diff options
| author | Michael Merickel <michael@merickel.org> | 2020-01-14 00:02:04 -0600 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2020-01-14 00:25:06 -0600 |
| commit | f486795cb4a92784fa1082bd69bebd84bf6d1366 (patch) | |
| tree | ddff9350d413babcf320c6ef873d3adeb8823b40 /CHANGES.rst | |
| parent | 8b6efc3cfbf9accc6bf2a009e124dee2b3c04840 (diff) | |
| download | pyramid-f486795cb4a92784fa1082bd69bebd84bf6d1366.tar.gz pyramid-f486795cb4a92784fa1082bd69bebd84bf6d1366.tar.bz2 pyramid-f486795cb4a92784fa1082bd69bebd84bf6d1366.zip | |
update changelog and docs
Diffstat (limited to 'CHANGES.rst')
| -rw-r--r-- | CHANGES.rst | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/CHANGES.rst b/CHANGES.rst index 8159cea36..f1ccdf8e6 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -7,6 +7,19 @@ Features - Add support for Python 3.8. See https://github.com/Pylons/pyramid/pull/3547 +- New security APIs have been added to support a massive overhaul of the + authentication and authorization system. Read + "Upgrading Authentication/Authorization" in the "What's New in Pyramid 2.0" + document for information about using this new system. + + - ``pyramid.config.Configurator.set_security_policy``. + - ``pyramid.interfaces.ISecurityPolicy`` + - ``pyramid.request.Request.authenticated_identity``. + - ``pyramid.authentication.SessionAuthenticationHelper`` + - ``pyramid.authorization.ACLHelper`` + + See https://github.com/Pylons/pyramid/pull/3465 + - Changed the default ``serializer`` on ``pyramid.session.SignedCookieSessionFactory`` to use ``pyramid.session.JSONSerializer`` instead of @@ -94,9 +107,55 @@ Features and then we want to cache the data for the duration of the request. See https://github.com/Pylons/pyramid/pull/3561 +- Exposed ``pyramid.authorization.ALL_PERMISSIONS`` and + ``pyramid.authorization.DENY_ALL`` such that all of the ACL-related constants + are now importable from the ``pyramid.authorization`` namespace. + See https://github.com/Pylons/pyramid/pull/3563 + Deprecations ------------ +- Deprecated the authentication and authorization interfaces and + principal-based support. See "Upgrading Authentication/Authorization" in + the "What's New in Pyramid 2.0" document for information on equivalent APIs + and notes on upgrading. The following APIs are deprecated as a result of + this change: + + - ``pyramid.config.Configurator.set_authentication_policy`` + - ``pyramid.config.Configurator.set_authorization_policy`` + - ``pyramid.interfaces.IAuthenticationPolicy`` + - ``pyramid.interfaces.IAuthorizationPolicy`` + - ``pyramid.request.Request.effective_principals`` + - ``pyramid.request.Request.unauthenticated_userid`` + - ``pyramid.authentication.AuthTktAuthenticationPolicy`` + - ``pyramid.authentication.RemoteUserAuthenticationPolicy`` + - ``pyramid.authentication.RepozeWho1AuthenticationPolicy`` + - ``pyramid.authentication.SessionAuthenticationPolicy`` + - ``pyramid.authentication.BasicAuthAuthenticationPolicy`` + - ``pyramid.authorization.ACLAuthorizationPolicy`` + - The ``effective_principals`` view and route predicates. + + See https://github.com/Pylons/pyramid/pull/3465 + +- Deprecated ``pyramid.security.principals_allowed_by_permission``. This + method continues to work with the deprecated + ``pyramid.interfaces.IAuthorizationPolicy`` interface but will not work with + the new ``pyramid.interfaces.ISecurityPolicy``. + See https://github.com/Pylons/pyramid/pull/3465 + +- Deprecated several ACL-related aspects of ``pyramid.security``. Equivalent + objects should now be imported from the ``pyramid.authorization`` namespace. + This includes: + + - ``pyramid.security.Everyone`` + - ``pyramid.security.Authenticated`` + - ``pyramid.security.ALL_PERMISSIONS`` + - ``pyramid.security.DENY_ALL`` + - ``pyramid.security.ACLAllowed`` + - ``pyramid.security.ACLDenied`` + + See https://github.com/Pylons/pyramid/pull/3563 + - Deprecated ``pyramid.session.PickleSerializer``. See https://github.com/pylons/pyramid/issues/2709 and https://github.com/pylons/pyramid/pull/3353 |