Overview
TurboDRF turns Django models into proper REST APIs with almost no boilerplate. Add a mixin to your model. Declare a turbodrf() classmethod that says which fields exist and who is allowed to do what. Register the router. You get list, detail, create, update and delete endpoints, with search, filtering, pagination, field selection and proper RBAC out of the box.
Background
Every time I started a new Django project I'd write the same ViewSets, the same permission classes and the same tenant-isolation checks. TurboDRF is the version of that boilerplate I wished existed. Opinionated and secure by default, but small enough to read end to end if you want to.
Features
- Instant REST endpoints from your models.
- RBAC with a declarative permission map.
- Row-level access via tenant boundaries and predicates that compile to efficient Q objects.
- Field-level permissions for read and write.
- Search, filtering, pagination and field selection built in.
- Write-side validation that blocks cross-tenant foreign-key injection.
- Optional Postgres Row-Level Security integration as a defence-in-depth layer.
- Mandatory tenant walls. Workspace isolation that can't be silently bypassed by adding a new endpoint.
Install
pip install turbodrf
# optional, for faster JSON rendering
pip install turbodrf[fast]Stats
- License: MIT
- Python: 3.10 to 3.14
- Django: 4.2 to 6.0
- Test coverage: 95.58%
- 16 releases, latest v0.4.4