tell us, whether we can have an access to the exact object.


read_list - filters objects, that user will see on

read_detail - tells us whether user is allowed to view

Mapping CRUD to HTTP (Tastypie):



UPDATE - PUT (to upload new entity) / PATCH (to send changed fields only)


Why create_list:

The method was added just for the sake of uniformity and consistency. So you were right to see no practical sense in it.

We can even check it in the tastypie/

def create_list(self, object_list, bundle):
    Unimplemented, as Tastypie never creates entire new lists, but
    present for consistency & possible extension.