Add validation for decorator order with @api_view #9821
+144
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Raise TypeError when API policy decorators (@permission_classes, @renderer_classes, etc.) are applied after @api_view instead of before it. Fixes encode#9596
There was a problem hiding this comment.
Pull Request Overview
This PR adds validation to ensure API policy decorators are applied in the correct order relative to the @api_view decorator. The feature prevents a common mistake where developers apply policy decorators after @api_view, which silently fails to work as expected.
- Introduced
_check_decorator_order()helper function to detect incorrect decorator ordering - Added order validation to all nine API policy decorators
- Comprehensive test coverage for all affected decorators
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| rest_framework/decorators.py | Added _check_decorator_order() validation function and integrated it into all API policy decorators to raise TypeError when applied after @api_view |
| tests/test_decorators.py | Added nine test cases to verify that each API policy decorator raises TypeError when incorrectly applied after @api_view |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
browniebroke
reviewed
Nov 6, 2025
- Change 'must be applied before' to 'must come after (below) the' to match DRF docs language - Fix decorator order in example to show @api_view first, then policy decorator below - Remove unnecessary f-string prefixes from non-interpolated lines - Update all test assertions to match new error message wording Addresses feedback from @browniebroke in PR encode#9821
auvipy
approved these changes
Nov 23, 2025
browniebroke
approved these changes
Nov 24, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #9596
This PR adds validation to detect when API policy decorators (
@permission_classes,@renderer_classes, etc.) are applied in the wrong order with@api_view.Problem
When policy decorators are applied after
@api_view(i.e., placed above it in code), the policy settings are silently ignored. This happens because:@api_view, they set attributes on the already-created view function, not the original functionSolution
Added a
_check_decorator_order()helper that:APIView.as_view())TypeErrorwith the correct decorator orderTests
Added 9 comprehensive tests covering all policy decorators to ensure they properly validate ordering.