Practically speaking no1. is the most pragmatic. You don't need to use any of the bells & whistles that REST framework optionally provides, just use @api_view for FBVs and APIView for CBVs, and you've got a consistent approach to all the basics, like per-view authentication, permissions, throttling, request parsing and response rendering.
no2 isn't necessarily ideal, because it doesn't give you per-view authentication, and doesn't easily handle being able to use session auth, requiring CSRF or non-session auth, not requiring CSRF. no3. would be reasonable too, but it's not really a case of "convince the core devs to do XYZ" as it is a case of "find a way to resource the work for XYZ". no4. is just extra noise. Perhaps there could be a slimmed down version of REST framework, but it's hard to see what practical benefit we'd get for the work it'd require, and for the extra cognitive split it'd introduce. Cheers, T. -- You received this message because you are subscribed to the Google Groups "Django REST framework" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
