Skip to content
Newer
Older
100644 701 lines (537 sloc) 29.9 KB
2d93140 @mmerickel support acl as a callable
mmerickel authored Mar 18, 2013
1 next release
2 ============
3
4 Features
5 --------
6
7 - ``ACLAuthorizationPolicy`` supports ``__acl__`` as a callable. This
8 removes the ambiguity between the potential ``AttributeError`` that would
9 be raised on the ``context`` when the property was not defined and the
10 ``AttributeError`` that could be raised from any user-defined code within
11 a dynamic property. It is recommended to define a dynamic ACL as a callable
12 to avoid this ambiguity. See https://github.com/Pylons/pyramid/issues/735.
13
96ab9f2 @mcdonc prep for 1.4
mcdonc authored Dec 18, 2012
14 1.4 (2012-12-18)
15 ================
758fa23 @mcdonc garden
mcdonc authored Dec 18, 2012
16
17 Docs
18 ----
19
20 - Fix functional tests in the ZODB tutorial
21
e609e19 @mcdonc prep for 1.4b3
mcdonc authored Dec 10, 2012
22 1.4b3 (2012-12-10)
23 ==================
24
25 - Packaging release only, no code changes. 1.4b2 was a brownbag release due to
26 missing directories in the tarball.
27
a7e0e60 @mcdonc prep for 1.4b2
mcdonc authored Dec 10, 2012
28 1.4b2 (2012-12-10)
29 ==================
30
31 Docs
32 ----
33
34 - Scaffolding is now PEP-8 compliant (at least for a brief shining moment).
35
36 - Tutorial improvements.
ed14191 @mmerickel _depth argument to view_config is now relative to view_config
mmerickel authored Dec 6, 2012
37
38 Backwards Incompatibilities
39 ---------------------------
40
41 - Modified the ``_depth`` argument to ``pyramid.view.view_config`` to accept
42 a value relative to the invocation of ``view_config`` itself. Thus, when it
43 was previously expecting a value of ``1`` or greater, to reflect that
44 the caller of ``view_config`` is 1 stack frame away from ``venusian.attach``,
45 this implementation detail is now hidden.
46
a078e19 @mcdonc add changenote
mcdonc authored Dec 6, 2012
47 - Modified the ``_backframes`` argument to ``pyramid.util.action_method`` in a
48 similar way to the changes described to ``_depth`` above. This argument
49 remains undocumented, but might be used in the wild by some insane person.
50
1608b26 @mcdonc prep for 1.4b1
mcdonc authored Nov 21, 2012
51 1.4b1 (2012-11-21)
52 ==================
0ccdc23 @mcdonc - A failure when trying to locate the attribute ``__text__`` on route…
mcdonc authored Nov 18, 2012
53
71cd93b @mcdonc - Small microspeed enhancement which anticipates that a
mcdonc authored Nov 20, 2012
54 Features
55 --------
56
57 - Small microspeed enhancement which anticipates that a
58 ``pyramid.response.Response`` object is likely to be returned from a view.
59 Some code is shortcut if the class of the object returned by a view is this
60 class. A similar microoptimization was done to
61 ``pyramid.request.Request.is_response``.
62
9132f65 @mcdonc garden
mcdonc authored Nov 20, 2012
63 - Make it possible to use variable arguments on ``p*`` commands (``pserve``,
64 ``pshell``, ``pviews``, etc) in the form ``a=1 b=2`` so you can fill in
65 values in parameterized ``.ini`` file, e.g. ``pshell etc/development.ini
6ba0fc7 @mcdonc garden
mcdonc authored Nov 20, 2012
66 http_port=8080``. See https://github.com/Pylons/pyramid/pull/714
9132f65 @mcdonc garden
mcdonc authored Nov 21, 2012
67
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
68 - A somewhat advanced and obscure feature of Pyramid event handlers is their
69 ability to handle "multi-interface" notifications. These notifications have
70 traditionally presented multiple objects to the subscriber callable. For
71 instance, if an event was sent by code like this::
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
72
73 registry.notify(event, context)
74
75 In the past, in order to catch such an event, you were obligated to write and
76 register an event subscriber that mentioned both the event and the context in
77 its argument list::
78
79 @subscriber([SomeEvent, SomeContextType])
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
80 def asubscriber(event, context):
81 pass
82
83 In many subscriber callables registered this way, it was common for the logic
84 in the subscriber callable to completely ignore the second and following
85 arguments (e.g. ``context`` in the above example might be ignored), because
86 they usually existed as attributes of the event anyway. You could usually
a3810e7 @mcdonc garden
mcdonc authored Nov 21, 2012
87 get the same value by doing ``event.context`` or similar.
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
88
89 The fact that you needed to put an extra argument which you usually ignored
90 in the subscriber callable body was only a minor annoyance until we added
a3810e7 @mcdonc garden
mcdonc authored Nov 21, 2012
91 "subscriber predicates", used to narrow the set of circumstances under which
92 a subscriber will be executed, in a prior 1.4 alpha release. Once those were
93 added, the annoyance was escalated, because subscriber predicates needed to
94 accept the same argument list and arity as the subscriber callables that they
95 were configured against. So, for example, if you had these two subscriber
96 registrations in your code::
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
97
98 @subscriber([SomeEvent, SomeContextType])
99 def asubscriber(event, context):
100 pass
101
102 @subscriber(SomeOtherEvent)
103 def asubscriber(event):
104 pass
105
106 And you wanted to use a subscriber predicate::
107
108 @subscriber([SomeEvent, SomeContextType], mypredicate=True)
a3810e7 @mcdonc garden
mcdonc authored Nov 21, 2012
109 def asubscriber1(event, context):
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
110 pass
111
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
112 @subscriber(SomeOtherEvent, mypredicate=True)
a3810e7 @mcdonc garden
mcdonc authored Nov 21, 2012
113 def asubscriber2(event):
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
114 pass
115
a3810e7 @mcdonc garden
mcdonc authored Nov 21, 2012
116 If an existing ``mypredicate`` subscriber predicate had been written in such
117 a way that it accepted only one argument in its ``__call__``, you could not
118 use it against a subscription which named more than one interface in its
119 subscriber interface list. Similarly, if you had written a subscriber
120 predicate that accepted two arguments, you couldn't use it against a
121 registration that named only a single interface type.
122
123 For example, if you created this predicate::
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
124
125 class MyPredicate(object):
126 # portions elided...
127 def __call__(self, event):
128 return self.val == event.context.foo
129
a3810e7 @mcdonc garden
mcdonc authored Nov 21, 2012
130 It would not work against a multi-interface-registered subscription, so in
131 the above example, when you attempted to use it against ``asubscriber1``, it
132 would fail at runtime with a TypeError, claiming something was attempting to
133 call it with too many arguments.
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
134
a3810e7 @mcdonc garden
mcdonc authored Nov 21, 2012
135 To hack around this limitation, you were obligated to design the
136 ``mypredicate`` predicate to expect to receive in its ``__call__`` either a
137 single ``event`` argument (a SomeOtherEvent object) *or* a pair of arguments
138 (a SomeEvent object and a SomeContextType object), presumably by doing
139 something like this::
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
140
141 class MyPredicate(object):
142 # portions elided...
143 def __call__(self, event, context=None):
144 return self.val == event.context.foo
145
146 This was confusing and bad.
147
148 In order to allow people to ignore unused arguments to subscriber callables
149 and to normalize the relationship between event subscribers and subscriber
150 predicates, we now allow both subscribers and subscriber predicates to accept
151 only a single ``event`` argument even if they've been subscribed for
152 notifications that involve multiple interfaces. Subscribers and subscriber
153 predicates that accept only one argument will receive the first object passed
154 to ``notify``; this is typically (but not always) the event object. The
155 other objects involved in the subscription lookup will be discarded. You can
156 now write an event subscriber that accepts only ``event`` even if it
157 subscribes to multiple interfaces::
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
158
159 @subscriber([SomeEvent, SomeContextType])
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
160 def asubscriber(event):
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
161 # this will work!
162
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
163 This prevents you from needing to match the subscriber callable parameters to
164 the subscription type unnecessarily, especially when you don't make use of
165 any argument in your subscribers except for the event object itself.
166
167 Note, however, that if the event object is not the first
168 object in the call to ``notify``, you'll run into trouble. For example, if
169 notify is called with the context argument first::
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
170
171 registry.notify(context, event)
172
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
173 You won't be able to take advantage of the event-only feature. It will
174 "work", but the object received by your event handler won't be the event
175 object, it will be the context object, which won't be very useful::
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
176
177 @subscriber([SomeContextType, SomeEvent])
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
178 def asubscriber(event):
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
179 # bzzt! you'll be getting the context here as ``event``, and it'll
180 # be useless
181
182 Existing multiple-argument subscribers continue to work without issue, so you
183 should continue use those if your system notifies using multiple interfaces
184 and the first interface is not the event interface. For example::
185
186 @subscriber([SomeContextType, SomeEvent])
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
187 def asubscriber(context, event):
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
188 # this will still work!
189
190 The event-only feature makes it possible to use a subscriber predicate that
191 accepts only a request argument within both multiple-interface subscriber
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
192 registrations and single-interface subscriber registrations. You needn't
193 make slightly different variations of predicates depending on the
194 subscription type arguments. Instead, just write all your subscriber
195 predicates so they only accept ``event`` in their ``__call__`` and they'll be
196 useful across all registrations for subscriptions that use an event as their
197 first argument, even ones which accept more than just ``event``.
198
199 However, the same caveat applies to predicates as to subscriber callables: if
200 you're subscribing to a multi-interface event, and the first interface is not
201 the event interface, the predicate won't work properly. In such a case,
202 you'll need to match the predicate ``__call__`` argument ordering and
203 composition to the ordering of the interfaces. For example, if the
204 registration for the subscription uses ``[SomeContext, SomeEvent]``, you'll
205 need to reflect that in the ordering of the parameters of the predicate's
206 ``__call__`` method::
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
207
208 def __call__(self, context, event):
209 return event.request.path.startswith(self.val)
210
f700d37 @mcdonc garden
mcdonc authored Nov 21, 2012
211 tl;dr: 1) When using multi-interface subscriptions, always use the event type
212 as the first subscription registration argument and 2) When 1 is true, use
213 only ``event`` in your subscriber and subscriber predicate parameter lists,
214 no matter how many interfaces the subscriber is notified with. This
215 combination will result in the maximum amount of reusability of subscriber
216 predicates and the least amount of thought on your part. Drink responsibly.
28fc3d5 @mcdonc - In order to normalize the relationship between event subscribers and
mcdonc authored Nov 21, 2012
217
0ccdc23 @mcdonc - A failure when trying to locate the attribute ``__text__`` on route…
mcdonc authored Nov 19, 2012
218 Bug Fixes
219 ---------
220
221 - A failure when trying to locate the attribute ``__text__`` on route and view
222 predicates existed when the ``debug_routematch`` setting was true or when the
223 ``pviews`` command was used. See https://github.com/Pylons/pyramid/pull/727
224
b5e4443 @mcdonc garden
mcdonc authored Nov 20, 2012
225 Documentation
226 -------------
227
228 - Sync up tutorial source files with the files that are rendered by the
229 scaffold that each uses.
230
9480686 @mcdonc prep for release
mcdonc authored Nov 14, 2012
231 1.4a4 (2012-11-14)
232 ==================
c7337ba @mcdonc - Added an ``effective_principals`` route and view predicate.
mcdonc authored Oct 28, 2012
233
234 Features
235 --------
236
19b8207 @mmerickel merged SHA512AuthTktAuthenticationPolicy into AuthTktAuthenticationPo…
mmerickel authored Nov 4, 2012
237 - ``pyramid.authentication.AuthTktAuthenticationPolicy`` has been updated to
238 support newer hashing algorithms such as ``sha512``. Existing applications
39ef68d @mcdonc rearrange deck chairs
mcdonc authored Nov 14, 2012
239 should consider updating if possible for improved security over the default
240 md5 hashing.
19b8207 @mmerickel merged SHA512AuthTktAuthenticationPolicy into AuthTktAuthenticationPo…
mmerickel authored Nov 4, 2012
241
c7337ba @mcdonc - Added an ``effective_principals`` route and view predicate.
mcdonc authored Oct 29, 2012
242 - Added an ``effective_principals`` route and view predicate.
243
07c9ee0 @mcdonc - Do not allow the userid returned from the ``authenticated_userid`` …
mcdonc authored Nov 2, 2012
244 - Do not allow the userid returned from the ``authenticated_userid`` or the
245 userid that is one of the list of principals returned by
246 ``effective_principals`` to be either of the strings ``system.Everyone`` or
247 ``system.Authenticated`` when any of the built-in authorization policies that
248 live in ``pyramid.authentication`` are in use. These two strings are
249 reserved for internal usage by Pyramid and they will not be accepted as valid
250 userids.
251
ca46568 @mmerickel garden
mmerickel authored Nov 4, 2012
252 - Slightly better debug logging from
253 ``pyramid.authentication.RepozeWho1AuthenticationPolicy``.
47146eb @mcdonc garden
mcdonc authored Nov 2, 2012
254
39ef68d @mcdonc rearrange deck chairs
mcdonc authored Nov 14, 2012
255 - ``pyramid.security.view_execution_permitted`` used to return ``True`` if no
926fb68 @mcdonc resolve merge conflict
mcdonc authored Nov 2, 2012
256 view could be found. It now raises a ``TypeError`` exception in that case, as
257 it doesn't make sense to assert that a nonexistent view is
258 execution-permitted. See https://github.com/Pylons/pyramid/issues/299.
6099144 @mmerickel updated changes
mmerickel authored Oct 30, 2012
259
a8d71ca @mcdonc - Allow a ``_depth`` argument to ``pyramid.view.view_config``, which …
mcdonc authored Nov 4, 2012
260 - Allow a ``_depth`` argument to ``pyramid.view.view_config``, which will
261 permit limited composition reuse of the decorator by other software that
262 wants to provide custom decorators that are much like view_config.
263
1701243 @mmerickel update changelog, close #627
mmerickel authored Nov 4, 2012
264 - Allow an iterable of decorators to be passed to
265 ``pyramid.config.Configurator.add_view``. This allows views to be wrapped
266 by more than one decorator without requiring combining the decorators
267 yourself.
268
a007a4f @mcdonc - In the past if a renderer returned ``None``, the body of the resulting
mcdonc authored Nov 2, 2012
269 Bug Fixes
270 ---------
271
272 - In the past if a renderer returned ``None``, the body of the resulting
273 response would be set explicitly to the empty string. Instead, now, the body
274 is left unchanged, which allows the renderer to set a body itself by using
275 e.g. ``request.response.body = b'foo'``. The body set by the renderer will
276 be unmolested on the way out. See
277 https://github.com/Pylons/pyramid/issues/709
278
34d4cd0 @mcdonc - In uncommon cases, the ``pyramid_excview_tween_factory`` might have
mcdonc authored Nov 4, 2012
279 - In uncommon cases, the ``pyramid_excview_tween_factory`` might have
280 inadvertently raised a ``KeyError`` looking for ``request_iface`` as an
281 attribute of the request. It no longer fails in this case. See
282 https://github.com/Pylons/pyramid/issues/700
283
267dbd2 @mcdonc - Be more tolerant of potential error conditions in ``match_param`` and
mcdonc authored Nov 11, 2012
284 - Be more tolerant of potential error conditions in ``match_param`` and
285 ``physical_path`` predicate implementations; instead of raising an exception,
286 return False.
287
39ef68d @mcdonc rearrange deck chairs
mcdonc authored Nov 14, 2012
288 - ``pyramid.view.render_view`` was not functioning properly under Python 3.x
289 due to a byte/unicode discrepancy. See
cd8ac80 @tshepang update some links and fix others
tshepang authored Feb 15, 2013
290 https://github.com/Pylons/pyramid/issues/721
f89cfcd @mmerickel updated changelog
mmerickel authored Nov 13, 2012
291
ca3df80 @mmerickel emit a warning if a user is using the default hashalg to AuthTkt
mmerickel authored Nov 4, 2012
292 Deprecations
293 ------------
294
39ef68d @mcdonc rearrange deck chairs
mcdonc authored Nov 14, 2012
295 - ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning if
296 an application is using the policy without explicitly passing a ``hashalg``
297 argument. This is because the default is "md5" which is considered
298 theoretically subject to collision attacks. If you really want "md5" then you
299 must specify it explicitly to get rid of the warning.
300
301 Documentation
302 -------------
303
304 - All of the tutorials that use
305 ``pyramid.authentication.AuthTktAuthenticationPolicy`` now explicitly pass
306 ``sha512`` as a ``hashalg`` argument.
307
ca3df80 @mmerickel emit a warning if a user is using the default hashalg to AuthTkt
mmerickel authored Nov 4, 2012
308
66fe1d0 @mcdonc - Move ``TopologicalSorter`` from ``pyramid.config.util`` to ``pyrami…
mcdonc authored Nov 3, 2012
309 Internals
310 ---------
311
312 - Move ``TopologicalSorter`` from ``pyramid.config.util`` to ``pyramid.util``,
313 move ``CyclicDependencyError`` from ``pyramid.config.util`` to
314 ``pyramid.exceptions``, rename ``Singleton`` to ``Sentinel`` and move from
ca46568 @mmerickel garden
mmerickel authored Nov 4, 2012
315 ``pyramid.config.util`` to ``pyramid.util``; this is in an effort to
0487545 @mcdonc fix docs, upgrade tutorials, add change note, deprecate using zope.de…
mcdonc authored Nov 4, 2012
316 move that stuff that may be an API one day out of ``pyramid.config.util``,
66fe1d0 @mcdonc - Move ``TopologicalSorter`` from ``pyramid.config.util`` to ``pyrami…
mcdonc authored Nov 3, 2012
317 because that package should never be imported from non-Pyramid code.
318 TopologicalSorter is still not an API, but may become one.
319
39ef68d @mcdonc rearrange deck chairs
mcdonc authored Nov 14, 2012
320 - Get rid of shady monkeypatching of ``pyramid.request.Request`` and
321 ``pyramid.response.Response`` done within the ``__init__.py`` of Pyramid.
322 Webob no longer relies on this being done. Instead, the ResponseClass
323 attribute of the Pyramid Request class is assigned to the Pyramid response
324 class; that's enough to satisfy WebOb and behave as it did before with the
325 monkeypatching.
326
4a6cca6 @mcdonc prep for 1.4a3
mcdonc authored Oct 26, 2012
327 1.4a3 (2012-10-26)
328 ==================
d6fb001 @mcdonc - 1.4a ``pyramid.scripting.prepare`` behaved differently than 1.3 series
mcdonc authored Sep 30, 2012
329
330 Bug Fixes
331 ---------
332
06a904f @mcdonc add docs and changelog note
mcdonc authored Oct 13, 2012
333 - The match_param predicate's text method was fixed to sort its values.
334 Part of https://github.com/Pylons/pyramid/pull/705
335
d6fb001 @mcdonc - 1.4a ``pyramid.scripting.prepare`` behaved differently than 1.3 series
mcdonc authored Sep 30, 2012
336 - 1.4a ``pyramid.scripting.prepare`` behaved differently than 1.3 series
337 function of same name. In particular, if passed a request, it would not
338 set the ``registry`` attribute of the request like 1.3 did. A symptom
339 would be that passing a request to ``pyramid.paster.bootstrap`` (which uses
340 the function) that did not have a ``registry`` attribute could assume that
341 the registry would be attached to the request by Pyramid. This assumption
342 could be made in 1.3, but not in 1.4. The assumption can now be made in
343 1.4 too (a registry is attached to a request passed to bootstrap or
344 prepare).
345
66d277a @mcdonc garden
mcdonc authored Oct 5, 2012
346 - When registering a view configuration that named a Chameleon ZPT renderer
347 with a macro name in it (e.g. ``renderer='some/template#somemacro.pt``) as
043ccdd @tshepang eliminate other repeated words
tshepang authored Jan 2, 2013
348 well as a view configuration without a macro name in it that pointed to the
9937a4e @chrisrossi Fix rst syntax error which prevented Sphinx docs from building.
chrisrossi authored Oct 14, 2012
349 same template (e.g. ``renderer='some/template.pt'``), internal caching could
66d277a @mcdonc garden
mcdonc authored Oct 5, 2012
350 confuse the two, and your code might have rendered one instead of the
351 other.
352
1273d56 @mcdonc - The Configurator ``testing_securitypolicy`` method now returns the …
mcdonc authored Oct 7, 2012
353 Features
354 --------
355
c25a8fd @mcdonc - New ``physical_path`` view predicate. If specified, this value shou…
mcdonc authored Oct 26, 2012
356 - Allow multiple values to be specified to the ``request_param`` view/route
357 predicate as a sequence. Previously only a single string value was allowed.
358 See https://github.com/Pylons/pyramid/pull/705
359
360 - Comments with references to documentation sections placed in scaffold
361 ``.ini`` files.
362
363 - Added an HTTP Basic authentication policy
364 at ``pyramid.authentication.BasicAuthAuthenticationPolicy``.
365
1273d56 @mcdonc - The Configurator ``testing_securitypolicy`` method now returns the …
mcdonc authored Oct 7, 2012
366 - The Configurator ``testing_securitypolicy`` method now returns the policy
367 object it creates.
368
369 - The Configurator ``testing_securitypolicy`` method accepts two new
370 arguments: ``remember_result`` and ``forget_result``. If supplied, these
371 values influence the result of the policy's ``remember`` and ``forget``
372 methods, respectively.
373
374 - The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a
375 ``forgotten`` value on the policy (the value ``True``) when its ``forget``
376 method is called.
377
378 - The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a
379 ``remembered`` value on the policy, which is the value of the ``principal``
380 argument it's called with when its ``remember`` method is called.
381
c25a8fd @mcdonc - New ``physical_path`` view predicate. If specified, this value shou…
mcdonc authored Oct 26, 2012
382 - New ``physical_path`` view predicate. If specified, this value should be a
383 string or a tuple representing the physical traversal path of the context
384 found via traversal for this predicate to match as true. For example:
385 ``physical_path='/'`` or ``physical_path='/a/b/c'`` or ``physical_path=('',
386 'a', 'b', 'c')``. This is not a path prefix match or a regex, it's a
387 whole-path match. It's useful when you want to always potentially show a
388 view when some object is traversed to, but you can't be sure about what kind
389 of object it will be, so you can't use the ``context`` predicate. The
390 individual path elements inbetween slash characters or in tuple elements
391 should be the Unicode representation of the name of the resource and should
392 not be encoded in any way.
393
072cbf7 @mcdonc prep for 1.4a2
mcdonc authored Sep 27, 2012
394 1.4a2 (2012-09-27)
395 ==================
68c25d3 @mcdonc garden
mcdonc authored Sep 19, 2012
396
d27bc79 @mcdonc garden
mcdonc authored Sep 22, 2012
397 Bug Fixes
398 ---------
399
4388d31 @mcdonc mirror john's change for chameleon, better changelog message
mcdonc authored Sep 22, 2012
400 - When trying to determine Mako defnames and Chameleon macro names in asset
401 specifications, take into account that the filename may have a hyphen in
402 it. See https://github.com/Pylons/pyramid/pull/692
d27bc79 @mcdonc garden
mcdonc authored Sep 22, 2012
403
68c25d3 @mcdonc garden
mcdonc authored Sep 19, 2012
404 Features
405 --------
406
407 - A new ``pyramid.session.check_csrf_token`` convenience function was added.
408
80cd0b1 @mcdonc garden
mcdonc authored Sep 19, 2012
409 - A ``check_csrf`` view predicate was added. For example, you can now do
410 ``config.add_view(someview, check_csrf=True)``. When the predicate is
411 checked, if the ``csrf_token`` value in ``request.params`` matches the CSRF
412 token in the request's session, the view will be permitted to execute.
413 Otherwise, it will not be permitted to execute.
68c25d3 @mcdonc garden
mcdonc authored Sep 19, 2012
414
098599b @mcdonc - Add ``Base.metadata.bind = engine`` to alchemy template, so that ta…
mcdonc authored Sep 22, 2012
415 - Add ``Base.metadata.bind = engine`` to alchemy template, so that tables
416 defined imperatively will work.
417
418 Documentation
419 -------------
420
421 - update wiki2 SQLA tutorial with the changes required after inserting
422 ``Base.metadata.bind = engine`` into the alchemy scaffold.
423
ce1e86c @mcdonc prep for 1.4a1
mcdonc authored Sep 16, 2012
424 1.4a1 (2012-09-16)
425 ==================
f6bd88e @mcdonc trivial change to poke jenkins (im in on an untrusted network and can…
mcdonc authored Sep 8, 2012
426
a39dd2f @mcdonc - Add ``REMOTE_ADDR`` to the ``prequest`` WSGI environ dict for benef…
mcdonc authored Mar 22, 2012
427 Bug Fixes
428 ---------
429
1794b4b @mcdonc note that this is a forward port
mcdonc authored Mar 30, 2012
430 - Forward port from 1.3 branch: When no authentication policy was configured,
431 a call to ``pyramid.security.effective_principals`` would unconditionally
432 return the empty list. This was incorrect, it should have unconditionally
433 returned ``[Everyone]``, and now does.
8782def @mcdonc - When no authentication policy was configured, a call to
mcdonc authored Mar 30, 2012
434
3074e78 @mcdonc garden
mcdonc authored Jul 10, 2012
435 - Explicit url dispatch regexes can now contain colons.
436 https://github.com/Pylons/pyramid/issues/629
437
e652518 @mcdonc - On at least one 64-bit Ubuntu system under Python 3.2, using the
mcdonc authored Jul 13, 2012
438 - On at least one 64-bit Ubuntu system under Python 3.2, using the
439 ``view_config`` decorator caused a ``RuntimeError: dictionary changed size
440 during iteration`` exception. It no longer does. See
441 https://github.com/Pylons/pyramid/issues/635 for more information.
442
8b26752 @blaflamme added entry to changes.txt for mako fix
blaflamme authored Aug 3, 2012
443 - In Mako Templates lookup, check if the uri is already adjusted and bring
444 it back to an asset spec. Normally occurs with inherited templates or
445 included components.
446 https://github.com/Pylons/pyramid/issues/606
447 https://github.com/Pylons/pyramid/issues/607
448
7853bc0 @blaflamme garden
blaflamme authored Aug 22, 2012
449 - In Mako Templates lookup, check for absolute uri (using mako directories)
450 when mixing up inheritance with asset specs.
451 https://github.com/Pylons/pyramid/issues/662
452
75a8ff4 @mmerickel updated CHANGES with accept-header bug fix
mmerickel authored Aug 23, 2012
453 - HTTP Accept headers were not being normalized causing potentially
454 conflicting view registrations to go unnoticed. Two views that only
455 differ in the case ('text/html' vs. 'text/HTML') will now raise an error.
456 https://github.com/Pylons/pyramid/pull/620
457
a9289d9 @mcdonc - Forward-port from 1.3 branch: when registering multiple views with an
mcdonc authored Aug 26, 2012
458 - Forward-port from 1.3 branch: when registering multiple views with an
459 ``accept`` predicate in a Pyramid application runing under Python 3, you
460 might have received a ``TypeError: unorderable types: function() <
461 function()`` exception.
462
de797c4 @mcdonc - Coverage and docs updates for custom JSON class.
mcdonc authored Mar 29, 2012
463 Features
464 --------
a39dd2f @mcdonc - Add ``REMOTE_ADDR`` to the ``prequest`` WSGI environ dict for benef…
mcdonc authored Mar 22, 2012
465
d246597 @mcdonc reclassify bug as feature
mcdonc authored Sep 15, 2012
466 - Configurator.add_directive now accepts arbitrary callables like partials or
467 objects implementing ``__call__`` which dont have ``__name__`` and
468 ``__doc__`` attributes. See https://github.com/Pylons/pyramid/issues/621
469 and https://github.com/Pylons/pyramid/pull/647.
470
95f766b @mcdonc Subscriber predicates:
mcdonc authored Aug 25, 2012
471 - Third-party custom view, route, and subscriber predicates can now be added
472 for use by view authors via
473 ``pyramid.config.Configurator.add_view_predicate``,
474 ``pyramid.config.Configurator.add_route_predicate`` and
475 ``pyramid.config.Configurator.add_subscriber_predicate``. So, for example,
0196b2a @mcdonc add docs for third-party view predicates
mcdonc authored Aug 6, 2012
476 doing this::
477
478 config.add_view_predicate('abc', my.package.ABCPredicate)
479
480 Might allow a view author to do this in an application that configured that
481 predicate::
482
483 @view_config(abc=1)
484
95f766b @mcdonc Subscriber predicates:
mcdonc authored Aug 25, 2012
485 Similar features exist for ``add_route``, and ``add_subscriber``. See
486 "Adding A Third Party View, Route, or Subscriber Predicate" in the Hooks
487 chapter for more information.
0196b2a @mcdonc add docs for third-party view predicates
mcdonc authored Aug 6, 2012
488
735abf4 @mcdonc note conflict behavior change
mcdonc authored Aug 7, 2012
489 Note that changes made to support the above feature now means that only
490 actions registered using the same "order" can conflict with one another.
491 It used to be the case that actions registered at different orders could
492 potentially conflict, but to my knowledge nothing ever depended on this
493 behavior (it was a bit silly).
494
de797c4 @mcdonc - Coverage and docs updates for custom JSON class.
mcdonc authored Mar 29, 2012
495 - Custom objects can be made easily JSON-serializable in Pyramid by defining
496 a ``__json__`` method on the object's class. This method should return
497 values natively serializable by ``json.dumps`` (such as ints, lists,
498 dictionaries, strings, and so forth).
077fa3a @mcdonc add change note
mcdonc authored Mar 27, 2012
499
e012aa1 @mcdonc allow __json__ and custom adapters to accept request arg
mcdonc authored May 3, 2012
500 - The JSON renderer now allows for the definition of custom type adapters to
501 convert unknown objects to JSON serializations.
502
360f251 @mcdonc - As of this release, the ``request_method`` predicate, when used, wi…
mcdonc authored Mar 30, 2012
503 - As of this release, the ``request_method`` predicate, when used, will also
504 imply that ``HEAD`` is implied when you use ``GET``. For example, using
505 ``@view_config(request_method='GET')`` is equivalent to using
561a443 @mcdonc fix example
mcdonc authored Apr 27, 2012
506 ``@view_config(request_method=('GET', 'HEAD'))``. Using
360f251 @mcdonc - As of this release, the ``request_method`` predicate, when used, wi…
mcdonc authored Mar 30, 2012
507 ``@view_config(request_method=('GET', 'POST')`` is equivalent to using
508 ``@view_config(request_method=('GET', 'HEAD', 'POST')``. This is because
509 HEAD is a variant of GET that omits the body, and WebOb has special support
510 to return an empty body when a HEAD is used.
15c40a1 @mcdonc readme
mcdonc authored Apr 11, 2012
511
023c88b @mcdonc rename set_request_method to add_request_method. closes #683
mcdonc authored Sep 9, 2012
512 - ``config.add_request_method`` has been introduced to support extending
2c25342 @mmerickel docs-deprecated set_request_property
mmerickel authored Aug 16, 2012
513 request objects with arbitrary callables. This method expands on the
514 previous ``config.set_request_property`` by supporting methods as well as
515 properties. This method now causes less code to be executed at
516 request construction time than ``config.set_request_property`` in
517 version 1.3.
518
519 - Don't add a ``?`` to URLs generated by ``request.resource_url`` if the
fcb2095 @mcdonc garden
mcdonc authored Apr 27, 2012
520 ``query`` argument is provided but empty.
521
2c25342 @mmerickel docs-deprecated set_request_property
mmerickel authored Aug 16, 2012
522 - Don't add a ``?`` to URLs generated by ``request.route_url`` if the
fcb2095 @mcdonc garden
mcdonc authored Apr 27, 2012
523 ``_query`` argument is provided but empty.
988035a @mcdonc add a change note
mcdonc authored May 2, 2012
524
525 - The static view machinery now raises (rather than returns) ``HTTPNotFound``
526 and ``HTTPMovedPermanently`` exceptions, so these can be caught by the
cec2b05 @tshepang consistency
tshepang authored Mar 9, 2013
527 Not Found View (and other exception views).
ea009a6 @blaflamme added docs and changes for using defs in mako renderer
blaflamme authored Jun 19, 2012
528
54d3e3e @mcdonc add a whatsnew-1.4 document
mcdonc authored Sep 15, 2012
529 - The Mako renderer now supports a def name in an asset spec. When the def
8b55a68 @mcdonc garden
mcdonc authored Aug 29, 2012
530 name is present in the asset spec, the system will render the template def
531 within the template and will return the result. An example asset spec is
532 ``package:path/to/template#defname.mako``. This will render the def named
54d3e3e @mcdonc add a whatsnew-1.4 document
mcdonc authored Sep 16, 2012
533 ``defname`` inside the ``template.mako`` template instead of rendering the
534 entire template. The old way of returning a tuple in the form
535 ``('defname', {})`` from the view is supported for backward compatibility,
8b55a68 @mcdonc garden
mcdonc authored Aug 29, 2012
536
537 - The Chameleon ZPT renderer now accepts a macro name in an asset spec. When
538 the macro name is present in the asset spec, the system will render the
539 macro listed as a ``define-macro`` and return the result instead of
540 rendering the entire template. An example asset spec:
541 ``package:path/to/template#macroname.pt``. This will render the macro
542 defined as ``macroname`` within the ``template.pt`` template instead of the
543 entire templae.
61a57ea @mcdonc - When there is a predicate mismatch exception (seen when no view mat…
mcdonc authored Jul 29, 2012
544
545 - When there is a predicate mismatch exception (seen when no view matches for
546 a given request due to predicates not working), the exception now contains
547 a textual description of the predicate which didn't match.
6b180cb @mcdonc - An ``add_permission`` directive method was added to the Configurato…
mcdonc authored Aug 15, 2012
548
549 - An ``add_permission`` directive method was added to the Configurator. This
550 directive registers a free-standing permission introspectable into the
551 Pyramid introspection system. Frameworks built atop Pyramid can thus use
08c2217 @tshepang eliminate repeated "the" words
tshepang authored Jan 1, 2013
552 the ``permissions`` introspectable category data to build a
6b180cb @mcdonc - An ``add_permission`` directive method was added to the Configurato…
mcdonc authored Aug 16, 2012
553 comprehensive list of permissions supported by a running system. Before
554 this method was added, permissions were already registered in this
555 introspectable category as a side effect of naming them in an ``add_view``
556 call, this method just makes it possible to arrange for a permission to be
557 put into the ``permissions`` introspectable category without naming it
558 along with an associated view. Here's an example of usage of
559 ``add_permission``::
560
561 config = Configurator()
562 config.add_permission('view')
2c25342 @mmerickel docs-deprecated set_request_property
mmerickel authored Aug 16, 2012
563
45b6e19 @mmerickel added cookie session changes to CHANGES.txt
mmerickel authored Aug 23, 2012
564 - The ``UnencryptedCookieSessionFactoryConfig`` now accepts
565 ``signed_serialize`` and ``signed_deserialize`` hooks which may be used
566 to influence how the sessions are marshalled (by default this is done
567 with HMAC+pickle).
568
28dba04 @mcdonc - ``pyramid.testing.DummyRequest`` now supports methods supplied by the
mcdonc authored Sep 10, 2012
569 - ``pyramid.testing.DummyRequest`` now supports methods supplied by the
570 ``pyramid.util.InstancePropertyMixin`` class such as ``set_property``.
571
7359873 @mcdonc - Request properties and methods added via ``config.set_request_prope…
mcdonc authored Sep 11, 2012
572 - Request properties and methods added via ``config.set_request_property`` or
573 ``config.add_request_method`` are now available to tweens.
574
575 - Request properties and methods added via ``config.set_request_property`` or
576 ``config.add_request_method`` are now available in the request object
577 returned from ``pyramid.paster.bootstrap``.
578
dc8b49f @mcdonc garden
mcdonc authored Sep 11, 2012
579 - ``request.context`` of environment request during ``bootstrap`` is now the
580 root object if a context isn't already set on a provided request.
581
07cb8f0 @mcdonc add pyramid.decorator.reify as an API. Closes #682
mcdonc authored Sep 15, 2012
582 - The ``pyramid.decorator.reify`` function is now an API, and was added to
583 the API documentation.
584
97150cc @mcdonc merge jinty's testConfig code
mcdonc authored Sep 15, 2012
585 - Added the ``pyramid.testing.testConfig`` context manager, which can be used
586 to generate a configurator in a test, e.g. ``with testing.testConfig(...):``.
587
64452ed @mcdonc rename subrequest to invoke_subrequest
mcdonc authored Sep 16, 2012
588 - Users can now invoke a subrequest from within view code using a new
589 ``request.invoke_subrequest`` API.
37d2c22 @mcdonc docs and test
mcdonc authored Sep 16, 2012
590
2c25342 @mmerickel docs-deprecated set_request_property
mmerickel authored Aug 16, 2012
591 Deprecations
592 ------------
593
9cdb286 @mcdonc readd set_request_property to docs (just so when people run across it…
mcdonc authored Aug 16, 2012
594 - The ``pyramid.config.Configurator.set_request_property`` has been
595 documentation-deprecated. The method remains usable but the more
023c88b @mcdonc rename set_request_method to add_request_method. closes #683
mcdonc authored Sep 10, 2012
596 featureful ``pyramid.config.Configurator.add_request_method`` should be
9cdb286 @mcdonc readd set_request_property to docs (just so when people run across it…
mcdonc authored Aug 16, 2012
597 used in its place (it has all of the same capabilities but can also extend
598 the request object with methods).
ebcdc7c @mcdonc - It is no longer possible to pass an environ dictionary directly to
mcdonc authored Sep 9, 2012
599
600 Backwards Incompatibilities
601 ---------------------------
602
25d3ddf @mcdonc garden
mcdonc authored Sep 9, 2012
603 - The Pyramid router no longer adds the values ``bfg.routes.route`` or
ebcdc7c @mcdonc - It is no longer possible to pass an environ dictionary directly to
mcdonc authored Sep 9, 2012
604 ``bfg.routes.matchdict`` to the request's WSGI environment dictionary.
605 These values were docs-deprecated in ``repoze.bfg`` 1.0 (effectively seven
606 minor releases ago). If your code depended on these values, use
607 request.matched_route and request.matchdict instead.
608
609 - It is no longer possible to pass an environ dictionary directly to
610 ``pyramid.traversal.ResourceTreeTraverser.__call__`` (aka
611 ``ModelGraphTraverser.__call__``). Instead, you must pass a request
612 object. Passing an environment instead of a request has generated a
613 deprecation warning since Pyramid 1.1.
614
615 - Pyramid will no longer work properly if you use the
616 ``webob.request.LegacyRequest`` as a request factory. Instances of the
617 LegacyRequest class have a ``request.path_info`` which return a string.
618 This Pyramid release assumes that ``request.path_info`` will
619 unconditionally be Unicode.
620
3d42722 @mcdonc - The functions from ``pyramid.chameleon_zpt`` and ``pyramid.chameleo…
mcdonc authored Sep 9, 2012
621 - The functions from ``pyramid.chameleon_zpt`` and ``pyramid.chameleon_text``
622 named ``get_renderer``, ``get_template``, ``render_template``, and
623 ``render_template_to_response`` have been removed. These have issued a
624 deprecation warning upon import since Pyramid 1.0. Use
625 ``pyramid.renderers.get_renderer()``,
626 ``pyramid.renderers.get_renderer().implementation()``,
627 ``pyramid.renderers.render()`` or ``pyramid.renderers.render_to_response``
628 respectively instead of these functions.
629
94a6f35 @mcdonc - The ``pyramid.configuration`` module was removed. It had been depre…
mcdonc authored Sep 9, 2012
630 - The ``pyramid.configuration`` module was removed. It had been deprecated
631 since Pyramid 1.0 and printed a deprecation warning upon its use. Use
632 ``pyramid.config`` instead.
633
b274d05 @mcdonc - The ``pyramid.paster.PyramidTemplate`` API was removed. It had been
mcdonc authored Sep 9, 2012
634 - The ``pyramid.paster.PyramidTemplate`` API was removed. It had been
635 deprecated since Pyramid 1.1 and issued a warning on import. If your code
636 depended on this, adjust your code to import
637 ``pyramid.scaffolds.PyramidTemplate`` instead.
638
ef2e517 @mcdonc - The ``pyramid.settings.get_settings()`` API was removed. It had been
mcdonc authored Sep 9, 2012
639 - The ``pyramid.settings.get_settings()`` API was removed. It had been
640 printing a deprecation warning since Pyramid 1.0. If your code depended on
641 this API, use ``pyramid.threadlocal.get_current_registry().settings``
642 instead or use the ``settings`` attribute of the registry available from
643 the request (``request.registry.settings``).
644
69e0aad @mcdonc - These APIs from the ``pyramid.testing`` module were removed. They have
mcdonc authored Sep 9, 2012
645 - These APIs from the ``pyramid.testing`` module were removed. They have
646 been printing deprecation warnings since Pyramid 1.0:
647
648 * ``registerDummySecurityPolicy``, use
649 ``pyramid.config.Configurator.testing_securitypolicy`` instead.
650
651 * ``registerResources`` (aka ``registerModels``, use
652 ``pyramid.config.Configurator.testing_resources`` instead.
653
654 * ``registerEventListener``, use
655 ``pyramid.config.Configurator.testing_add_subscriber`` instead.
656
657 * ``registerTemplateRenderer`` (aka `registerDummyRenderer``), use
658 ``pyramid.config.Configurator.testing_add_template`` instead.
659
660 * ``registerView``, use ``pyramid.config.Configurator.add_view`` instead.
661
662 * ``registerUtility``, use
663 ``pyramid.config.Configurator.registry.registerUtility`` instead.
664
665 * ``registerAdapter``, use
666 ``pyramid.config.Configurator.registry.registerAdapter`` instead.
667
668 * ``registerSubscriber``, use
669 ``pyramid.config.Configurator.add_subscriber`` instead.
670
671 * ``registerRoute``, use
672 ``pyramid.config.Configurator.add_route`` instead.
673
674 * ``registerSettings``, use
675 ``pyramid.config.Configurator.add_settings`` instead.
676
64452ed @mcdonc rename subrequest to invoke_subrequest
mcdonc authored Sep 16, 2012
677 - In Pyramid 1.3 and previous, the ``__call__`` method of a Response object
678 was invoked before any finished callbacks were executed. As of this
679 release, the ``__call__`` method of a Response object is invoked *after*
680 finished callbacks are executed. This is in support of the
681 ``request.invoke_subrequest`` feature.
682
b72ba1a @mcdonc add upgrading chapter, make docs render again
mcdonc authored Sep 13, 2012
683 Documentation
684 -------------
685
686 - Added an "Upgrading Pyramid" chapter to the narrative documentation. It
07cb8f0 @mcdonc add pyramid.decorator.reify as an API. Closes #682
mcdonc authored Sep 15, 2012
687 describes how to cope with deprecations and removals of Pyramid APIs and
688 how to show Pyramid-generated deprecation warnings while running tests and
689 while running a server.
b72ba1a @mcdonc add upgrading chapter, make docs render again
mcdonc authored Sep 13, 2012
690
37d2c22 @mcdonc docs and test
mcdonc authored Sep 16, 2012
691 - Added a "Invoking a Subrequest" chapter to the documentation. It describes
64452ed @mcdonc rename subrequest to invoke_subrequest
mcdonc authored Sep 16, 2012
692 how to use the new ``request.invoke_subrequest`` API.
37d2c22 @mcdonc docs and test
mcdonc authored Sep 16, 2012
693
ebcdc7c @mcdonc - It is no longer possible to pass an environ dictionary directly to
mcdonc authored Sep 9, 2012
694 Dependencies
695 ------------
696
697 - Pyramid now requires WebOb 1.2b3+ (the prior Pyramid release only relied on
698 1.2dev+). This is to ensure that we obtain a version of WebOb that returns
699 ``request.path_info`` as text.
700
Something went wrong with that request. Please try again.