Fetching contributors…
Cannot retrieve contributors at this time
6373 lines (4882 sloc) 241 KB
1.3b1 (2010-10-25)
- The ``paster`` template named ``bfg_routesalchemy`` has been updated
to use SQLAlchemy declarative syntax. Thanks to Ergo^.
Bug Fixes
- When a renderer factory could not be found, a misleading error
message was raised if the renderer name was not a string.
- The ""bfgwiki2" (SQLAlchemy + url dispatch) tutorial has been
updated slightly. In particular, the source packages no longer
attempt to use a private index, and the recommended Python version
is now 2.6. It was also updated to take into account the changes to
the ``bfg_routesalchemy`` template used to set up an environment.
- The "bfgwiki" (ZODB + traversal) tutorial has been updated slightly.
In particular, the source packages no longer attempt to use a
private index, and the recommended Python version is now 2.6.
1.3a15 (2010-09-30)
- The ``repoze.bfg.traversal.traversal_path`` API now eagerly attempts
to encode a Unicode ``path`` into ASCII before attempting to split
it and decode its segments. This is for convenience, effectively to
allow a (stored-as-Unicode-in-a-database, or
retrieved-as-Unicode-from-a-request-parameter) Unicode path to be
passed to ``find_model``, which eventually internally uses the
``traversal_path`` function under the hood. In version 1.2 and
prior, if the ``path`` was Unicode, that Unicode was split on
slashes and each resulting segment value was Unicode. An
inappropriate call to the ``decode()`` method of a resulting Unicode
path segment could cause a ``UnicodeDecodeError`` to occur even if
the Unicode representation of the path contained no 'high order'
characters (it effectively did a "double decode"). By converting
the Unicode path argument to ASCII before we attempt to decode and
split, genuine errors will occur in a more obvious place while also
allowing us to handle (for convenience) the case that it's a Unicode
representation formed entirely from ASCII-compatible characters.
1.3a14 (2010-09-14)
Bug Fixes
- If an exception view was registered through the legacy
``set_notfound_view`` or ``set_forbidden_view`` APIs, the context
sent to the view was incorrect (could be ``None`` inappropriately).
- Compatibility with WebOb 1.0.
- Now requires WebOb >= 1.0.
Backwards Incompatibilities
- Due to changes introduced WebOb 1.0, the
``repoze.bfg.request.make_request_ascii`` event subscriber no longer
works, so it has been removed. This subscriber was meant to be used
in a deployment so that code written before BFG 0.7.0 could run
unchanged. At this point, such code will need to be rewritten to
expect Unicode from ``request.GET``, ``request.POST`` and
``request.params`` or it will need to be changed to use
``request.str_POST``, ``request.str_GET`` and/or
``request.str_params`` instead of the non-``str`` versions of same,
as the non-``str`` versions of the same APIs always now perform
decoding to Unicode.
- A prior changelog entry asserted that the ``INewResponse`` event was
not sent to listeners if the response was not "valid" (if a view or
renderer returned a response object that did not have a
status/headers/app_iter). This is not true in this release, nor was
it true in 1.3a13.
1.3a13 (2010-09-14)
Bug Fixes
- The ``traverse`` route predicate could not successfully generate a
traversal path.
- In support of making it easier to configure applications which are
"secure by default", a default permission feature was added. If
supplied, the default permission is used as the permission string to
all view registrations which don't otherwise name a permission.
These APIs are in support of that:
- A new constructor argument was added to the Configurator:
- A new method was added to the Configurator:
- A new ZCML directive was added: ``default_permission``.
- Add a new request API: ``request.add_finished_callback``. Finished
callbacks are called by the router unconditionally near the very end
of request processing. See the "Using Finished Callbacks" section
of the "Hooks" narrative chapter of the documentation for more
- A ``request.matched_route`` attribute is now added to the request
when a route has matched. Its value is the "route" object that
matched (see the ``IRoute`` interface within
``repoze.bfg.interfaces`` API documentation for the API of a route
- The ``exception`` attribute of the request is now set slightly
earlier and in a slightly different set of scenarios, for benefit of
"finished callbacks" and "response callbacks". In previous
versions, the ``exception`` attribute of the request was not set at
all if an exception view was not found. In this version, the
``request.exception`` attribute is set immediately when an exception
is caught by the router, even if an exception view could not be
- The ``add_route`` method of a Configurator now accepts a
``pregenerator`` argument. The pregenerator for the resulting route
is called by ``route_url`` in order to adjust the set of arguments
passed to it by the user for special purposes, such as Pylons
'subdomain' support. It will influence the URL returned by
``route_url``. See the ``repoze.bfg.interfaces.IRoutePregenerator``
interface for more information.
Backwards Incompatibilities
- The router no longer sets the value ``wsgiorg.routing_args`` into
the environ when a route matches. The value used to be something
like ``((), matchdict)``. This functionality was only ever
obliquely referred to in change logs; it was never documented as an
- The ``exception`` attribute of the request now defaults to ``None``.
In prior versions, the ``request.exception`` attribute did not exist
if an exception was not raised by user code during request
processing; it only began existence once an exception view was
- The ``repoze.bfg.interfaces.IWSGIApplicationCreatedEvent`` event
interface was renamed to
``repoze.bfg.interfaces.IApplicationCreated``. Likewise, the
```` class was renamed
to ````. The older aliases will
continue to work indefinitely.
- The ``repoze.bfg.interfaces.IAfterTraversal`` event interface was
renamed to ``repoze.bfg.interfaces.IContextFound``. Likewise, the
```` class was renamed to
````. The older aliases will continue
to work indefinitely.
- References to the WSGI environment values ``bfg.routes.matchdict``
and ``bfg.routes.route`` were removed from documentation. These
will stick around internally for several more releases, but it is
``request.matchdict`` and ``request.matched_route`` are now the
"official" way to obtain the matchdict and the route object which
resulted in the match.
- Added documentation for the ``default_permission`` ZCML directive.
- Added documentation for the ``default_permission`` constructor value
and the ``set_default_permission`` method in the Configurator API
- Added a new section to the "security" chapter named "Setting a
Default Permission".
- Document ``renderer_globals_factory`` and ``request_factory``
arguments to Configurator constructor.
- Added two sections to the "Hooks" chapter of the documentation:
"Using Response Callbacks" and "Using Finished Callbacks".
- Added documentation of the ``request.exception`` attribute to the
``repoze.bfg.request.Request`` API documentation.
- Added glossary entries for "response callback" and "finished
- The "Request Processing" narrative chapter has been updated to note
finished and response callback steps.
- New interface in interfaces API documentation: ``IRoutePregenerator``.
- Added a "The Matched Route" section to the URL Dispatch narrative
docs chapter, detailing the ``matched_route`` attribute.
1.3a12 (2010-09-08)
Bug Fixes
- Fix a bug in ``repoze.bfg.url.static_url`` URL generation: if two
resource specifications were used to create two separate static
views, but they shared a common prefix, it was possible that
``static_url`` would generate an incorrect URL.
- Fix another bug in ``repoze.bfg.static_url`` URL generation: too
many slashes in generated URL.
- Prevent a race condition which could result in a ``RuntimeError``
when rendering a Chameleon template that has not already been
rendered once. This would usually occur directly after a restart,
when more than one person or thread is trying to execute the same
view at the same time:
- The argument to ``repoze.bfg.configuration.Configurator.add_route``
which was previously called ``path`` is now called ``pattern`` for
better explicability. For backwards compatibility purposes, passing
a keyword argument named ``path`` to ``add_route`` will still work
- The ``path`` attribute to the ZCML ``route`` directive is now named
``pattern`` for better explicability. The older ``path`` attribute
will continue to work indefinitely.
- All narrative, API, and tutorial docs which referred to a route
pattern as a ``path`` have now been updated to refer to them as a
- The ``repoze.bfg.interfaces`` API documentation page is now rendered
via ``repoze.sphinx.autointerface``.
- The URL Dispatch narrative chapter now refers to the ``interfaces``
chapter to explain the API of an ``IRoute`` object.
Paster Templates
- The routesalchemy template has been updated to use ``pattern`` in
its route declarations rather than ``path``.
- ``tests_require`` now includes ``repoze.sphinx.autointerface`` as a
- Add an API to the ``Configurator`` named ``get_routes_mapper``.
This returns an object implementing the ``IRoutesMapper`` interface.
- The ``repoze.bfg.urldispatch.RoutesMapper`` object now has a
``get_route`` method which returns a single Route object or
- A new interface ``repoze.bfg.interfaces.IRoute`` was added. The
``repoze.bfg.urldispatch.Route`` object implements this interface.
- The canonical attribute for accessing the routing pattern from a
route object is now ``pattern`` rather than ``path``.
- Use ``hash()`` rather than ``id()`` when computing the "phash" of a
custom route/view predicate in order to allow the custom predicate
some control over which predicates are "equal".
- Use ``response.headerlist.append`` instead of
``response.headers.add`` in
``repoze.bfg.request.add_global_response_headers`` in case the
response is not a WebOb response.
- The ``repoze.bfg.urldispatch.Route`` constructor (not an API) now
accepts a different ordering of arguments. Previously it was
``(pattern, name, factory=None, predicates=())``. It is now
``(name, pattern, factory=None, predicates=())``. This is in
support of consistency with ``configurator.add_route``.
- The ``repoze.bfg.urldispatch.RoutesMapper.connect`` method (not an
API) now accepts a different ordering of arguments. Previously it
was ``(pattern, name, factory=None, predicates=())``. It is now
``(name, pattern, factory=None, predicates=())``. This is in
support of consistency with ``configurator.add_route``.
1.3a11 (2010-09-05)
Bug Fixes
- Process the response callbacks and the NewResponse event earlier, to
enable mutations to the response to take effect.
1.3a10 (2010-09-05)
- A new ``repoze.bfg.request.Request.add_response_callback`` API has
been added. This method is documented in the new
``repoze.bfg.request`` API chapter. It can be used to influence
response values before a concrete response object has been created.
- The ``repoze.bfg.interfaces.INewResponse`` interface now includes a
``request`` attribute; as a result, a handler for INewResponse now
has access to the request which caused the response.
- Each of the follow methods of the Configurator now allow the
below-named arguments to be passed as "dotted name strings"
(e.g. "") rather than as actual implementation objects
that must be imported:
root_factory, authentication_policy, authorization_policy,
debug_logger, locale_negotiator, request_factory,
subscriber, iface
view, ``for_``, context, request_type, containment
view, view_for, factory, ``for_``, view_context
Bug Fixes
- The route pattern registered internally for a a local "static view"
(either via the ``static`` ZCML directive or via the
``add_static_view`` method of the configurator) was incorrect. It
was regsistered for e.g. ``static*traverse``, while it should have
been registered for ``static/*traverse``. Symptom: two static views
could not reliably be added to a system when they both shared the
same path prefix (e.g. ``/static`` and ``/static2``).
Backwards Incompatibilities
- The INewResponse event is now not sent to listeners if the response
returned by view code (or a renderer) is not a "real" response
(e.g. if it does not have ``.status``, ``.headerlist`` and
``.app_iter`` attribtues).
- Add an API chapter for the ``repoze.bfg.request`` module, which
includes documentation for the ``repoze.bfg.request.Request`` class
(the "request object").
- Modify the "Request and Response" narrative chapter to reference the
new ``repoze.bfg.request`` API chapter. Some content was moved from
this chapter into the API documentation itself.
- Various changes to denote that Python dotted names are now allowed
as input to Configurator methods.
- The (internal) feature which made it possible to attach a
``global_response_headers`` attribute to the request (which was
assumed to contain a sequence of header key/value pairs which would
later be added to the response by the router), has been removed.
The functionality of
``repoze.bfg.request.Request.add_response_callback`` takes its
- The ```` class's construct has changed:
it now must be created with ``(request, response)`` rather than
simply ``(response)``.
1.3a9 (2010-08-22)
- The Configurator now accepts a dotted name *string* to a package as
a ``package`` constructor argument. The ``package`` argument was
previously required to be a package *object* (not a dotted name
- The ``repoze.bfg.configuration.Configurator.with_package`` method
was added. This method returns a new Configurator using the same
application registry as the configurator object it is called
upon. The new configurator is created afresh with its ``package``
constructor argument set to the value passed to ``with_package``.
This feature will make it easier for future BFG versions to allow
dotted names as arguments in places where currently only object
references are allowed (the work to allow dotted names isntead of
object references everywhere has not yet been done, however).
- The new ``repoze.bfg.configuration.Configurator.maybe_dotted``
method resolves a Python dotted name string supplied as its
``dotted`` argument to a global Python object. If the value cannot
be resolved, a ``repoze.bfg.configuration.ConfigurationError`` is
raised. If the value supplied as ``dotted`` is not a string, the
value is returned unconditionally without any resolution attempted.
- The new
method resolves a potentially relative "resource specification"
string into an absolute version. If the value supplied as
``relative_spec`` is not a string, the value is returned
unconditionally without any resolution attempted.
Backwards Incompatibilities
- The functions in ``repoze.bfg.renderers`` named ``render`` and
``render_to_response`` introduced in 1.3a6 previously took a set of
``**values`` arguments for the values to be passed to the renderer.
This was wrong, as renderers don't need to accept only dictionaries
(they can accept any type of object). Now, the value sent to the
renderer must be supplied as a positional argument named ``value``.
The ``request`` argument is still a keyword argument, however.
- The functions in ``repoze.bfg.renderers`` named ``render`` and
``render_to_response`` now accept an additonal keyword argument
named ``package``.
- The ``get_renderer`` API in ``repoze.bfg.renderers`` now accepts a
``package`` argument.
- The ZCML ``include`` directive docs were incorrect: they specified
``filename`` rather than (the correct) ``file`` as an allowable
- The ``repoze.bfg.resource.resolve_resource_spec`` function can now
accept a package object as its ``pname`` argument instead of just a
package name.
- The ``_renderer_factory_from_name`` and ``_renderer_from_name``
methods of the Configurator were removed. These were never APIs.
- The ``_render``, ``_render_to_response`` and ``_make_response``
functions with ``repoze.bfg.render`` (added in 1.3a6) have been
- A new helper class ``repoze.bfg.renderers.RendererHelper`` was
- The _map_view function of ``repoze.bfg.configuration`` now takes
only a renderer_name argument instead of both a ``renderer`` and
``renderer``_name argument. It also takes a ``package`` argument
- Use ``imp.get_suffixes`` indirection in
``repoze.bfg.path.package_name`` instead of hardcoded ``.py``
``.pyc`` and ``.pyo`` to use for comparison when attemtping to
decide if a directory is a package.
- Make tests runnable again under Jython (although they do not all
pass currently).
- The reify decorator now maintains the docstring of the function it
1.3a8 (2010-08-08)
- New public interface: ``repoze.bfg.exceptions.IExceptionResponse``.
This interface is provided by all internal exception classes (such
as ``repoze.bfg.exceptions.NotFound`` and
``repoze.bfg.exceptions.Forbidden``), instances of which are both
exception objects and can behave as WSGI response objects. This
interface is made public so that exception classes which are also
valid WSGI response factories can be configured to implement them or
exception instances which are also or response instances can be
configured to provide them.
- New API class: ``repoze.bfg.view.AppendSlashNotFoundViewFactory``.
There can only be one Not Found view in any ``repoze.bfg``
application. Even if you use
``repoze.bfg.view.append_slash_notfound_view`` as the Not Found
view, ``repoze.bfg`` still must generate a ``404 Not Found``
response when it cannot redirect to a slash-appended URL; this not
found response will be visible to site users.
If you don't care what this 404 response looks like, and you only
need redirections to slash-appended route URLs, you may use the
``repoze.bfg.view.append_slash_notfound_view`` object as the Not
Found view. However, if you wish to use a *custom* notfound view
callable when a URL cannot be redirected to a slash-appended URL,
you may wish to use an instance of the
``repoze.bfg.view.AppendSlashNotFoundViewFactory`` class as the Not
Found view, supplying the notfound view callable as the first
argument to its constructor. For instance::
from repoze.bfg.exceptions import NotFound
from repoze.bfg.view import AppendSlashNotFoundViewFactory
def notfound_view(context, request):
return HTTPNotFound('It aint there, stop trying!')
custom_append_slash = AppendSlashNotFoundViewFactory(notfound_view)
config.add_view(custom_append_slash, context=NotFound)
The ``notfound_view`` supplied must adhere to the two-argument view
callable calling convention of ``(context, request)`` (``context``
will be the exception object).
- Expanded the "Cleaning Up After a Request" section of the URL
Dispatch narrative chapter.
- Expanded the "Redirecting to Slash-Appended Routes" section of the
URL Dispatch narrative chapter.
- Previously, two default view functions were registered at
Configurator setup (one for ``repoze.bfg.exceptions.NotFound`` named
``default_notfound_view`` and one for
``repoze.bfg.exceptions.Forbidden`` named
``default_forbidden_view``) to render internal exception responses.
Those default view functions have been removed, replaced with a
generic default view function which is registered at Configurator
setup for the ``repoze.bfg.interfaces.IExceptionResponse`` interface
that simply returns the exception instance; the ``NotFound`` and
``Forbidden`` classes are now still exception factories but they are
also response factories which generate instances that implement the
new ``repoze.bfg.interfaces.IExceptionResponse`` interface.
1.3a7 (2010-08-01)
- The ``repoze.bfg.configuration.Configurator.add_route`` API now
returns the route object that was added.
- A ```` decorator was added. This
decorator decorates module-scope functions, which are then treated
as event listeners after a scan() is performed. See the Events
narrative documentation chapter and the ```` module
documentation for more information.
Bug Fixes
- When adding a view for a route which did not yet exist ("did not yet
exist" meaning, temporally, a view was added with a route name for a
route which had not yet been added via add_route), the value of the
``custom_predicate`` argument to ``add_view`` was lost. Symptom:
wrong view matches when using URL dispatch and custom view
predicates together.
- Pattern matches for a ``:segment`` marker in a URL dispatch route
pattern now always match at least one character. See "Backwards
Incompatibilities" below in this changelog.
Backwards Incompatibilities
- A bug existed in the regular expression to do URL matching. As an
example, the URL matching machinery would cause the pattern
``/{foo}`` to match the root URL ``/`` resulting in a match
dictionary of ``{'foo':u''}`` or the pattern ``/{fud}/edit might
match the URL ``//edit`` resulting in a match dictionary of
``{'fud':u''}``. It was always the intent that ``:segment`` markers
in the pattern would need to match *at least one* character, and
never match the empty string. This, however, means that in certain
circumstances, a routing match which your application inadvertently
depended upon may no longer happen.
- Added description of the ```` decorator
to the Events narrative chapter.
- Added ```` API documentation to
```` API docs.
- Added a section named "Zope 3 Enforces 'TTW' Authorization Checks By
Default; BFG Does Not" to the "Design Defense" chapter.
1.3a6 (2010-07-25)
- New argument to ``repoze.bfg.configuration.Configurator.add_route``
and the ``route`` ZCML directive: ``traverse``. If you would like
to cause the ``context`` to be something other than the ``root``
object when this route matches, you can spell a traversal pattern as
the ``traverse`` argument. This traversal pattern will be used as
the traversal path: traversal will begin at the root object implied
by this route (either the global root, or the object returned by the
``factory`` associated with this route).
The syntax of the ``traverse`` argument is the same as it is for
``path``. For example, if the ``path`` provided is
``articles/:article/edit``, and the ``traverse`` argument provided
is ``/:article``, when a request comes in that causes the route to
match in such a way that the ``article`` match value is '1' (when
the request URI is ``/articles/1/edit``), the traversal path will be
generated as ``/1``. This means that the root object's
``__getitem__`` will be called with the name ``1`` during the
traversal phase. If the ``1`` object exists, it will become the
``context`` of the request. The Traversal narrative has more
information about traversal.
If the traversal path contains segment marker names which are not
present in the path argument, a runtime error will occur. The
``traverse`` pattern should not contain segment markers that do not
exist in the ``path``.
A similar combining of routing and traversal is available when a
route is matched which contains a ``*traverse`` remainder marker in
its path. The ``traverse`` argument allows you to associate route
patterns with an arbitrary traversal path without using a a
``*traverse`` remainder marker; instead you can use other match
Note that the ``traverse`` argument is ignored when attached to a
route that has a ``*traverse`` remainder marker in its path.
- A new method of the ``Configurator`` exists:
``set_request_factory``. If used, this method will set the factory
used by the ``repoze.bfg`` router to create all request objects.
- The ``Configurator`` constructor takes an additional argument:
``request_factory``. If used, this argument will set the factory
used by the ``repoze.bfg`` router to create all request objects.
- The ``Configurator`` constructor takes an additional argument:
``request_factory``. If used, this argument will set the factory
used by the ``repoze.bfg`` router to create all request objects.
- A new method of the ``Configurator`` exists:
``set_renderer_globals_factory``. If used, this method will set the
factory used by the ``repoze.bfg`` router to create renderer
- A new method of the ``Configurator`` exists: ``get_settings``. If
used, this method will return the current settings object (performs
the same job as the ``repoze.bfg.settings.get_settings`` API).
- The ``Configurator`` constructor takes an additional argument:
``renderer_globals_factory``. If used, this argument will set the
factory used by the ``repoze.bfg`` router to create renderer
- Add ``repoze.bfg.renderers.render``,
``repoze.bfg.renderers.render_to_response`` and
``repoze.bfg.renderers.get_renderer`` functions. These are
imperative APIs which will use the same rendering machinery used by
view configurations with a ``renderer=`` attribute/argument to
produce a rendering or renderer. Because these APIs provide a
central API for all rendering, they now form the preferred way to
perform imperative template rendering. Using functions named
``render_*`` from modules such as ``repoze.bfg.chameleon_zpt`` and
``repoze.bfg.chameleon_text`` is now discouraged (although not
deprecated). The code the backing older templating-system-specific
APIs now calls into the newer ``repoze.bfg.renderer`` code.
- The ``repoze.bfg.configuration.Configurator.testing_add_template``
has been renamed to ``testing_add_renderer``. A backwards
compatibility alias is present using the old name.
- The ``Hybrid`` narrative chapter now contains a description of the
``traverse`` route argument.
- The ``Hooks`` narrative chapter now contains sections about
changing the request factory and adding a renderer globals factory.
- The API documentation includes a new module:
- The ``Templates`` chapter was updated; all narrative that used
templating-specific APIs within examples to perform rendering (such
as the ``repoze.bfg.chameleon_zpt.render_template_to_response``
method) was changed to use ``repoze.bfg.renderers.render_*``
Bug Fixes
- The ``header`` predicate (when used as either a view predicate or a
route predicate) had a problem when specified with a name/regex
pair. When the header did not exist in the headers dictionary, the
regex match could be fed ``None``, causing it to throw a
``TypeError: expected string or buffer`` exception. Now, the
predicate returns False as intended.
- The ``repoze.bfg.renderers.rendered_response`` function was never an
official API, but may have been imported by extensions in the wild.
It is officially deprecated in this release. Use
``repoze.bfg.renderers.render_to_response`` instead.
- The following APIs are *documentation* deprecated (meaning they are
officially deprecated in documentation but do not raise a
deprecation error upon their usage, and may continue to work for an
indefinite period of time):
In the ``repoze.bfg.chameleon_zpt`` module: ``get_renderer``,
``get_template``, ``render_template``,
``render_template_to_response``. The suggested alternatives are
documented within the docstrings of those methods (which are still
present in the documentation).
In the ``repoze.bfg.chameleon_text`` module: ``get_renderer``,
``get_template``, ``render_template``,
``render_template_to_response``. The suggested alternatives are
documented within the docstrings of those methods (which are still
present in the documentation).
In general, to perform template-related functions, one should now
use the various methods in the ``repoze.bfg.renderers`` module.
Backwards Incompatibilities
- A new internal exception class (*not* an API) named
``repoze.bfg.exceptions.PredicateMismatch`` now exists. This
exception is currently raised when no constituent view of a
multiview can be called (due to no predicate match). Previously, in
this situation, a ``repoze.bfg.exceptions.NotFound`` was raised. We
provide backwards compatibility for code that expected a
``NotFound`` to be raised when no predicates match by causing
``repoze.bfg.exceptions.PredicateMismatch`` to inherit from
``NotFound``. This will cause any exception view registered for
``NotFound`` to be called when a predicate mismatch occurs, as was
the previous behavior.
There is however, one perverse case that will expose a backwards
incompatibility. If 1) you had a view that was registered as a
member of a multiview 2) this view explicitly raised a ``NotFound``
exception *in order to* proceed to the next predicate check in the
multiview, that code will now behave differently: rather than
skipping to the next view match, a NotFound will be raised to the
top-level exception handling machinery instead. For code to be
depending upon the behavior of a view raising ``NotFound`` to
proceed to the next predicate match, would be tragic, but not
impossible, given that ``NotFound`` is a public interface.
``repoze.bfg.exceptions.PredicateMismatch`` is not a public API and
cannot be depended upon by application code, so you should not
change your view code to raise ``PredicateMismatch``. Instead, move
the logic which raised the ``NotFound`` exception in the view out
into a custom view predicate.
- If, when you run your application's unit test suite under BFG 1.3, a
``KeyError`` naming a template or a ``ValueError`` indicating that a
'renderer factory' is not registered may is raised
(e.g. ``ValueError: No factory for renderer named '.pt' when looking
up karl.views:templates/``), you may need to perform some
extra setup in your test code.
The best solution is to use the
``repoze.bfg.configuration.Configurator.testing_add_renderer`` (or,
alternately the deprecated
``repoze.bfg.testing.registerTemplateRenderer`` or
``registerDummyRenderer``) API within the code comprising each
individual unit test suite to register a "dummy" renderer for each
of the templates and renderers used by code under test. For
config = Configurator()
This will register a basic dummy renderer for this particular
missing template. The ``testing_add_renderer`` API actually
*returns* the renderer, but if you don't care about how the render
is used, you don't care about having a reference to it either.
A more rough way to solve the issue exists. It causes the "real"
template implementations to be used while the system is under test,
which is suboptimal, because tests will run slower, and unit tests
won't actually *be* unit tests, but it is easier. Always ensure you
call the ``setup_registry()`` method of the Configurator . Eg::
reg = MyRegistry()
config = Configurator(registry=reg)
Calling ``setup_registry`` only has an effect if you're *passing in*
a ``registry`` argument to the Configurator constructor.
``setup_registry`` is called by the course of normal operations
anyway if you do not pass in a ``registry``.
If your test suite isn't using a Configurator yet, and is still
using the older ``repoze.bfg.testing`` APIs name ``setUp`` or
``cleanUp``, these will register the renderers on your behalf.
A variant on the symptom for this theme exists: you may already be
dutifully registering a dummy template or renderer for a template
used by the code you're testing using ``testing_register_renderer``
or ``registerTemplateRenderer``, but (perhaps unbeknownst to you)
the code under test expects to be able to use a "real" template
renderer implementation to retrieve or render *another* template
that you forgot was being rendered as a side effect of calling the
code you're testing. This happened to work because it found the
*real* template while the system was under test previously, and now
it cannot. The solution is the same.
It may also help reduce confusion to use a *resource specification*
to specify the template path in the test suite and code rather than
a relative path in either. A resource specification is unambiguous,
while a relative path needs to be relative to "here", where "here"
isn't always well-defined ("here" in a test suite may or may not be
the same as "here" in the code under test).
1.3a5 (2010-07-14)
- New internal exception: ``repoze.bfg.exceptions.URLDecodeError``.
This URL is a subclass of the built-in Python exception named
- When decoding a URL segment to Unicode fails, the exception raised
is now ``repoze.bfg.exceptions.URLDecodeError`` instead of
``UnicodeDecodeError``. This makes it possible to register an
exception view invoked specifically when ``repoze.bfg`` cannot
decode a URL.
Bug Fixes
- Fix regression in
``repoze.bfg.configuration.Configurator.add_static_view``. Before
1.3a4, view names that contained a slash were supported as route
prefixes. 1.3a4 broke this by trying to treat them as full URLs.
- The ``repoze.bfg.exceptions.URLDecodeError`` exception was added to
the exceptions chapter of the API documentation.
Backwards Incompatibilities
- in previous releases, when a URL could not be decoded from UTF-8
during traversal, a ``TypeError`` was raised. Now the error which
is raised is a ``repoze.bfg.exceptions.URLDecodeError``.
1.3a4 (2010-07-03)
- Undocumented hook: make ``get_app`` and ``get_root`` of the
``repoze.bfg.paster.BFGShellCommand`` hookable in cases where
endware may interfere with the default versions.
- In earlier versions, a custom route predicate associated with a url
dispatch route (each of the predicate functions fed to the
``custom_predicates`` argument of
``repoze.bfg.configuration.Configurator.add_route``) has always
required a 2-positional argument signature, e.g. ``(context,
request)``. Before this release, the ``context`` argument was
always ``None``.
As of this release, the first argument passed to a predicate is now
a dictionary conventionally named ``info`` consisting of ``route``,
and ``match``. ``match`` is a dictionary: it represents the
arguments matched in the URL by the route. ``route`` is an object
representing the route which was matched.
This is useful when predicates need access to the route match. For
def any_of(segment_name, *args):
def predicate(info, request):
if info['match'][segment_name] in args:
return True
return predicate
num_one_two_or_three = any_of('num, 'one', 'two', 'three')
add_route('num', '/:num', custom_predicates=(num_one_two_or_three,))
The ``route`` object is an object that has two useful attributes:
``name`` and ``path``. The ``name`` attribute is the route name.
The ``path`` attribute is the route pattern. An example of using
the route in a set of route predicates::
def twenty_ten(info, request):
if info['route'].name in ('ymd', 'ym', 'y'):
return info['match']['year'] == '2010'
add_route('y', '/:year', custom_predicates=(twenty_ten,))
add_route('ym', '/:year/:month', custom_predicates=(twenty_ten,))
add_route('ymd', '/:year/:month:/day', custom_predicates=(twenty_ten,))
- The ``repoze.bfg.url.route_url`` API has changed. If a keyword
``_app_url`` is present in the arguments passed to ``route_url``,
this value will be used as the protocol/hostname/port/leading path
prefix of the generated URL. For example, using an ``_app_url`` of
```` would cause the URL
```` to be returned from this
function if the expansion of the route pattern associated with the
``route_name`` expanded to ``/fleeb/flub``.
- It is now possible to use a URL as the ``name`` argument fed to
``repoze.bfg.configuration.Configurator.add_static_view``. When the
name argument is a URL, the ``repoze.bfg.url.static_url`` API will
generate join this URL (as a prefix) to a path including the static
file name. This makes it more possible to put static media on a
separate webserver for production, while keeping static media
package-internal and served by the development webserver during
- The authorization chapter of the ZODB Wiki Tutorial
(docs/tutorials/bfgwiki) was changed to demonstrate authorization
via a group rather than via a direct username (thanks to Alex
- The authorization chapter of the SQLAlchemy Wiki Tutorial
(docs/tutorials/bfgwiki2) was changed to demonstrate authorization
via a group rather than via a direct username.
- Redirect requests for tutorial sources to and respectively.
- A section named ``Custom Route Predicates`` was added to the URL
Dispatch narrative chapter.
- The Static Resources chapter has been updated to mention using
``static_url`` to generate URLs to external webservers.
- Removed ``repoze.bfg.static.StaticURLFactory`` in favor of a new
abstraction revolving around the (still-internal)
``repoze.bfg.static.StaticURLInfo`` helper class.
1.3a3 (2010-05-01)
Paster Templates
- The ``bfg_alchemy`` and ``bfg_routesalchemy`` templates no longer
register a ``handle_teardown`` event listener which calls
``DBSession.remove``. This was found by Chris Withers to be
- The "bfgwiki2" (URL dispatch wiki) tutorial code and documentation
was changed to remove the ``handle_teardown`` event listener which
calls ``DBSession.remove``.
- Any mention of the ``handle_teardown`` event listener as used by the
paster templates was removed from the URL Dispatch narrative chapter.
- A section entitled Detecting Available Languages was added to the
i18n narrative docs chapter.
1.3a2 (2010-04-28)
- A locale negotiator no longer needs to be registered explicitly. The
default locale negotiator at
``repoze.bfg.i18n.default_locale_negotiator`` is now used
unconditionally as... um, the default locale negotiator.
- The default locale negotiator has become more complex.
* First, the negotiator looks for the ``_LOCALE_`` attribute of
the request object (possibly set by a view or an event listener).
* Then it looks for the ``request.params['_LOCALE_']`` value.
* Then it looks for the ``request.cookies['_LOCALE_']`` value.
Backwards Incompatibilities
- The default locale negotiator now looks for the parameter named
``_LOCALE_`` rather than a parameter named ``locale`` in
Behavior Changes
- A locale negotiator may now return ``None``, signifying that the
default locale should be used.
- Documentation concerning locale negotiation in the
Internationalizationa and Localization chapter was updated.
- Expanded portion of i18n narrative chapter docs which discuss
working with gettext files.
1.3a1 (2010-04-26)
- Added "exception views". When you use an exception (anything that
inherits from the Python ``Exception`` builtin) as view context
argument, e.g.::
from repoze.bfg.view import bfg_view
from repoze.bfg.exceptions import NotFound
from webob.exc import HTTPNotFound
def notfound_view(request):
return HTTPNotFound()
For the above example, when the ``repoze.bfg.exceptions.NotFound``
exception is raised by any view or any root factory, the
``notfound_view`` view callable will be invoked and its response
Other normal view predicates can also be used in combination with an
exception view registration::
from repoze.bfg.view import bfg_view
from repoze.bfg.exceptions import NotFound
from webob.exc import HTTPNotFound
@bfg_view(context=NotFound, route_name='home')
def notfound_view(request):
return HTTPNotFound()
The above exception view names the ``route_name`` of ``home``,
meaning that it will only be called when the route matched has a
name of ``home``. You can therefore have more than one exception
view for any given exception in the system: the "most specific" one
will be called when the set of request circumstances which match the
view registration. The only predicate that cannot be not be used
successfully is ``name``. The name used to look up an exception
view is always the empty string.
Existing (pre-1.3) normal views registered against objects
inheriting from ``Exception`` will continue to work. Exception
views used for user-defined exceptions and system exceptions used as
contexts will also work.
The feature can be used with any view registration mechanism
(``@bfg_view`` decorator, ZCML, or imperative ``config.add_view``
This feature was kindly contributed by Andrey Popp.
- Use "Venusian" (`
<>`_) to perform ``bfg_view``
decorator scanning rather than relying on a BFG-internal decorator
scanner. (Truth be told, Venusian is really just a generalization
of the BFG-internal decorator scanner).
- Internationalization and localization features as documented in the
narrative documentation chapter entitled ``Internationalization and
- A new deployment setting named ``default_locale_name`` was added.
If this string is present as a Paster ``.ini`` file option, it will
be considered the default locale name. The default locale name is
used during locale-related operations such as language translation.
- It is now possible to turn on Chameleon template "debugging mode"
for all Chameleon BFG templates by setting a BFG-related Paster
``.ini`` file setting named ``debug_templates``. The exceptions
raised by Chameleon templates when a rendering fails are sometimes
less than helpful. ``debug_templates`` allows you to configure your
application development environment so that exceptions generated by
Chameleon during template compilation and execution will contain
more helpful debugging information. This mode is on by default in
all new projects.
- Add a new method of the Configurator named ``derive_view`` which can
be used to generate a BFG view callable from a user-supplied
function, instance, or class. This useful for external framework and
plugin authors wishing to wrap callables supplied by their users
which follow the same calling conventions and response conventions
as objects that can be supplied directly to BFG as a view callable.
See the ``derive_view`` method in the
``repoze.bfg.configuration.Configurator`` docs.
- Add a ``translationdir`` ZCML directive to support localization.
- Add a ``localenegotiator`` ZCML directive to support localization.
- The exception views feature replaces the need for the
``set_notfound_view`` and ``set_forbidden_view`` methods of the
``Configurator`` as well as the ``notfound`` and ``forbidden`` ZCML
directives. Those methods and directives will continue to work for
the foreseeable future, but they are deprecated in the
- A new install-time dependency on the ``venusian`` distribution was
- A new install-time dependency on the ``translationstring``
distribution was added.
- Chameleon 1.2.3 or better is now required (internationalization and
per-template debug settings).
- View registrations and lookups are now done with three "requires"
arguments instead of two to accomodate orthogonality of exception
- The ``repoze.bfg.interfaces.IForbiddenView`` and
``repoze.bfg.interfaces.INotFoundView`` interfaces were removed;
they weren't APIs and they became vestigial with the addition of
exception views.
- Remove ```` and import alias
``repoze.bfg.compat.walk_packages``. These were only required by
internal scanning machinery; Venusian replaced the internal scanning
machinery, so these are no longer required.
- Exception view documentation was added to the ``Hooks`` narrative
- A new narrative chapter entitled ``Internationalization and
Localization`` was added.
- The "Environment Variables and ``ini`` File Settings" chapter was
changed: documentation about the ``default_locale_name`` setting was
- A new API chapter for the ``repoze.bfg.i18n`` module was added.
- Documentation for the new ``translationdir`` and
``localenegotiator`` ZCML directives were added.
- A section was added to the Templates chapter entitled "Nicer
Exceptions in Templates" describing the result of setting
``debug_templates = true``.
Paster Templates
- All paster templates now create a ``setup.cfg`` which includes
commands related to nose testing and Babel message catalog
- A ``default_locale_name = en`` setting was added to each existing paster
- A ``debug_templates = true`` setting was added to each existing
paster template.
- The Edgewall (BSD) license was added to the LICENSES.txt file, as
some code in the ``repoze.bfg.i18n`` derives from Babel source.
1.2 (2010-02-10)
- No changes from 1.2b6.
1.2b6 (2010-02-06)
Backwards Incompatibilities
- Remove magical feature of ``repoze.bfg.url.model_url`` which
prepended a fully-expanded urldispatch route URL before a the
model's path if it was noticed that the request had matched a route.
This feature was ill-conceived, and didn't work in all scenarios.
Bug Fixes
- More correct conversion of provided ``renderer`` values to resource
specification values (internal).
1.2b5 (2010-02-04)
Bug Fixes
- 1.2b4 introduced a bug whereby views added via a route configuration
that named a view callable and also a ``view_attr`` became broken.
Symptom: ``MyViewClass is not callable`` or the ``__call__`` of a
class was being called instead of the method named via
- Fix a bug whereby a ``renderer`` argument to the ``@bfg_view``
decorator that provided a package-relative template filename might
not have been resolved properly. Symptom: inappropriate ``Missing
template resource`` errors.
1.2b4 (2010-02-03)
- Update GAE tutorial to use Chameleon instead of Jinja2 (now that
it's possible).
Bug Fixes
- Ensure that ``secure`` flag for AuthTktAuthenticationPolicy
constructor does what it's documented to do (merge Daniel Holth's
fancy-cookies-2 branch).
- Add ``path`` and ``http_only`` options to
AuthTktAuthenticationPolicy constructor (merge Daniel Holth's
fancy-cookies-2 branch).
Backwards Incompatibilities
- Remove ``view_header``, ``view_accept``, ``view_xhr``,
``view_path_info``, ``view_request_method``, ``view_request_param``,
and ``view_containment`` predicate arguments from the
``Configurator.add_route`` argument list. These arguments were
speculative. If you need the features exposed by these arguments,
add a view associated with a route using the ``route_name`` argument
to the ``add_view`` method instead.
- Remove ``view_header``, ``view_accept``, ``view_xhr``,
``view_path_info``, ``view_request_method``, ``view_request_param``,
and ``view_containment`` predicate arguments from the ``route`` ZCML
directive attribute set. These attributes were speculative. If you
need the features exposed by these attributes, add a view associated
with a route using the ``route_name`` attribute of the ``view`` ZCML
directive instead.
- Remove dependency on ``sourcecodegen`` (not depended upon by
Chameleon 1.1.1+).
1.2b3 (2010-01-24)
Bug Fixes
- When "hybrid mode" (both traversal and urldispatch) is in use,
default to finding route-related views even if a non-route-related
view registration has been made with a more specific context. The
default used to be to find views with a more specific context first.
Use the new ``use_global_views`` argument to the route definition to
get back the older behavior.
- Add ``use_global_views`` argument to ``add_route`` method of
Configurator. When this argument is true, views registered for *no*
route will be found if no more specific view related to the route is
- Add ``use_global_views`` attribute to ZCML ``<route>`` directive
(see above).
- When registering a view, register the view adapter with the
"requires" interfaces as ``(request_type, context_type)`` rather
than ``(context_type, request_type)``. This provides for saner
lookup, because the registration will always be made with a specific
request interface, but registration may not be made with a specific
context interface. In general, when creating multiadapters, you
want to order the requires interfaces so that the the elements which
are more likely to be registered using specific interfaces are
ordered before those which are less likely.
1.2b2 (2010-01-21)
Bug Fixes
- When the ``Configurator`` is passed an instance of
``zope.component.registry.Components`` as a ``registry`` constructor
argument, fix the instance up to have the attributes we expect of an
instance of ``repoze.bfg.registry.Registry`` when ``setup_registry``
is called. This makes it possible to use the global Zope component
registry as a BFG application registry.
- When WebOb was used, a deprecation warning was issued for
the class attribute named ``charset`` within
``repoze.bfg.request.Request``. BFG now *requires* WebOb >= 0.9.7,
and code was added so that this deprecation warning has disappeared.
- Fix a view lookup ordering bug whereby a view with a larger number
of predicates registered first (literally first, not "earlier") for
a triad would lose during view lookup to one registered with fewer.
- Make sure views with exactly N custom predicates are always called
before views with exactly N non-custom predicates given all else is
equal in the view configuration.
- Change renderings of ZCML directive documentation.
- Add a narrative documentation chapter: "Using the Zope Component
Architecture in repoze.bfg".
- Require WebOb >= 0.9.7
1.2b1 (2010-01-18)
Bug Fixes
- In ``bfg_routesalchemy``, ``bfg_alchemy`` paster templates and the
``bfgwiki2`` tutorial, clean up the SQLAlchemy connection by
registering a ```` callback instead of relying on
a ``__del__`` method of a ``Cleanup`` class added to the WSGI
environment. The ``__del__`` strategy was fragile and caused
problems in the wild. Thanks to Daniel Holth for testing.
- Read logging configuration from PasteDeploy config file ``loggers``
section (and related) when ``paster bfgshell`` is invoked.
- Major rework in preparation for book publication.
1.2a11 (2010-01-05)
Bug Fixes
- Make ``paster bfgshell`` and ``paster create -t bfg_xxx`` work on
Jython (fix minor incompatibility with treatment of ``__doc__`` at
the class level).
- Updated dependency on ``WebOb`` to require a version which supports
features now used in tests.
- Jython compatibility (at least when repoze.bfg.jinja2 is used as the
templating engine; Chameleon does not work under Jython).
- Show the derived abspath of template resource specifications in the
traceback when a renderer template cannot be found.
- Show the original traceback when a Chameleon template cannot be
rendered due to a platform incompatibility.
1.2a10 (2010-01-04)
- The ``Configurator.add_view`` method now accepts an argument named
``context``. This is an alias for the older argument named
``for_``; it is preferred over ``for_``, but ``for_`` will continue
to be supported "forever".
- The ``view`` ZCML directive now accepts an attribute named
``context``. This is an alias for the older attribute named
``for``; it is preferred over ``for``, but ``for`` will continue to
be supported "forever".
- The ``Configurator.add_route`` method now accepts an argument named
``view_context``. This is an alias for the older argument named
``view_for``; it is preferred over ``view_for``, but ``view_for``
will continue to be supported "forever".
- The ``route`` ZCML directive now accepts an attribute named
``view_context``. This is an alias for the older attribute named
``view_for``; it is preferred over ``view_for``, but ``view_for``
will continue to be supported "forever".
Documentation and Paster Templates
- LaTeX rendering tweaks.
- All uses of the ``Configurator.add_view`` method that used its
``for_`` argument now use the ``context`` argument instead.
- All uses of the ``Configurator.add_route`` method that used its
``view_for`` argument now use the ``view_context`` argument instead.
- All uses of the ``view`` ZCML directive that used its ``for``
attribute now use the ``context`` attribute instead.
- All uses of the ``route`` ZCML directive that used its ``view_for``
attribute now use the ``view_context`` attribute instead.
- Add a (minimal) tutorial dealing with use of ``repoze.catalog`` in a
``repoze.bfg`` application.
Documentation Licensing
- Loosen the documentation licensing to allow derivative works: it is
now offered under the `Creative Commons
Attribution-Noncommercial-Share Alike 3.0 United States License
<>`_. This is
only a documentation licensing change; the ``repoze.bfg`` software
continues to be offered under the Repoze Public License at (BSD-like).
1.2a9 (2009-12-27)
Documentation Licensing
- The *documentation* (the result of ``make <html|latex|htmlhelp>``
within the ``docs`` directory) in this release is now offered under
the Creative Commons Attribution-Noncommercial-No Derivative Works
3.0 United States License as described by . This is only
a licensing change for the documentation; the ``repoze.bfg``
software continues to be offered under the Repoze Public License
at (BSD-like).
- Added manual index entries to generated index.
- Document the previously existing (but non-API)
``repoze.bfg.configuration.Configurator.setup_registry`` method as
an official API of a ``Configurator``.
- Fix syntax errors in various documentation code blocks.
- Created new top-level documentation section: "ZCML Directives".
This section contains detailed ZCML directive information, some of
which was removed from various narrative chapters.
- The LaTeX rendering of the documentation has been improved.
- Added a "Fore-Matter" section with author, copyright, and licensing
1.2a8 (2009-12-24)
- Add a ``**kw`` arg to the ``Configurator.add_settings`` API.
- Add ``hook_zca`` and ``unhook_zca`` methods to the ``Configurator``
- The ``repoze.bfg.testing.setUp`` method now returns a
``Configurator`` instance which can be used to do further
configuration during unit tests.
Bug Fixes
- The ``json`` renderer failed to set the response content type to
``application/json``. It now does, by setting
``request.response_content_type`` unless this attribute is already
- The ``string`` renderer failed to set the response content type to
``text/plain``. It now does, by setting
``request.response_content_type`` unless this attribute is already
- General documentation improvements by using better Sphinx roles such
as "class", "func", "meth", and so on. This means that there are
many more hyperlinks pointing to API documentation for API
definitions in all narrative, tutorial, and API documentation
- Added a description of imperative configuration in various places
which only described ZCML configuration.
- A syntactical refreshing of various tutorials.
- Added the ``repoze.bfg.authentication``,
``repoze.bfg.authorization``, and ``repoze.bfg.interfaces`` modules
to API documentation.
- The ``repoze.bfg.testing.registerRoutesMapper`` API (added in an
early 1.2 alpha) was deprecated. Its import now generates a
deprecation warning.
1.2a7 (2009-12-20)
- Add four new testing-related APIs to the
``repoze.bfg.configuration.Configurator`` class:
``testing_securitypolicy``, ``testing_models``,
``testing_add_subscriber``, and ``testing_add_template``. These
were added in order to provide more direct access to the
functionality of the ``repoze.bfg.testing`` APIs named
``registerDummySecurityPolicy``, ``registerModels``,
``registerEventListener``, and ``registerTemplateRenderer`` when a
configurator is used. The ``testing`` APIs named are nominally
deprecated (although they will likely remain around "forever", as
they are in heavy use in the wild).
- Add a new API to the ``repoze.bfg.configuration.Configurator``
class: ``add_settings``. This API can be used to add "settings"
(information returned within via the
``repoze.bfg.settings.get_settings`` API) after the configurator has
been initially set up. This is most useful for testing purposes.
- Add a ``custom_predicates`` argument to the ``Configurator``
``add_view`` method, the ``bfg_view`` decorator and the attribute
list of the ZCML ``view`` directive. If ``custom_predicates`` is
specified, it must be a sequence of predicate callables (a predicate
callable accepts two arguments: ``context`` and ``request`` and
returns ``True`` or ``False``). The associated view callable will
only be invoked if all custom predicates return ``True``. Use one
or more custom predicates when no existing predefined predicate is
useful. Predefined and custom predicates can be mixed freely.
- Add a ``custom_predicates`` argument to the ``Configurator``
``add_route`` and the attribute list of the ZCML ``route``
directive. If ``custom_predicates`` is specified, it must be a
sequence of predicate callables (a predicate callable accepts two
arguments: ``context`` and ``request`` and returns ``True`` or
``False``). The associated route will match will only be invoked if
all custom predicates return ``True``, else route matching
continues. Note that the value ``context`` will always be ``None``
when passed to a custom route predicate. Use one or more custom
predicates when no existing predefined predicate is useful.
Predefined and custom predicates can be mixed freely.
- Remove the ``repoze.bfg.testing.registerTraverser`` function. This
function was never an API.
- Doc-deprecated most helper functions in the ``repoze.bfg.testing``
module. These helper functions likely won't be removed any time
soon, nor will they generate a warning any time soon, due to their
heavy use in the wild, but equivalent behavior exists in methods of
a Configurator.
1.2a6 (2009-12-18)
- The ``Configurator`` object now has two new methods: ``begin`` and
``end``. The ``begin`` method is meant to be called before any
"configuration" begins (e.g. before ``add_view``, et. al are
called). The ``end`` method is meant to be called after all
"configuration" is complete.
Previously, before there was imperative configuration at all (1.1
and prior), configuration begin and end was invariably implied by
the process of loading a ZCML file. When a ZCML load happened, the
threadlocal data structure containing the request and registry was
modified before the load, and torn down after the load, making sure
that all framework code that needed ``get_current_registry`` for the
duration of the ZCML load was satisfied.
Some API methods called during imperative configuration, (such as
``Configurator.add_view`` when a renderer is involved) end up for
historical reasons calling ``get_current_registry``. However, in
1.2a5 and below, the Configurator supplied no functionality that
allowed people to make sure that ``get_current_registry`` returned
the registry implied by the configurator being used. ``begin`` now
serves this purpose. Inversely, ``end`` pops the thread local
stack, undoing the actions of ``begin``.
We make this boundary explicit to reduce the potential for confusion
when the configurator is used in different circumstances (e.g. in
unit tests and app code vs. just in initial app setup).
Existing code written for 1.2a1-1.2a5 which does not call ``begin``
or ``end`` continues to work in the same manner it did before. It
is however suggested that this code be changed to call ``begin`` and
``end`` to reduce the potential for confusion in the future.
- All ``paster`` templates which generate an application skeleton now
make use of the new ``begin`` and ``end`` methods of the
Configurator they use in their respective copies of ```` and
- All documentation that makes use of a ``Configurator`` object to do
application setup and test setup now makes use of the new ``begin``
and ``end`` methods of the configurator.
Bug Fixes
- When a ``repoze.bfg.exceptions.NotFound`` or
``repoze.bfg.exceptions.Forbidden`` *class* (as opposed to instance)
was raised as an exception within a root factory (or route root
factory), the exception would not be caught properly by the
``repoze.bfg.`` Router and it would propagate to up the call stack,
as opposed to rendering the not found view or the forbidden view as
would have been expected.
- When Chameleon page or text templates used as renderers were added
imperatively (via ``Configurator.add_view`` or some derivative),
they too-eagerly attempted to look up the ``reload_templates``
setting via ``get_settings``, meaning they were always registered in
non-auto-reload-mode (the default). Each now waits until its
respective ``template`` attribute is accessed to look up the value.
- When a route with the same name as a previously registered route was
added, the old route was not removed from the mapper's routelist.
Symptom: the old registered route would be used (and possibly
matched) during route lookup when it should not have had a chance to
ever be used.
1.2a5 (2009-12-10)
- When the ``repoze.bfg.exceptions.NotFound`` or
``repoze.bfg.exceptions.Forbidden`` error is raised from within a
custom root factory or the ``factory`` of a route, the appropriate
response is now sent to the requesting user agent (the result of the
notfound view or the forbidden view, respectively). When these
errors are raised from within a root factory, the ``context`` passed
to the notfound or forbidden view will be ``None``. Also, the
request will not be decorated with ``view_name``, ``subpath``,
``context``, etc. as would normally be the case if traversal had
been allowed to take place.
- The exception class representing the error raised by various methods
of a ``Configurator`` is now importable as
- General documentation freshening which takes imperative
configuration into account in more places and uses glossary
references more liberally.
- Remove explanation of changing the request type in a new request
event subscriber, as other predicates are now usually an easier way
to get this done.
- Added "Thread Locals" narrative chapter to documentation, and added
a API chapter documenting the ``repoze.bfg.threadlocals`` module.
- Added a "Special Exceptions" section to the "Views" narrative
documentation chapter explaining the effect of raising
``repoze.bfg.exceptions.NotFound`` and
``repoze.bfg.exceptions.Forbidden`` from within view code.
- A new dependency on the ``twill`` package was added to the
```` ``tests_require`` argument (Twill will only be
downloaded when ``repoze.bfg`` `` test`` or ``
nosetests`` is invoked).
1.2a4 (2009-12-07)
- ``repoze.bfg.testing.DummyModel`` now accepts a new constructor
keyword argument: ``__provides__``. If this constructor argument is
provided, it should be an interface or a tuple of interfaces. The
resulting model will then provide these interfaces (they will be
attached to the constructed model via
Bug Fixes
- Operation on GAE was broken, presumably because the
``repoze.bfg.configuration`` module began to attempt to import the
``repoze.bfg.chameleon_zpt`` and ``repoze.bfg.chameleon_text``
modules, and these cannot be used on non-CPython platforms. It now
tolerates startup time import failures for these modules, and only
raise an import error when a template from one of these packages is
actually used.
1.2a3 (2009-12-02)
Bug Fixes
- The ``repoze.bfg.url.route_url`` function inappropriately passed
along ``_query`` and/or ``_anchor`` arguments to the
``mapper.generate`` function, resulting in blowups.
- When two views were registered with differering ``for`` interfaces
or classes, and the ``for`` of first view registered was a
superclass of the second, the ``repoze.bfg`` view machinery would
incorrectly associate the two views with the same "multiview".
Multiviews are meant to be collections of views that have *exactly*
the same for/request/viewname values, without taking inheritance
into account. Symptom: wrong view callable found even when you had
correctly specified a ``for_`` interface/class during view
configuration for one or both view configurations.
Backwards Incompatibilities
- The ``repoze.bfg.templating`` module has been removed; it had been
deprecated in 1.1 and never actually had any APIs in it.
1.2a2 (2009-11-29)
Bug Fixes
- The the long description of this package (as shown on PyPI) was not
valid reStructuredText, and so was not renderable.
- Trying to use an HTTP method name string such as ``GET`` as a
``request_type`` predicate argument caused a startup time failure
when it was encountered in imperative configuration or in a
decorator (symptom: ``Type Error: Required specification must be a
specification``). This now works again, although ``request_method``
is now the preferred predicate argument for associating a view
configuration with an HTTP request method.
- Fixed "Startup" narrative documentation chapter; it was explaining
"the old way" an application constructor worked.
1.2a1 (2009-11-28)
- An imperative configuration mode.
A ``repoze.bfg`` application can now begin its life as a single
Python file. Later, the application might evolve into a set of
Python files in a package. Even later, it might start making use of
other configuration features, such as ``ZCML``. But neither the use
of a package nor the use of non-imperative configuration is required
to create a simple ``repoze.bfg`` application any longer.
Imperative configuration makes ``repoze.bfg`` competetive with
"microframeworks" such as `Bottle <>`_ and
`Tornado <>`_. ``repoze.bfg`` has a good
deal of functionality that most microframeworks lack, so this is
hopefully a "best of both worlds" feature.
The simplest possible ``repoze.bfg`` application is now::
from webob import Response
from wsgiref import simple_server
from repoze.bfg.configuration import Configurator
def hello_world(request):
return Response('Hello world!')
if __name__ == '__main__':
config = Configurator()
app = config.make_wsgi_app()
simple_server.make_server('', 8080, app).serve_forever()
- A new class now exists: ``repoze.bfg.configuration.Configurator``.
This class forms the basis for sharing machinery between
"imperatively" configured applications and traditional
declaratively-configured applications.
- The ``repoze.bfg.testing.setUp`` function now accepts three extra
optional keyword arguments: ``registry``, ``request`` and
If the ``registry`` argument is not ``None``, the argument will be
treated as the registry that is set as the "current registry" (it
will be returned by ``repoze.bfg.threadlocal.get_current_registry``)
for the duration of the test. If the ``registry`` argument is
``None`` (the default), a new registry is created and used for the
duration of the test.
The value of the ``request`` argument is used as the "current
request" (it will be returned by
``repoze.bfg.threadlocal.get_current_request``) for the duration of
the test; it defaults to ``None``.
If ``hook_zca`` is ``True`` (the default), the
``zope.component.getSiteManager`` function will be hooked with a
function that returns the value of ``registry`` (or the
default-created registry if ``registry`` is ``None``) instead of the
registry returned by ``zope.component.getGlobalSiteManager``,
causing the Zope Component Architecture API (``getSiteManager``,
``getAdapter``, ``getUtility``, and so on) to use the testing
registry instead of the global ZCA registry.
- The ``repoze.bfg.testing.tearDown`` function now accepts an
``unhook_zca`` argument. If this argument is ``True`` (the
default), ``zope.component.getSiteManager.reset()`` will be called.
This will cause the result of the ``zope.component.getSiteManager``
function to be the global ZCA registry (the result of
``zope.component.getGlobalSiteManager``) once again.
- The ```` module in various ``repoze.bfg`` ``paster`` templates
now use a ``repoze.bfg.configuration.Configurator`` class instead of
the (now-legacy) ``repoze.bfg.router.make_app`` function to produce
a WSGI application.
- The documentation now uses the "request-only" view calling
convention in most examples (as opposed to the ``context, request``
convention). This is a documentation-only change; the ``context,
request`` convention is also supported and documented, and will be
- ``repoze.bfg.configuration`` API documentation has been added.
- A narrative documentation chapter entitled "Creating Your First
``repoze.bfg`` Application" has been added. This chapter details
usage of the new ``repoze.bfg.configuration.Configurator`` class,
and demonstrates a simplified "imperative-mode" configuration; doing
``repoze.bfg`` application configuration imperatively was previously
much more difficult.
- A narrative documentation chapter entitled "Configuration,
Decorations and Code Scanning" explaining ZCML- vs. imperative-
vs. decorator-based configuration equivalence.
- The "ZCML Hooks" chapter has been renamed to "Hooks"; it documents
how to override hooks now via imperative configuration and ZCML.
- The explanation about how to supply an alternate "response factory"
has been removed from the "Hooks" chapter. This feature may be
removed in a later release (it still works now, it's just not
- Add a section entitled "Test Set Up and Tear Down" to the
unittesting chapter.
Bug Fixes
- The ACL authorization policy debugging output when
``debug_authorization`` console debugging output was turned on
wasn't as clear as it could have been when a view execution was
denied due to an authorization failure resulting from the set of
principals passed never having matched any ACE in any ACL in the
lineage. Now in this case, we report ``<default deny>`` as the ACE
value and either the root ACL or ``<No ACL found on any object in
model lineage>`` if no ACL was found.
- When two views were registered with the same ``accept`` argument,
but were otherwise registered with the same arguments, if a request
entered the application which had an ``Accept`` header that accepted
*either* of the media types defined by the set of views registered
with predicates that otherwise matched, a more or less "random" one
view would "win". Now, we try harder to use the view callable
associated with the view configuration that has the most specific
``accept`` argument. Thanks to Alberto Valverde for an initial
- The routes mapper is no longer a root factory wrapper. It is now
consulted directly by the router.
- The ``repoze.bfg.registry.make_registry`` callable has been removed.
- The ``repoze.bfg.view.map_view`` callable has been removed.
- The ``repoze.bfg.view.owrap_view`` callable has been removed.
- The ``repoze.bfg.view.predicate_wrap`` callable has been removed.
- The ``repoze.bfg.view.secure_view`` callable has been removed.
- The ``repoze.bfg.view.authdebug_view`` callable has been removed.
- The ``repoze.bfg.view.renderer_from_name`` callable has been
removed. Use ``repoze.bfg.configuration.Configurator.renderer_from_name``
instead (still not an API, however).
- The ``repoze.bfg.view.derive_view`` callable has been removed. Use
``repoze.bfg.configuration.Configurator.derive_view`` instead (still
not an API, however).
- The ``repoze.bfg.settings.get_options`` callable has been removed.
Its job has been subsumed by the ``repoze.bfg.settings.Settings``
class constructor.
- The ``repoze.bfg.view.requestonly`` function has been moved to
- The ``repoze.bfg.view.rendered_response`` function has been moved to
- The ``repoze.bfg.view.decorate_view`` function has been moved to
- The ``repoze.bfg.view.MultiView`` class has been moved to
- The ``repoze.bfg.zcml.Uncacheable`` class has been removed.
- The ``repoze.bfg.resource.resource_spec`` function has been removed.
- All ZCML directives which deal with attributes which are paths now
use the ``path`` method of the ZCML context to resolve a relative
name to an absolute one (imperative configuration requirement).
- The ``repoze.bfg.scripting.get_root`` API now uses a 'real' WebOb
request rather than a FakeRequest when it sets up the request as a
- The ``repoze.bfg.traversal.traverse`` API now uses a 'real' WebOb
request rather than a FakeRequest when it calls the traverser.
- The ``repoze.bfg.request.FakeRequest`` class has been removed.
- Most uses of the ZCA threadlocal API (the ``getSiteManager``,
``getUtility``, ``getAdapter``, ``getMultiAdapter`` threadlocal API)
have been removed from the core. Instead, when a threadlocal is
necessary, the core uses the
``repoze.bfg.threadlocal.get_current_registry`` API to obtain the
- The internal ILogger utility named ``repoze.bfg.debug`` is now just
an IDebugLogger unnamed utility. A named utility with the old name
is registered for b/w compat.
- The ``repoze.bfg.interfaces.ITemplateRendererFactory`` interface was
removed; it has become unused.
- Instead of depending on the ``martian`` package to do code scanning,
we now just use our own scanning routines.
- We now no longer have a dependency on ``repoze.zcml`` package;
instead, the ``repoze.bfg`` package includes implementations of the
``adapter``, ``subscriber`` and ``utility`` directives.
- Relating to the following functions:
Each of these functions now expects to be called with a request
object that has a ``registry`` attribute which represents the
current ``repoze.bfg`` registry. They fall back to obtaining the
registry from the threadlocal API.
Backwards Incompatibilites
- Unit tests which use ``zope.testing.cleanup.cleanUp`` for the
purpose of isolating tests from one another may now begin to fail
due to lack of isolation between tests.
Here's why: In repoze.bfg 1.1 and prior, the registry returned by
``repoze.bfg.threadlocal.get_current_registry`` when no other
registry had been pushed on to the threadlocal stack was the
``zope.component.globalregistry.base`` global registry (aka the
result of ``zope.component.getGlobalSiteManager()``). In repoze.bfg
1.2+, however, the registry returned in this situation is the new
module-scope ``repoze.bfg.registry.global_registry`` object. The
``zope.testing.cleanup.cleanUp`` function clears the
``zope.component.globalregistry.base`` global registry
unconditionally. However, it does not know about the
``repoze.bfg.registry.global_registry`` object, so it does not clear
If you use the ``zope.testing.cleanup.cleanUp`` function in the
``setUp`` of test cases in your unit test suite instead of using the
(more correct as of 1.1) ``repoze.bfg.testing.setUp``, you will need
to replace all calls to ``zope.testing.cleanup.cleanUp`` with a call
to ``repoze.bfg.testing.setUp``.
If replacing all calls to ``zope.testing.cleanup.cleanUp`` with a
call to ``repoze.bfg.testing.setUp`` is infeasible, you can put this
bit of code somewhere that is executed exactly **once** (*not* for
each test in a test suite; in the ```` of your package
or your package's ``tests`` subpackage would be a reasonable
import zope.testing.cleanup
from repoze.bfg.testing import setUp
- When there is no "current registry" in the
``repoze.bfg.threadlocal.manager`` threadlocal data structure (this
is the case when there is no "current request" or we're not in the
midst of a ``r.b.testing.setUp``-bounded unit test), the ``.get``
method of the manager returns a data structure containing a *global*
registry. In previous releases, this function returned the global
Zope "base" registry: the result of
``zope.component.getGlobalSiteManager``, which is an instance of the
``zope.component.registry.Component`` class. In this release,
however, the global registry returns a globally importable instance
of the ``repoze.bfg.registry.Registry`` class. This registry
instance can always be imported as
Effectively, this means that when you call
``repoze.bfg.threadlocal.get_current_registry`` when no request or
``setUp`` bounded unit test is in effect, you will always get back
the global registry that lives in
``repoze.bfg.registry.global_registry``. It also means that
``repoze.bfg`` APIs that *call* ``get_current_registry`` will use
this registry.
This change was made because ``repoze.bfg`` now expects the registry
it uses to have a slightly different API than a bare instance of
- View registration no longer registers a
``repoze.bfg.interfaces.IViewPermission`` adapter (it is no longer
checked by the framework; since 1.1, views have been responsible for
providing their own security).
- The ``repoze.bfg.router.make_app`` callable no longer accepts the
``authentication_policy`` nor the ``authorization_policy``
arguments. This feature was deprecated in version 1.0 and has been
- Obscure: the machinery which configured views with a
``request_type`` *and* a ``route_name`` would ignore the request
interface implied by ``route_name`` registering a view only for the
interface implied by ``request_type``. In the unlikely event that
you were trying to use these two features together, the symptom
would have been that views that named a ``request_type`` but which
were also associated with routes were not found when the route
matched. Now if a view is configured with both a ``request_type``
and a ``route_name``, an error is raised.
- The ``route`` ZCML directive now no longer accepts the
``request_type`` or ``view_request_type`` attributes. These
attributes didn't actually work in any useful way (see entry above
this one).
- Because the ``repoze.bfg`` package now includes implementations of
the ``adapter``, ``subscriber`` and ``utility`` ZCML directives, it
is now an error to have ``<include package="repoze.zcml"
file="meta.zcml"/>`` in the ZCML of a ``repoze.bfg`` application. A
ZCML conflict error will be raised if your ZCML does so. This
shouldn't be an issue for "normal" installations; it has always been
the responsibility of the ``repoze.bfg.includes`` ZCML to include
this file in the past; it now just doesn't.
- The ``repoze.bfg.testing.zcml_configure`` API was removed. Use
the ``Configurator.load_zcml`` API instead.
- The ``repoze.bfg.router.make_app`` function is now nominally
deprecated. Its import and usage does not throw a warning, nor will
it probably ever disappear. However, using a
``repoze.bfg.configuration.Configurator`` class is now the preferred
way to generate a WSGI application.
Note that ``make_app`` calls
repoze.bfg.threadlocal.get_current_registry)`` on the caller's
behalf, hooking ZCA global API lookups, for backwards compatibility
purposes. If you disuse ``make_app``, your calling code will need
to perform this call itself, at least if your application uses the
ZCA global API (``getSiteManager``, ``getAdapter``, etc).
- A dependency on the ``martian`` package has been removed (its
functionality is replaced internally).
- A dependency on the ``repoze.zcml`` package has been removed (its
functionality is replaced internally).
1.1.1 (2009-11-21)
Bug Fixes
- "Hybrid mode" applications (applications which explicitly used
traversal *after* url dispatch via ``<route>`` paths containing the
``*traverse`` element) were broken in 1.1-final and all 1.1 alpha
and beta releases. Views registered without a ``route_name`` route
shadowed views registered with a ``route_name`` inappropriately.
1.1 (2009-11-15)
- Remove dead IRouteRequirement interface from ``repoze.bfg.zcml``
- Improve the "Extending an Existing Application" narrative chapter.
- Add more sections to the "Defending Design" chapter.
1.1b4 (2009-11-12)
Bug Fixes
- Use ``alsoProvides`` in the urldispatch module to attach an
interface to the request rather than ``directlyProvides`` to avoid
disturbing interfaces set in a NewRequest event handler.
- Move 1.0.1 and previous changelog to HISTORY.txt.
- Add examples to ``repoze.bfg.url.model_url`` docstring.
- Add "Defending BFG Design" chapter to frontpage docs.
- Remove ```` and its import from all paster templates,
samples, and tutorials for ``distribute`` compatibility. The
documentation already explains how to install virtualenv (which will
include some ``setuptools`` package), so these files, imports and
usages were superfluous.
- The ``options`` kw arg to the ``repoze.bfg.router.make_app``
function is deprecated. In its place is the keyword argument
``settings``. The ``options`` keyword continues to work, and a
deprecation warning is not emitted when it is detected. However,
the paster templates, code samples, and documentation now make
reference to ``settings`` rather than ``options``. This
change/deprecation was mainly made for purposes of clarity and
symmetry with the ``get_settings()`` API and dicussions of
"settings" in various places in the docs: we want to use the same
name to refer to the same thing everywhere.
1.1b3 (2009-11-06)
- ``repoze.bfg.testing.registerRoutesMapper`` testing facility added.
This testing function registers a routes "mapper" object in the
registry, for tests which require its presence. This function is
documented in the ``repoze.bfg.testing`` API documentation.
Bug Fixes
- Compound statements that used an assignment entered into in an
interactive IPython session invoked via ``paster bfgshell`` no
longer fail to mutate the shell namespace correctly. For example,
this set of statements used to fail::
In [2]: def bar(x): return x
In [3]: list(bar(x) for x in 'abc')
Out[3]: NameError: 'bar'
In this release, the ``bar`` function is found and the correct
output is now sent to the console. Thanks to Daniel Holth for the
- The ``bfgshell`` command did not function properly; it was still
expecting to be able to call the root factory with a bare
``environ`` rather than a request object.
Backwards Incompatibilities
- The ``repoze.bfg.scripting.get_root`` function now expects a
``request`` object as its second argument rather than an
1.1b2 (2009-11-02)
Bug Fixes
- Prevent PyPI installation failure due to ``easy_install`` trying way
too hard to guess the best version of Paste. When ``easy_install``
pulls from PyPI it reads links off various pages to determine "more
up to date" versions. It incorrectly picks up a link for an ancient
version of a package named "Paste-Deploy-0.1" (note the dash) when
trying to find the "Paste" distribution and somehow believes it's
the latest version of "Paste". It also somehow "helpfully" decides
to check out a version of this package from SVN. We pin the Paste
dependency version to a version greater than 1.7 to work around
this ``easy_install`` bug.
- Fix "Hybrid" narrative chapter: stop claiming that ``<view>``
statements that mention a route_name need to come afer (in XML
order) the ``<route>`` statement which creates the route. This
hasn't been true since 1.1a1.
- "What's New in ``repoze.bfg`` 1.1" document added to narrative
- Add a new event type: ````. Events
of this type will be sent after traversal is completed, but before
any view code is invoked. Like ````,
This event will have a single attribute: ``request`` representing
the current request. Unlike the request attribute of
```` however, during an AfterTraversal
event, the request object will possess attributes set by the
traverser, most notably ``context``, which will be the context used
when a view is found and invoked. The interface
```` can be used to subscribe to
the event. For example::
<subscriber for="repoze.bfg.interfaces.IAfterTraversal"
Like any framework event, a subscriber function should expect one
parameter: ``event``.
- Rather than depending on ``chameleon.core`` and ``chameleon.zpt``
distributions individually, depend on Malthe's repackaged
``Chameleon`` distribution (which includes both ``chameleon.core``
and ``chameleon.zpt``).
1.1b1 (2009-11-01)
Bug Fixes
- The routes root factory called route factories and the default route
factory with an environ rather than a request. One of the symptoms
of this bug: applications generated using the ``bfg_zodb`` paster
template in 1.1a9 did not work properly.
- Reinstate ``renderer`` alias for ``view_renderer`` in the
``<route>`` ZCML directive (in-the-wild 1.1a bw compat).
- ``bfg_routesalchemy`` paster template: change ``<route>``
declarations: rename ``renderer`` attribute to ``view_renderer``.
- Header values returned by the ``authtktauthenticationpolicy``
``remember`` and ``forget`` methods would be of type ``unicode``.
This violated the WSGI spec, causing a ``TypeError`` to be raised
when these headers were used under ``mod_wsgi``.
- If a BFG app that had a route matching the root URL was mounted
under a path in modwsgi, ala ``WSGIScriptAlias /myapp
/Users/chrism/projects/modwsgi/env/bfg.wsgi``, the home route (a
route with the path of ``'/'`` or ``''``) would not match when the
path ``/myapp`` was visited (only when the path ``/myapp/`` was
visited). This is now fixed: if the urldispatch root factory notes
that the PATH_INFO is empty, it converts it to a single slash before
trying to do matching.
- In ``<route>`` declarations in tutorial ZCML, rename ``renderer``
attribute to ``view_renderer`` (fwd compat).
- Fix various tutorials broken by 1.1a9 ``<route>`` directive changes.
- Deal with a potential circref in the traversal module.
1.1a9 (2009-10-31)
Bug Fixes
- An incorrect ZCML conflict would be encountered when the
``request_param`` predicate attribute was used on the ZCML ``view``
directive if any two otherwise same-predicated views had the
combination of a predicate value with an ``=`` sign and one without
(e.g. ``a`` vs. ``a=123``).
- In previous versions of BFG, the "root factory" (the ``get_root``
callable passed to ``make_app`` or a function pointed to by the
``factory`` attribute of a route) was called with a "bare" WSGI
environment. In this version, and going forward, it will be called
with a ``request`` object. The request object passed to the factory
implements dictionary-like methods in such a way that existing root
factory code which expects to be passed an environ will continue to
- The ``__call__`` of a plugin "traverser" implementation (registered
as an adapter for ``ITraverser`` or ``ITraverserFactory``) will now
receive a *request* as the single argument to its ``__call__``
method. In previous versions it was passed a WSGI ``environ``
object. The request object passed to the factory implements
dictionary-like methods in such a way that existing traverser code
which expects to be passed an environ will continue to work.
- The ZCML ``route`` directive's attributes ``xhr``,
``request_method``, ``path_info``, ``request_param``, ``header`` and
``accept`` are now *route* predicates rather than *view* predicates.
If one or more of these predicates is specified in the route
configuration, all of the predicates must return true for the route
to match a request. If one or more of the route predicates
associated with a route returns ``False`` when checked during a
request, the route match fails, and the next match in the routelist
is tried. This differs from the previous behavior, where no route
predicates existed and all predicates were considered view
predicates, because in that scenario, the next route was not tried.
- Various changes were made to narrative and API documentation
supporting the change from passing a request rather than an environ
to root factories and traversers.
- The request implements dictionary-like methods that mutate and query
the WSGI environ. This is only for the purpose of backwards
compatibility with root factories which expect an ``environ`` rather
than a request.
- The ``repoze.bfg.request.create_route_request_factory`` function,
which returned a request factory was removed in favor of a
``repoze.bfg.request.route_request_interface`` function, which
returns an interface.
- The ``repoze.bfg.request.Request`` class, which is a subclass of
``webob.Request`` now defines its own ``__setattr__``,
``__getattr__`` and ``__delattr__`` methods, which override the
default WebOb behavior. The default WebOb behavior stores
attributes of the request in ``self.environ['webob.adhoc_attrs']``,
and retrieves them from that dictionary during a ``__getattr__``.
This behavior was undesirable for speed and "expectation" reasons.
Now attributes of the ``request`` are stored in ``request.__dict__``
(as you otherwise might expect from an object that did not override
these methods).
- The router no longer calls ``repoze.bfg.traversal._traverse`` and
does its work "inline" (speed).
- Reverse the order in which the router calls the request factory and
the root factory. The request factory is now called first; the
resulting request is passed to the root factory.
- The ``repoze.bfg.request.request_factory`` function has been
removed. Its functionality is no longer required.
- The "routes root factory" that wraps the default root factory when
there are routes mentioned in the configuration now attaches an
interface to the request via ``zope.interface.directlyProvides``.
This replaces logic in the (now-gone)
``repoze.bfg.request.request_factory`` function.
- The ``route`` and ``view`` ZCML directives now register an interface
as a named utility (retrieved from
``repoze.bfg.request.route_request_interface``) rather than a
request factory (the previous return value of the now-missing
- The ``repoze.bfg.functional`` module was renamed to
Backwards Incompatibilities
- Explicitly revert the feature introduced in 1.1a8: where the name
``root`` is available as an attribute of the request before a
NewRequest event is emitted. This makes some potential future
features impossible, or at least awkward (such as grouping traversal
and view lookup into a single adapter lookup).
- The ``containment``, ``attr`` and ``renderer`` attributes of the
``route`` ZCML directive were removed.
1.1a8 (2009-10-27)
- Add ``path_info`` view configuration predicate.
- ``paster bfgshell`` now supports IPython if it's available for
import. Thanks to Daniel Holth for the initial patch.
- Add ``repoze.bfg.testing.registerSettings`` API, which is documented
in the "repoze.bfg.testing" API chapter. This allows for
registration of "settings" values obtained via
``repoze.bfg.settings.get_settings()`` for use in unit tests.
- The name ``root`` is available as an attribute of the request
slightly earlier now (before a NewRequest event is emitted).
``root`` is the result of the application "root factory".
- Added ``max_age`` parameter to ``authtktauthenticationpolicy`` ZCML
directive. If this value is set, it must be an integer representing
the number of seconds which the auth tkt cookie will survive.
Mainly, its existence allows the auth_tkt cookie to survive across
browser sessions.
Bug Fixes
- Fix bug encountered during "scan" (when ``<scan ..>`` directive is
used in ZCML) introduced in 1.1a7. Symptom: ``AttributeError:
object has no attribute __provides__`` raised at startup time.
- The ``reissue_time`` argument to the ``authtktauthenticationpolicy``
ZCML directive now actually works. When it is set to an integer
value, an authticket set-cookie header is appended to the response
whenever a request requires authentication and 'now' minus the
authticket's timestamp is greater than ``reissue_time`` seconds.
- Add a chapter titled "Request and Response" to the narrative
documentation, content cribbed from the WebOb documentation.
- Call out predicate attributes of ZCML directive within "Views"
- Fix route_url documentation (``_query`` argument documented as
``query`` and ``_anchor`` argument documented as ``anchor``).
Backwards Incompatibilities
- The ``authtkt`` authentication policy ``remember`` method now no
longer honors ``token`` or ``userdata`` keyword arguments.
- Change how ``bfg_view`` decorator works when used as a class method
decorator. In 1.1a7, the``scan``directive actually tried to grope
every class in scanned package at startup time, calling ``dir``
against each found class, and subsequently invoking ``getattr``
against each thing found by ``dir`` to see if it was a method. This
led to some strange symptoms (e.g. ``AttributeError: object has no
attribute __provides__``), and was generally just a bad idea. Now,
instead of groping classes for methods at startup time, we just
cause the ``bfg_view`` decorator itself to populate the method's
class' ``__dict__`` when it is used as a method decorator. This
also requires a nasty _getframe thing but it's slightly less nasty
than the startup time groping behavior. This is essentially a
reversion back to 1.1a6 "grokking" behavior plus some special magic
for using the ``bfg_view`` decorator as method decorator inside the
``bfg_view`` class itself.
- The router now checks for a ``global_response_headers`` attribute of
the request object before returning a response. If this value
exists, it is presumed to be a sequence of two-tuples, representing
a set of headers to append to the 'normal' response headers. This
feature is internal, rather than exposed externally, because it's
unclear whether it will stay around in the long term. It was added
to support the ``reissue_time`` feature of the authtkt
authentication policy.
- The interface ITraverserFactory is now just an alias for ITraverser.
1.1a7 (2009-10-18)
- More than one ``@bfg_view`` decorator may now be stacked on top of
any number of others. Each invocation of the decorator registers a
single view configuration. For instance, the following combination
of decorators and a function will register two view configurations
for the same view callable::
from repoze.bfg.view import bfg_view
def edit(context, request):
This makes it possible to associate more than one view configuration
with a single callable without requiring any ZCML.
- The ``@bfg_view`` decorator can now be used against a class method::
from webob import Response
from repoze.bfg.view import bfg_view
class MyView(object):
def __init__(self, context, request):
self.context = context
self.request = request
def amethod(self):
return Response('hello from %s!' % self.context)
When the bfg_view decorator is used against a class method, a view
is registered for the *class* (it's a "class view" where the "attr"
happens to be the name of the method it is attached to), so the
class it's defined within must have a suitable constructor: one that
accepts ``context, request`` or just ``request``.
- Added ``Changing the Traverser`` and ``Changing How
:mod:`repoze.bfg.url.model_url` Generates a URL`` to the "Hooks"
narrative chapter of the docs.
- Remove ```` and imports of it within ````. In
the new world, and as per virtualenv setup instructions, people will
already have either setuptools or distribute.
1.1a6 (2009-10-15)
- Add ``xhr``, ``accept``, and ``header`` view configuration
predicates to ZCML view declaration, ZCML route declaration, and
``bfg_view`` decorator. See the ``Views`` narrative documentation
chapter for more information about these predicates.
- Add ``setUp`` and ``tearDown`` functions to the
``repoze.bfg.testing`` module. Using ``setUp`` in a test setup and
``tearDown`` in a test teardown is now the recommended way to do
component registry setup and teardown. Previously, it was
recommended that a single function named
``repoze.bfg.testing.cleanUp`` be called in both the test setup and
tear down. ``repoze.bfg.testing.cleanUp`` still exists (and will
exist "forever" due to its widespread use); it is now just an alias
for ``repoze.bfg.testing.setUp`` and is nominally deprecated.
- The BFG component registry is now available in view and event
subscriber code as an attribute of the request
ie. ``request.registry``. This fact is currently undocumented
except for this note, because BFG developers never need to interact
with the registry directly anywhere else.
- The BFG component registry now inherits from ``dict``, meaning that
it can optionally be used as a simple dictionary. *Component*
registrations performed against it via e.g. ``registerUtility``,
``registerAdapter``, and similar API methods are kept in a
completely separate namespace than its dict members, so using the
its component API methods won't effect the keys and values in the
dictionary namespace. Likewise, though the component registry
"happens to be" a dictionary, use of mutating dictionary methods
such as ``__setitem__`` will have no influence on any component
registrations made against it. In other words, the registry object
you obtain via e.g. ``repoze.bfg.threadlocal.get_current_registry``
or ``request.registry`` happens to be both a component registry and
a dictionary, but using its component-registry API won't impact data
added to it via its dictionary API and vice versa. This is a
forward compatibility move based on the goals of "marco".
- Expose and document ``repoze.bfg.testing.zcml_configure`` API. This
function populates a component registry from a ZCML file for testing
purposes. It is documented in the "Unit and Integration Testing"
- Virtual hosting narrative docs chapter updated with info about
- Point all index URLs at the literal 1.1 index (this alpha cycle may
go on a while).
- Various tutorial test modules updated to use
``repoze.bfg.testing.setUp`` and ``repoze.bfg.testing.tearDown``
methods in order to encourage this as best practice going forward.
- Added "Creating Integration Tests" section to unit testing narrative
documentation chapter. As a result, the name of the unittesting
chapter is now "Unit and Integration Testing".
Backwards Incompatibilities
- Importing ``getSiteManager`` and ``get_registry`` from
``repoze.bfg.registry`` is no longer supported. These imports were
deprecated in repoze.bfg 1.0. Import of ``getSiteManager`` should
be done as ``from zope.component import getSiteManager``. Import of
``get_registry`` should be done as ``from repoze.bfg.threadlocal
import get_current_registry``. This was done to prevent a circular
import dependency.
- Code bases which alternately invoke both
``zope.testing.cleanup.cleanUp`` and ``repoze.bfg.testing.cleanUp``
(treating them equivalently, using them interchangeably) in the
setUp/tearDown of unit tests will begin to experience test failures
due to lack of test isolation. The "right" mechanism is
``repoze.bfg.testing.cleanUp`` (or the combination of
``repoze.bfg.testing.setUp`` and
``repoze.bfg.testing.tearDown``). but a good number of legacy
codebases will use ``zope.testing.cleanup.cleanUp`` instead. We
support ``zope.testing.cleanup.cleanUp`` but not in combination with
``repoze.bfg.testing.cleanUp`` in the same codebase. You should use
one or the other test cleanup function in a single codebase, but not
- Created new ``repoze.bfg.configuration`` module which assumes
responsibilities previously held by the ``repoze.bfg.registry`` and
``repoze.bfg.router`` modules (avoid a circular import dependency).
- The result of the ``zope.component.getSiteManager`` function in unit
tests set up with ``repoze.bfg.testing.cleanUp`` or
``repoze.bfg.testing.setUp`` will be an instance of
``repoze.bfg.registry.Registry`` instead of the global
``zope.component.globalregistry.base`` registry. This also means
that the threadlocal ZCA API functions such as ``getAdapter`` and
``getUtility`` as well as internal BFG machinery (such as
``model_url`` and ``route_url``) will consult this registry within
unit tests. This is a forward compatibility move based on the goals
of "marco".
- Removed ``repoze.bfg.testing.addCleanUp`` function and associated
module-scope globals. This was never an API.
1.1a5 (2009-10-10)
- Change "Traversal + ZODB" and "URL Dispatch + SQLAlchemy" Wiki
tutorials to make use of the new-to-1.1 "renderer" feature (return
dictionaries from all views).
- Add tests to the "URL Dispatch + SQLAlchemy" tutorial after the
"view" step.
- Added a diagram of model graph traversal to the "Traversal"
narrative chapter of the documentation.
- An ``exceptions`` API chapter was added, documenting the new
``repoze.bfg.exceptions`` module.
- Describe "request-only" view calling conventions inside the
urldispatch narrative chapter, where it's most helpful.
- Add a diagram which explains the operation of the BFG router to the
"Router" narrative chapter.
- Add a new ``repoze.bfg.testing`` API: ``registerRoute``, for
registering routes to satisfy calls to
e.g. ``repoze.bfg.url.route_url`` in unit tests.
- The ``notfound`` and ``forbidden`` ZCML directives now accept the
following addtional attributes: ``attr``, ``renderer``, and
``wrapper``. These have the same meaning as they do in the context
of a ZCML ``view`` directive.
- For behavior like Django's ``APPEND_SLASH=True``, use the
``repoze.bfg.view.append_slash_notfound_view`` view as the Not Found
view in your application. When this view is the Not Found view
(indicating that no view was found), and any routes have been
defined in the configuration of your application, if the value of
``PATH_INFO`` does not already end in a slash, and if the value of
``PATH_INFO`` *plus* a slash matches any route's path, do an HTTP
redirect to the slash-appended PATH_INFO. Note that this will
*lose* ``POST`` data information (turning it into a GET), so you
shouldn't rely on this to redirect POST requests.
- Speed up ``repoze.bfg.location.lineage`` slightly.
- Speed up ``repoze.bfg.encode.urlencode`` (nee'
``repoze.bfg.url.urlencode``) slightly.
- Speed up ``repoze.bfg.traversal.model_path``.
- Speed up ``repoze.bfg.traversal.model_path_tuple`` slightly.
- Speed up ``repoze.bfg.traversal.traverse`` slightly.
- Speed up ``repoze.bfg.url.model_url`` slightly.
- Speed up ``repoze.bfg.url.route_url`` slightly.
- Sped up ``repoze.bfg.traversal.ModelGraphTraverser:__call__``
- Minor speedup of ``repoze.bfg.router.Router.__call__``.
- New ``repoze.bfg.exceptions`` module was created to house exceptions
that were previously sprinkled through various modules.
- Move ``repoze.bfg.traversal._url_quote`` into ``repoze.bfg.encode``
as ``url_quote``.
- The import of ``repoze.bfg.view.NotFound`` is deprecated in favor of
``repoze.bfg.exceptions.NotFound``. The old location still
functions, but emits a deprecation warning.
- The import of ```` is deprecated in
favor of ``repoze.bfg.exceptions.Forbidden``. The old location
still functions but emits a deprecation warning. The rename from
``Unauthorized`` to ``Forbidden`` brings parity to the the name of
the exception and the system view it invokes when raised.
Backwards Incompatibilities
- We previously had a Unicode-aware wrapper for the
``urllib.urlencode`` function named ``repoze.bfg.url.urlencode``
which delegated to the stdlib function, but which marshalled all
unicode values to utf-8 strings before calling the stdlib version.
A newer replacement now lives in ``repoze.bfg.encode`` The
replacement does not delegate to the stdlib.
The replacement diverges from the stdlib implementation and the
previous ``repoze.bfg.url`` url implementation inasmuch as its
``doseq`` argument is now a decoy: it always behaves in the
``doseq=True`` way (which is the only sane behavior) for speed
The old import location (``repoze.bfg.url.urlencode``) still
functions and has not been deprecated.
- In 0.8a7, the return value expected from an object implementing
``ITraverserFactory`` was changed from a sequence of values to a
dictionary containing the keys ``context``, ``view_name``,
``subpath``, ``traversed``, ``virtual_root``, ``virtual_root_path``,
and ``root``. Until now, old-style traversers which returned a
sequence have continued to work but have generated a deprecation
warning. In this release, traversers which return a sequence
instead of a dictionary will no longer work.
1.1a4 (2009-09-23)
Bug Fixes
- On 64-bit Linux systems, views that were members of a multiview
(orderings of views with predicates) were not evaluated in the
proper order. Symptom: in a configuration that had two views with
the same name but one with a ``request_method=POST`` predicate and
one without, the one without the predicate would be called
unconditionally (even if the request was a POST request). Thanks
much to Sebastien Douche for providing the buildbots that pointed
this out.
- Added a tutorial which explains how to use ``repoze.session``
(ZODB-based sessions) in a ZODB-based repoze.bfg app.
- Added a tutorial which explains how to add ZEO to a ZODB-based
``repoze.bfg`` application.
- Added a tutorial which explains how to run a ``repoze.bfg``
application under `mod_wsgi <>`_.
See "Running a repoze.bfg Application under mod_wsgi" in the
tutorials section of the documentation.
- Add a ``repoze.bfg.url.static_url`` API which is capable of
generating URLs to static resources defined by the ``<static>`` ZCML
directive. See the "Views" narrative chapter's section titled
"Generating Static Resource URLs" for more information.
- Add a ``string`` renderer. This renderer converts a non-Response
return value of any view callble into a string. It is documented in
the "Views" narrative chapter.
- Give the ``route`` ZCML directive the ``view_attr`` and
``view_renderer`` parameters (bring up to speed with 1.1a3
features). These can also be spelled as ``attr`` and ``renderer``.
Backwards Incompatibilities
- An object implementing the ``IRenderer`` interface (and
``ITemplateRenderer`, which is a subclass of ``IRenderer``) must now
accept an extra ``system`` argument in its ``__call__`` method
implementation. Values computed by the system (as opposed to by the
view) are passed by the system in the ``system`` parameter, which
will always be a dictionary. Keys in the dictionary include:
``view`` (the view object that returned the value),
``renderer_name`` (the template name or simple name of the
renderer), ``context`` (the context object passed to the view), and
``request`` (the request object passed to the view). Previously
only ITemplateRenderers received system arguments as elements inside
the main ``value`` dictionary.
- The way ``bfg_view`` declarations are scanned for has been modified.
This should have no external effects.
- Speed: do not register an ITraverserFactory in configure.zcml;
instead rely on queryAdapter and a manual default to
- Speed: do not register an IContextURL in configure.zcml; instead
rely on queryAdapter and a manual default to TraversalContextURL.
- General speed microimprovements for helloworld benchmark: replace
try/excepts with statements which use 'in' keyword.
1.1a3 (2009-09-16)
- The "Views" narrative chapter in the documentation has been updated
extensively to discuss "renderers".
- A ``renderer`` attribute has been added to view configurations,
replacing the previous (1.1a2) version's ``template`` attribute. A
"renderer" is an object which accepts the return value of a view and
converts it to a string. This includes, but is not limited to,
templating systems.
- A new interface named ``IRenderer`` was added. The existing
interface, ``ITemplateRenderer`` now derives from this new
interface. This interface is internal.
- A new interface named ``IRendererFactory`` was added. An existing
interface named ``ITemplateRendererFactory`` now derives from this
interface. This interface is internal.
- The ``view`` attribute of the ``view`` ZCML directive is no longer
required if the ZCML directive also has a ``renderer`` attribute.
This is useful when the renderer is a template renderer and no names
need be passed to the template at render time.
- A new zcml directive ``renderer`` has been added. It is documented
in the "Views" narrative chapter of the documentation.
- A ZCML ``view`` directive (and the associated ``bfg_view``
decorator) can now accept a "wrapper" value. If a "wrapper" value
is supplied, it is the value of a separate view's *name* attribute.
When a view with a ``wrapper`` attribute is rendered, the "inner"
view is first rendered normally. Its body is then attached to the
request as "wrapped_body", and then a wrapper view name is looked up
and rendered (using ``repoze.bfg.render_view_to_response``), passed
the request and the context. The wrapper view is assumed to do
something sensible with ``request.wrapped_body``, usually inserting
its structure into some other rendered template. This feature makes
it possible to specify (potentially nested) "owrap" relationships
between views using only ZCML or decorators (as opposed always using
ZPT METAL and analogues to wrap view renderings in outer wrappers).
- When used under Python < 2.6, BFG now has an installation time
dependency on the ``simplejson`` package.
- The ``repoze.bfg.testing.registerDummyRenderer`` API has been
deprecated in favor of
``repoze.bfg.testing.registerTemplateRenderer``. A deprecation
warning is *not* issued at import time for the former name; it will
exist "forever"; its existence has been removed from the
documentation, however.
- The ``repoze.bfg.templating.renderer_from_cache`` function has been
moved to ``repoze.bfg.renderer.template_renderer_factory``. This
was never an API, but code in the wild was spotted that used it. A
deprecation warning is issued at import time for the former.
Backwards Incompatibilities
- The ``ITemplateRenderer`` interface has been changed. Previously
its ``__call__`` method accepted ``**kw``. It now accepts a single
positional parameter named ``kw`` (REVISED: it accepts two
positional parameters as of 1.1a4: ``value`` and ``system``). This
is mostly an internal change, but it was exposed in APIs in one
place: if you've used the
``repoze.bfg.testing.registerDummyRenderer`` API in your tests with
a custom "renderer" argument with your own renderer implementation,
you will need to change that renderer implementation to accept
``kw`` instead of ``**kw`` in its ``__call__`` method (REVISED: make
it accept ``value`` and ``system`` positional arguments as of 1.1a4).
- The ``ITemplateRendererFactory`` interface has been changed.
Previously its ``__call__`` method accepted an ``auto_reload``
keyword parameter. Now its ``__call__`` method accepts no keyword
parameters. Renderers are now themselves responsible for
determining details of auto-reload. This is purely an internal
change. This interface was never external.
- The ``template_renderer`` ZCML directive introduced in 1.1a2 has
been removed. It has been replaced by the ``renderer`` directive.
- The previous release (1.1a2) added a view configuration attribute
named ``template``. In this release, the attribute has been renamed
to ``renderer``. This signifies that the attribute is more generic:
it can now be not just a template name but any renderer name (ala
- In the previous release (1.1a2), the Chameleon text template
renderer was used if the system didn't associate the ``template``
view configuration value with a filename with a "known" extension.
In this release, you must use a ``renderer`` attribute which is a
path that ends with a ``.txt`` extension
(e.g. ``templates/foo.txt``) to use the Chameleon text renderer.
1.1a2 (2009-09-14)
- A ZCML ``view`` directive (and the associated ``bfg_view``
decorator) can now accept an "attr" value. If an "attr" value is
supplied, it is considered a method named of the view object to be
called when the response is required. This is typically only good
for views that are classes or instances (not so useful for
functions, as functions typically have no methods other than
- A ZCML ``view`` directive (and the associated ``bfg_view``
decorator) can now accept a "template" value. If a "template" value
is supplied, and the view callable returns a dictionary, the
associated template is rendered with the dictionary as keyword
arguments. See the section named "Views That Have a ``template``"
in the "Views" narrative documentation chapter for more information.
1.1a1 (2009-09-06)
Bug Fixes
- "tests" module removed from the bfg_alchemy paster template; these
tests didn't work.
- Bugfix: the ``discriminator`` for the ZCML "route" directive was
incorrect. It was possible to register two routes that collided
without the system spitting out a ConfigurationConflictError at
startup time.
- Feature addition: view predicates. These are exposed as the
``request_method``, ``request_param``, and ``containment``
attributes of a ZCML ``view`` declaration, or the respective
arguments to a ``@bfg_view`` decorator. View predicates can be used
to register a view for a more precise set of environment parameters
than was previously possible. For example, you can register two
views with the same ``name`` with different ``request_param``
attributes. If the ``request.params`` dict contains 'foo'
(request_param="foo"), one view might be called; if it contains
'bar' (request_param="bar"), another view might be called.
``request_param`` can also name a key/value pair ala ``foo=123``.
This will match only when the ``foo`` key is in the request.params
dict and it has the value '123'. This particular example makes it
possible to write separate view functions for different form
submissions. The other predicates, ``containment`` and
``request_method`` work similarly. ``containment`` is a view
predicate that will match only when the context's graph lineage has
an object possessing a particular class or interface, for example.
``request_method`` is a view predicate that will match when the HTTP
``REQUEST_METHOD`` equals some string (eg. 'POST').
- The ``@bfg_view`` decorator now accepts three additional arguments:
``request_method``, ``request_param``, and ``containment``.
``request_method`` is used when you'd like the view to match only a
request with a particular HTTP ``REQUEST_METHOD``; a string naming
the ``REQUEST_METHOD`` can also be supplied as ``request_type`` for
backwards compatibility. ``request_param`` is used when you'd like
a view to match only a request that contains a particular
``request.params`` key (with or without a value). ``containment``
is used when you'd like to match a request that has a context that
has some class or interface in its graph lineage. These are
collectively known as "view predicates".
- The ``route`` ZCML directive now honors ``view_request_method``,
``view_request_param`` and ``view_containment`` attributes, which
pass along these values to the associated view if any is provided.
Additionally, the ``request_type`` attribute can now be spelled as
``view_request_type``, and ``permission`` can be spelled as
``view_permission``. Any attribute which starts with ``view_`` can
now be spelled without the ``view_`` prefix, so ``view_for`` can be
spelled as ``for`` now, etc. Both forms are documented in the
urldispatch narraitve documentation chapter.
- The ``request_param`` ZCML view directive attribute (and its
``bfg_view`` decorator cousin) can now specify both a key and a
value. For example, ``request_param="foo=123"`` means that the foo
key must have a value of ``123`` for the view to "match".
- Allow ``repoze.bfg.traversal.find_interface`` API to use a class
object as the argument to compare against the ``model`` passed in.
This means you can now do ``find_interface(model, SomeClass)`` and
the first object which is found in the lineage which has
``SomeClass`` as its class (or the first object found which has
``SomeClass`` as any of its superclasses) will be returned.
- Added ``static`` ZCML directive which registers a route for a view
that serves up files in a directory. See the "Views" narrative
documentation chapter's "Serving Static Resources Using a ZCML
Directive" section for more information.
- The ``repoze.bfg.view.static`` class now accepts a string as its
first argument ("root_dir") that represents a package-relative name
e.g. ``somepackage:foo/bar/static``. This is now the preferred
mechanism for spelling package-relative static paths using this
class. A ``package_name`` keyword argument has been left around for
backwards compatibility. If it is supplied, it will be honored.
- The API ``repoze.bfg.testing.registerView`` now takes a
``permission`` argument. Use this instead of using
- The ordering of route declarations vs. the ordering of view
declarations that use a "route_name" in ZCML no longer matters.
Previously it had been impossible to use a route_name from a route
that had not yet been defined in ZCML (order-wise) within a "view"
- The repoze.bfg router now catches both
```` and
``repoze.bfg.view.NotFound`` exceptions while rendering a view.
When the router catches an ``Unauthorized``, it returns the
registered forbidden view. When the router catches a ``NotFound``,
it returns the registered notfound view.
- Change urldispatch internals: Route object is now constructed using
a path, a name, and a factory instead of a name, a matcher, a
generator, and a factory.
- Move (non-API) default_view, default_forbidden_view, and
default_notfound_view functions into the ``repoze.bfg.view`` module
(moved from ``repoze.bfg.router``).
- Removed ViewPermissionFactory from ````. View
permission checking is now done by registering and looking up an
- The ``static`` ZCML directive now uses a custom root factory when
constructing a route.
- The interface ``IRequestFactories`` was removed from the
repoze.bfg.interfaces module. This interface was never an API.
- The function named ``named_request_factories`` and the data
structure named ``DEFAULT_REQUEST_FACTORIES`` have been removed from
the ``repoze.bfg.request`` module. These were never APIs.
- The ``IViewPermissionFactory`` interface has been removed. This was
never an API.
- Request-only-convention examples in the "Views" narrative
documentation were broken.
- Fixed documentation bugs related to forget and remember in security API
- Fixed documentation for ``repoze.bfg.view.static`` (in narrative
``Views`` chapter).
- The API ``repoze.bfg.testing.registerViewPermission`` has been
Backwards Incompatibilities
- The interfaces ``IPOSTRequest``, ``IGETRequest``, ``IPUTRequest``,
``IDELETERequest``, and ``IHEADRequest`` have been removed from the
``repoze.bfg.interfaces`` module. These were not documented as APIs
post-1.0. Instead of using one of these, use a ``request_method``
ZCML attribute or ``request_method`` bfg_view decorator parameter
containing an HTTP method name (one of ``GET``, ``POST``, ``HEAD``,
``PUT``, ``DELETE``) instead of one of these interfaces if you were
using one explicitly. Passing a string in the set (``GET``,
``HEAD``, ``PUT``, ``POST``, ``DELETE``) as a ``request_type``
argument will work too. Rationale: instead of relying on interfaces
attached to the request object, BFG now uses a "view predicate" to
determine the request type.
- Views registered without the help of the ZCML ``view`` directive are
now responsible for performing their own authorization checking.
- The ``registry_manager`` backwards compatibility alias importable
from "repoze.bfg.registry", deprecated since repoze.bfg 0.9 has been
removed. If you are tring to use the registry manager within a
debug script of your own, use a combination of the
"repoze.bfg.paster.get_app" and "repoze.bfg.scripting.get_root" APIs
- The ``INotFoundAppFactory`` interface has been removed; it has
been deprecated since repoze.bfg 0.9. If you have something like
the following in your ``configure.zcml``::
<utility provides="repoze.bfg.interfaces.INotFoundAppFactory"
Replace it with something like::
See "Changing the Not Found View" in the "Hooks" chapter of the
documentation for more information.
- The ``IUnauthorizedAppFactory`` interface has been removed; it has
been deprecated since repoze.bfg 0.9. If you have something like
the following in your ``configure.zcml``::
<utility provides="repoze.bfg.interfaces.IUnauthorizedAppFactory"
Replace it with something like::
See "Changing the Forbidden View" in the "Hooks" chapter of the
documentation for more information.
- ``ISecurityPolicy``-based security policies, deprecated since
repoze.bfg 0.9, have been removed. If you have something like this
in your ``configure.zcml``, it will no longer work::
If ZCML like the above exists in your application, you will receive
an error at startup time. Instead of the above, you'll need
something like::
This is just an example. See the "Security" chapter of the
repoze.bfg documentation for more information about configuring
security policies.
- Custom ZCML directives which register an authentication or
authorization policy (ala "authtktauthenticationpolicy" or
"aclauthorizationpolicy") should register the policy "eagerly" in
the ZCML directive instead of from within a ZCML action. If an
authentication or authorization policy is not found in the component
registry by the view machinery during deferred ZCML processing, view
security will not work as expected.
1.0.1 (2009-07-22)
- Added support for ``has_resource``, ``resource_isdir``, and
``resource_listdir`` to the resource "OverrideProvider"; this fixes
a bug with a symptom that a file could not be overridden in a
resource directory unless a file with the same name existed in the
original directory being overridden.
- Fixed documentation bug showing invalid test for values from the
``matchdict``: they are stored as attributes of the ``Article``, rather
than subitems.
- Fixed documentation bug showing wrong environment key for the ``matchdict``
produced by the matching route.
- Added a workaround for a bug in Python 2.6, 2.6.1, and 2.6.2 having
to do with a recursion error in the mimetypes module when trying to
serve static files from Paste's FileApp: Symptom: File
"/usr/lib/python2.6/", line 244, in guess_type return
guess_type(url, strict) RuntimeError: maximum recursion depth
exceeded. Thanks to Armin Ronacher for identifying the symptom and
pointing out a fix.
- Minor edits to tutorials for accuracy based on feedback.
- Declared Paste and PasteDeploy dependencies.
1.0 (2009-07-05)
- Retested and added some content to GAE tutorial.
- Edited "Extending" narrative docs chapter.
- Added "Deleting the Database" section to the "Defining Models"
chapter of the traversal wiki tutorial.
- Spell checking of narratives and tutorials.
1.0b2 (2009-07-03)
- ``remoteuserauthenticationpolicy`` ZCML directive didn't work
without an ``environ_key`` directive (didn't match docs).
- Fix ``configure_zcml`` filespec check on Windows. Previously if an
absolute filesystem path including a drive letter was passed as
``filename`` (or as ``configure_zcml`` in the options dict) to
``repoze.bfg.router.make_app``, it would be treated as a
package:resource_name specification.
- Fix inaccuracies and import errors in bfgwiki (traversal+ZODB) and
bfgwiki2 (urldispatch+SA) tutorials.
- Use bfgsite index for all tutorial setup.cfg files.
- Full documentation grammar/style/spelling audit.
1.0b1 (2009-07-02)
- Allow a Paste config file (``configure_zcml``) value or an
environment variable (``BFG_CONFIGURE_ZCML``) to name a ZCML file
(optionally package-relative) that will be used to bootstrap the
application. Previously, the integrator could not influence which
ZCML file was used to do the boostrapping (only the original
application developer could do so).
- Added a "Resources" chapter to the narrative documentation which
explains how to override resources within one package from another
- Added an "Extending" chapter to the narrative documentation which
explains how to extend or modify an existing BFG application using
another Python package and ZCML.
1.0a9 (2009-07-01)
- Make it possible to pass strings in the form
"package_name:relative/path" to APIs like ``render_template``,
``render_template_to_response``, and ``get_template``. Sometimes
the package in which a caller lives is a direct namespace package,
so the module which is returned is semi-useless for navigating from.
In this way, the caller can control the horizontal and vertical of
where things get looked up from.
1.0a8 (2009-07-01)
- Deprecate the ``authentication_policy`` and ``authorization_policy``
arguments to ``repoze.bfg.router.make_app``. Instead, developers
should use the various authentication policy ZCML directives
``remoteuserauthenticationpolicy`` and
``authtktauthenticationpolicy``) and the `aclauthorizationpolicy``
authorization policy directive as described in the changes to the
"Security" narrative documenation chapter and the wiki tutorials.
- Add three new ZCML directives which configure authentication
- ``repozewho1authenticationpolicy``
- ``remoteuserauthenticationpolicy``
- ``authtktauthenticationpolicy``
- Add a new ZCML directive which configures an ACL authorization
policy named ``aclauthorizationpolicy``.
Bug Fixes
- Bug fix: when a ``repoze.bfg.resource.PackageOverrides`` class was
instantiated, and the package it was overriding already had a
``__loader__`` attribute, it would fail at startup time, even if the
``__loader__`` attribute was another PackageOverrides instance. We
now replace any ``__loader__`` that is also a PackageOverrides
instance. Symptom: ``ConfigurationExecutionError: <type
'exceptions.TypeError'>: Package <module 'karl.views' from
already has a __loader__ (probably a module in a zipped egg)``.
1.0a7 (2009-06-30)
- Add a ``reload_resources`` configuration file setting (aka the
``BFG_RELOAD_RESOURCES`` environment variable). When this is set to
true, the server never needs to be restarted when moving files
between directory resource overrides (esp. for templates currently).
- Add a ``reload_all`` configuration file setting (aka the
``BFG_RELOAD_ALL`` environment variable) that implies both
``reload_resources`` and ``reload_templates``.
- The ``static`` helper view class now uses a ``PackageURLParser`` in
order to allow for the overriding of static resources (CSS / logo
files, etc) using the ``resource`` ZCML directive. The
``PackageURLParser`` class was added to a (new) ``static`` module in
BFG; it is a subclass of the ``StaticURLParser`` class in
- The ``repoze.bfg.templating.renderer_from_cache`` function now
checks for the ``reload_resources`` setting; if it's true, it does
not register a template renderer (it won't use the registry as a
template renderer cache).
- Add ``pkg_resources`` to the glossary.
- Update the "Environment" docs to note the existence of
``reload_resources`` and ``reload_all``.
- Updated the ``bfg_alchemy`` paster template to include two views:
the view on the root shows a list of links to records; the view on
a record shows the details for that object.
- Use a colon instead of a tab as the separator between package name
and relpath to form the "spec" when register a ITemplateRenderer.
- Register a ``repoze.bfg.resource.OverrideProvider`` as a
pkg_resources provider only for modules which are known to have
overrides, instead of globally, when a <resource> directive is used
1.0a6 (2009-06-29)
Bug Fixes
- Use ``caller_package`` function instead of ``caller_module``
function within ``templating`` to avoid needing to name the caller
module in resource overrides (actually match docs).
- Make it possible to override templates stored directly in a module
with templates in a subdirectory of the same module, stored directly
within another module, or stored in a subdirectory of another module
(actually match docs).
1.0a5 (2009-06-28)
- A new ZCML directive exists named "resource". This ZCML directive
allows you to override Chameleon templates within a package (both
directories full of templates and individual template files) with
other templates in the same package or within another package. This
allows you to "fake out" a view's use of a template, causing it to
retrieve a different template than the one actually named by a
relative path to a call like
``render_template_to_response('templates/')``. For
example, you can override a template file by doing::
The string passed to "to_override" and "override_with" is named a
"specification". The colon separator in a specification separates
the package name from a package-relative directory name. The colon
and the following relative path are optional. If they are not
specified, the override attempts to resolve every lookup into a
package from the directory of another package. For example::
Individual subdirectories within a package can also be overridden::
If you wish to override a directory with another directory, you must
make sure to attach the slash to the end of both the ``to_override``
specification and the ``override_with`` specification. If you fail
to attach a slash to the end of a specification that points a
directory, you will get unexpected results. You cannot override a
directory specification with a file specification, and vice versa (a
startup error will occur if you try).
You cannot override a resource with itself (a startup error will
occur if you try).
Only individual *package* resources may be overridden. Overrides
will not traverse through subpackages within an overridden package.
This means that if you want to override resources for both
``some.package:templates``, and ``some.package.views:templates``,
you will need to register two overrides.
The package name in a specification may start with a dot, meaning
that the package is relative to the package in which the ZCML file
resides. For example::
Overrides for the same ``to_overrides`` specification can be named
multiple times within ZCML. Each ``override_with`` path will be
consulted in the order defined within ZCML, forming an override
search path.
Resource overrides can actually override resources other than
templates. Any software which uses the ``pkg_resources``
``get_resource_filename``, ``get_resource_stream`` or
``get_resource_string`` APIs will obtain an overridden file when an
override is used. However, the only built-in facility which uses
the ``pkg_resources`` API within BFG is the templating stuff, so we
only call out template overrides here.
- Use the ``pkg_resources`` API to locate template filenames instead
of dead-reckoning using the ``os.path`` module.
- The ``repoze.bfg.templating`` module now uses ``pkg_resources`` to
locate and register template files instead of using an absolute
path name.
1.0a4 (2009-06-25)
- Cause ``:segment`` matches in route paths to put a Unicode-decoded
and URL-dequoted value in the matchdict for the value matched.
Previously a non-decoded non-URL-dequoted string was placed in the
matchdict as the value.
- Cause ``*remainder`` matches in route paths to put a *tuple* in the
matchdict dictionary in order to be able to present Unicode-decoded
and URL-dequoted values for the traversal path. Previously a
non-decoded non-URL-dequoted string was placed in the matchdict as
the value.
- Add optional ``max_age`` keyword value to the ``remember`` method of
``repoze.bfg.authentication.AuthTktAuthenticationPolicy``; if this
value is passed to ``remember``, the generated cookie will have a
corresponding Max-Age value.
- Add information to the URL Dispatch narrative documentation about
path pattern matching syntax.
Bug Fixes
- Make ``route_url`` URL-quote segment replacements during generation.
Remainder segments are not quoted.
1.0a3 (2009-06-24)
Implementation Changes
- ``repoze.bfg`` no longer relies on the Routes package to interpret
URL paths. All known existing ``path`` patterns will continue to
work with the reimplemented logic, which lives in
``repoze.bfg.urldispatch``. ``<route>`` ZCML directives which use
certain attributes (uncommon ones) may not work (see "Backwards
Incompatibilities" below).
Bug Fixes
- ``model_url`` when passed a request that was generated as a result
of a route match would fail in a call to ``route.generate``.
- BFG-on-GAE didn't work due to a corner case bug in the fallback
Python implementation of ``threading.local`` (symptom:
"Initialization arguments are not supported"). Thanks to Michael
Bernstein for the bug report.
- Added a "corner case" explanation to the "Hybrid Apps" chapter
explaining what to do when "the wrong" view is matched.
- Use ``repoze.bfg.url.route_url`` API in tutorials rather than Routes
``url_for`` API.
- Added the ``repoze.bfg.url.route_url`` API. This API allows you to
generate URLs based on ``<route>`` declarations. See the URL
Dispatch narrative chapter and the "repoze.bfg.url" module API
documentation for more information.
Backwards Incompatibilities
- As a result of disusing Routes, using the Routes ``url_for`` API
inside a BFG application (as was suggested by previous iterations of
tutorials) will no longer work. Use the
``repoze.bfg.url.route_url`` method instead.
- The following attributes on the ``<route>`` ZCML directive no longer
work: ``encoding``, ``static``, ``filter``, ``condition_method``,
``condition_subdomain``, ``condition_function``, ``explicit``, or
``subdomains``. These were all Routes features.
- The ``<route>`` ZCML directive no longer supports the
``<requirement>`` subdirective. This was a Routes feature.
1.0a2 (2009-06-23)
Bug Fixes
- The ``bfg_routesalchemy`` paster template app tests failed due to a
mismatch between test and view signatures.
- Add a ``view_for`` attribute to the ``route`` ZCML directive. This
attribute should refer to an interface or a class (ala the ``for``
attribute of the ``view`` ZCML directive).
- Conditional documentation in installation section ("how to install a
Python interpreter").
Backwards Incompatibilities
- The ``callback`` argument of the ``repoze.bfg.authentication``
authentication policies named ``RepozeWho1AuthenticationPolicy``,
``RemoteUserAuthenticationPolicy``, and
``AuthTktAuthenticationPolicy`` now must accept two positional
arguments: the orginal argument accepted by each (userid or
identity) plus a second argument, which will be the current request.
Apologies, this is required to service finding groups when there is
no "global" database connection.
1.0a1 (2009-06-22)
- A new ZCML directive was added named ``notfound``. This ZCML
directive can be used to name a view that should be invoked when the
request can't otherwise be resolved to a view callable. For example::
- A new ZCML directive was added named ``forbidden``. This ZCML
directive can be used to name a view that should be invoked when a
view callable for a request is found, but cannot be invoked due to
an authorization failure. For example::
- Allow views to be *optionally* defined as callables that accept only
a request object, instead of both a context and a request (which
still works, and always will). The following types work as views in
this style:
- functions that accept a single argument ``request``, e.g.::
def aview(request):
- new and old-style classes that have an ``__init__`` method that
accepts ``self, request``, e.g.::
def View(object):
__init__(self, request):
- Arbitrary callables that have a ``__call__`` method that accepts
``self, request``, e.g.::
def AView(object):
def __call__(self, request):
view = AView()
This likely should have been the calling convention all along, as
the request has ``context`` as an attribute already, and with views
called as a result of URL dispatch, having the context in the
arguments is not very useful. C'est la vie.
- Cache the absolute path in the caller's package globals within
``repoze.bfg.path`` to get rid of repeated (expensive) calls to
- Add ``reissue_time`` and ``timeout`` parameters to
constructor. If these are passed, cookies will be reset every so
often (cadged from the same change to repoze.who lately).
- The matchdict related to the matching of a Routes route is available
on the request as the ``matchdict`` attribute:
``request.matchdict``. If no route matched, this attribute will be
- Make 404 responses slightly cheaper by showing
``environ["PATH_INFO"]`` on the notfound result page rather than the
fullly computed URL.
- Move LRU cache implementation into a separate package
- The concepts of traversal and URL dispatch have been unified. It is
now possible to use the same sort of factory as both a traversal
"root factory" and what used to be referred to as a urldispatch
"context factory".
- When the root factory argument (as a first argument) passed to
``repoze.bfg.router.make_app`` is ``None``, a *default* root factory
is used. This is in support of using routes as "root finders"; it
supplants the idea that there is a default
- The `view`` ZCML statement and the ``repoze.bfg.view.bfg_view``
decorator now accept an extra argument: ``route_name``. If a
``route_name`` is specified, it must match the name of a previously
defined ``route`` statement. When it is specified, the view will
only be called when that route matches during a request.
- It is now possible to perfom traversal *after* a route has matched.
Use the pattern ``*traverse`` in a ``<route>`` ``path`` attribute
within ZCML, and the path remainder which it matches will be used as
a traversal path.
- When any route defined matches, the WSGI environment will now
contain a key ``bfg.routes.route`` (the Route object which matched),
and a key ``bfg.routes.matchdict`` (the result of calling route.match).
- Utility registrations against
``repoze.bfg.interfaces.INotFoundView`` and
``repoze.bfg.interfaces.IForbiddenView`` are now deprecated. Use
the ``notfound`` and ``forbidden`` ZCML directives instead (see the
"Hooks" chapter for more information). Such registrations will
continue to work, but the notfound and forbidden directives do
"extra work" to ensure that the callable named by the directive can
be called by the router even if it's a class or
request-argument-only view.
- The ``IRoutesContext``, ``IRoutesContextFactory``, and
``IContextNotFound`` interfaces were removed from
``repoze.bfg.interfaces``. These were never APIs.
- The ``repoze.bfg.urldispatch.RoutesContextNotFound``,
``repoze.bfg.urldispatch.RoutesModelTraverser`` and
``repoze.bfg.urldispatch.RoutesContextURL`` classes were removed.
These were also never APIs.
Backwards Incompatibilities
- Moved the ``repoze.bfg.push`` module, which implemented the ``pushpage``
decorator, into a separate distribution, ``repoze.bfg.pushpage``.
Applications which used this decorator should continue to work after
adding that distribution to their installation requirements.
- Changing the default request factory via an IRequestFactory utility
registration (as used to be documented in the "Hooks" chapter's
"Changing the request factory" section) is no longer supported. The
dance to manufacture a request is complicated as a result of
unifying traversal and url dispatch, making it highly unlikely for
anyone to be able to override it properly. For those who just want
to decorate or modify a request, use a NewRequestEvent subscriber
(see the Events chapter in the documentation).
- The ``repoze.bfg.IRequestFactory`` interface was removed. See the
bullet above for why.
- Routes "context factories" (spelled as the factory argument to a
route statement in ZCML) must now expect the WSGI environ as a
single argument rather than a set of keyword arguments. They can
obtain the match dictionary by asking for
environ['bfg.routes.matchdict']. This is the same set of keywords
that used to be passed to urldispatch "context factories" in BFG 0.9
and below.
- Using the ``@zope.component.adapter`` decorator on a bfg view
function no longer works. Use the ``@repoze.bfg.view.bfg_view``
decorator instead to mark a function (or a class) as a view.
- The name under which the matching route object is found in the
environ was changed from ``bfg.route`` to ``bfg.routes.route``.
- Finding the root is now done *before* manufacturing a request object
(and sending a new request event) within the router (it used to be
performed afterwards).
- Adding ``*path_info`` to a route no longer changes the PATH_INFO for
a request that matches using URL dispatch. This feature was only
there to service the ``repoze.bfg.wsgi.wsgiapp2`` decorator and it
did it wrong; use ``*subpath`` instead now.
- The values of ``subpath``, ``traversed``, and ``virtual_root_path``
attached to the request object are always now tuples instead of
lists (performance).
Bug Fixes
- The ``bfg_alchemy`` Paster template named "" in its
pipeline rather than "repoze.tm2", causing the startup to fail.
- Move BBB logic for registering an
IAuthenticationPolicy/IForbiddenView/INotFoundView based on older
concepts from the router module's ``make_app`` function into the
``repoze.bfg.zcml.zcml_configure`` callable, to service
compatibility with scripts that use "zope.configuration.xmlconfig"
(replace with ``repoze.bfg.zml.zcml_configure`` as necessary to get
BBB logic)
- Add interface docs related to how to create authentication policies
and authorization policies to the "Security" narrative chapter.
- Added a (fairly sad) "Combining Traversal and URL Dispatch" chapter
to the narrative documentation. This explains the usage of
``*traverse`` and ``*subpath`` in routes URL patters.
- A "router" chapter explaining the request/response lifecycle at a
high level was added.
- Replaced all mentions and explanations of a routes "context factory"
with equivalent explanations of a "root factory" (context factories
have been disused).
- Updated Routes bfgwiki2 tutorial to reflect the fact that context
factories are now no longer used.
0.9.1 (2009-06-02)
- Add API named ``repoze.bfg.settings.get_settings`` which retrieves a
derivation of values passed as the ``options`` value of
``repoze.bfg.router.make_app``. This API should be preferred
instead of using getUtility(ISettings). I added a new
``repoze.bfg.settings`` API document as well.
Bug Fixes
- Restored missing entry point declaration for bfg_alchemy paster
template, which was accidentally removed in 0.9.
- Fix a reference to ``wsgiapp`` in the ``wsgiapp2`` API documentation
within the ``repoze.bfg.wsgi`` module.
API Removals
- The ``repoze.bfg.location.locate`` API was removed: it didn't do
enough to be very helpful and had a misleading name.
0.9 (2009-06-01)
Bug Fixes
- It was not possible to register a custom ``IRoutesContextFactory``
for use as a default context factory as documented in the "Hooks"
- The ``request_type`` argument of ZCML ``view`` declarations and
``bfg_view`` decorators can now be one of the strings ``GET``,
``POST``, ``PUT``, ``DELETE``, or ``HEAD`` instead of a reference to
the respective interface type imported from
- The ``route`` ZCML directive now accepts ``request_type`` as an
alias for its ``condition_method`` argument for symmetry with the
``view`` directive.
- The ``bfg_routesalchemy`` paster template now provides a unit test
and actually uses the database during a view rendering.
- Remove ``repoze.bfg.threadlocal.setManager``. It was only used in
unit tests.
- Remove ``repoze.bfg.wsgi.HTTPException``,
``repoze.bfg.wsgi.NotFound``, and ``repoze.bfg.wsgi.Unauthorized``.
These classes were disused with the introduction of the
``IUnauthorizedView`` and ``INotFoundView`` machinery.
- Add description to narrative templating chapter about how to use
Chameleon text templates.
- Changed Views narrative chapter to use method strings rather than
interface types, and moved advanced interface type usage to Events
narrative chapter.
- Added a Routes+SQLAlchemy wiki tutorial.
0.9a8 (2009-05-31)
- It is now possible to register a custom
``repoze.bfg.interfaces.INotFoundView`` for a given application.
This feature replaces the
``repoze.bfg.interfaces.INotFoundAppFactory`` feature previously
described in the Hooks chapter. The INotFoundView will be called
when the framework detects that a view lookup done as a result of a
request fails; it should accept a context object and a request
object; it should return an IResponse object (a webob response,
basically). See the Hooks narrative chapter of the BFG docs for
more info.
- The error presented when a view invoked by the router returns a
non-response object now includes the view's name for troubleshooting
Bug Fixes
- A "new response" event is emitted for forbidden and notfound views.
- The ``repoze.bfg.interfaces.INotFoundAppFactory`` interface has been
deprecated in favor of using the new
``repoze.bfg.interfaces.INotFoundView`` mechanism.
- Renamed ``repoze.bfg.interfaces.IForbiddenResponseFactory`` to
0.9a7 (2009-05-30)
- Remove "context" argument from ``effective_principals`` and
``authenticated_userid`` function APIs in ````,
effectively a doing reversion to 0.8 and before behavior. Both
functions now again accept only the ``request`` parameter.
0.9a6 (2009-05-29)
- Changed "BFG Wiki" tutorial to use AuthTktAuthenticationPolicy
rather than repoze.who.
- Add an AuthTktAuthenticationPolicy. This policy retrieves
credentials from an auth_tkt cookie managed by the application
itself (instead of relying on an upstream data source for
authentication data). See the Security API chapter of the
documentation for more info.
- Allow RemoteUserAuthenticationPolicy and
RepozeWho1AuthenticationPolicy to accept various constructor
arguments. See the Security API chapter of the documentation for
more info.
0.9a5 (2009-05-28)
- Add a ``get_app`` API functions to the ``paster`` module. This
obtains a WSGI application from a config file given a config file
name and a section name. See the ``repoze.bfg.paster`` API docs for
more information.
- Add a new module named ``scripting``. It contains a ``get_root``
API function, which, provided a Router instance, returns a traversal
root object and a "closer". See the ``repoze.bfg.scripting`` API
docs for more info.
0.9a4 (2009-05-27)
Bug Fixes
- Try checking for an "old style" security policy *after* we parse
ZCML (thinko).
0.9a3 (2009-05-27)
- Allow IAuthenticationPolicy and IAuthorizationPolicy to be
overridden via ZCML registrations (do ZCML parsing after
registering these in
- Added "BFG Wiki" tutorial to documentation; it describes
step-by-step how to create a traversal-based ZODB application with
- Added deprecations for imports of ``ACLSecurityPolicy``,
``InheritingACLSecurityPolicy``, ``RemoteUserACLSecurityPolicy``,
``RemoteUserInheritingACLSecurityPolicy``, ``WhoACLSecurityPolicy``,
and ``WhoInheritingACLSecurityPolicy`` from the
```` module; for the meantime (for backwards
compatibility purposes) these live in the ``repoze.bfg.secpols``
module. Note however, that the entire concept of a "security
policy" is deprecated in BFG in favor of separate authentication and
authorization policies, so any use of a security policy will
generate additional deprecation warnings even if you do start using
``repoze.bfg.secpols``. ``repoze.bfg.secpols`` will disappear in a
future release of ``repoze.bfg``.
Deprecated Import Alias Removals
- Remove ``repoze.bfg.template`` module. All imports from this
package have been deprecated since 0.3.8. Instead, import
``get_template``, ``render_template``, and
``render_template_to_response`` from the
``repoze.bfg.chameleon_zpt`` module.
- Remove backwards compatibility import alias for
``repoze.bfg.traversal.split_path`` (deprecated since 0.6.5). This
must now be imported as ``repoze.bfg.traversal.traversal_path``).
- Remove backwards compatibility import alias for
``repoze.bfg.urldispatch.RoutesContext`` (deprecated since 0.6.5).
This must now be imported as
- Removed backwards compatibility import aliases for
``repoze.bfg.router.get_options`` and ``repoze.bfg.router.Settings``
(deprecated since 0.6.2). These both must now be imported from
- Removed backwards compatibility import alias for
``repoze.bfg.interfaces.IRootPolicy`` (deprecated since 0.6.2). It
must be imported as ``repoze.bfg.interfaces.IRootFactory`` now.
- Removed backwards compatibility import alias for
``repoze.bfg.interfaces.ITemplate`` (deprecated since 0.4.4). It
must be imported as ``repoze.bfg.interfaces.ITemplateRenderer`` now.
- Removed backwards compatibility import alias for
``repoze.bfg.interfaces.ITemplateFactory`` (deprecated since 0.4.4).
It must be imported as
``repoze.bfg.interfaces.ITemplateRendererFactory`` now.
- Removed backwards compatibility import alias for
``repoze.bfg.chameleon_zpt.ZPTTemplateFactory`` (deprecated since
0.4.4). This must be imported as ``repoze.bfg.ZPTTemplateRenderer``
0.9a2 (2009-05-27)
- A paster command has been added named "bfgshell". This command can
be used to get an interactive prompt with your BFG root object in
the global namespace. E.g.::
bin/paster bfgshell /path/to/myapp.ini myapp
See the ``Project`` chapter in the BFG documentation for more
- The name ``repoze.bfg.registry.registry_manager`` was never an API,
but scripts in the wild were using it to set up an environment for
use under a debug shell. A backwards compatibility shim has been
added for this purpose, but the feature is deprecated.
0.9a1 (2009-5-27)
- New API functions named ``forget`` and ``remember`` are available in
the ``security`` module. The ``forget`` function returns headers
which will cause the currently authenticated user to be logged out
when set in a response. The ``remember`` function (when passed the
proper arguments) will return headers which will cause a principal
to be "logged in" when set in a response. See the Security API
chapter of the docs for more info.
- New keyword arguments to the ``repoze.bfg.router.make_app`` call
have been added: ``authentication_policy`` and
``authorization_policy``. These should, respectively, be an
implementation of an authentication policy (an object implementing