diff options
| -rw-r--r-- | CHANGES.txt | 12 | ||||
| -rw-r--r-- | docs/conf.py | 2 | ||||
| -rw-r--r-- | docs/narr/project.rst | 4 | ||||
| -rw-r--r-- | docs/narr/security.rst | 69 | ||||
| -rw-r--r-- | docs/tutorials/wiki/src/authorization/tutorial/__init__.py | 6 | ||||
| -rw-r--r-- | docs/tutorials/wiki/src/tests/tutorial/__init__.py | 6 | ||||
| -rw-r--r-- | docs/tutorials/wiki2/src/authorization/tutorial/__init__.py | 6 | ||||
| -rw-r--r-- | docs/tutorials/wiki2/src/tests/tutorial/__init__.py | 6 | ||||
| -rw-r--r-- | docs/whatsnew-1.3.rst | 15 | ||||
| -rw-r--r-- | pyramid/config/views.py | 12 | ||||
| -rw-r--r-- | pyramid/tests/test_config/test_views.py | 59 | ||||
| -rw-r--r-- | setup.py | 2 |
12 files changed, 136 insertions, 63 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index ba90c3bad..ea86526b0 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,5 +1,5 @@ -Unreleased -========== +1.3a6 (2012-01-20) +================== Features -------- @@ -21,6 +21,14 @@ Bug Fixes a different view that had the same predicate arguments. See https://github.com/Pylons/pyramid/pull/404 for more information. +- When using a dotted name for a ``view`` argument to + ``Configurator.add_view`` that pointed to a class with a ``view_defaults`` + decorator, the view defaults would not be applied. See + https://github.com/Pylons/pyramid/issues/396 . + +- Static URL paths were URL-quoted twice. See + https://github.com/Pylons/pyramid/issues/407 . + 1.3a5 (2012-01-09) ================== diff --git a/docs/conf.py b/docs/conf.py index 2ab56cadf..3496bd38c 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -80,7 +80,7 @@ copyright = '%s, Agendaless Consulting' % datetime.datetime.now().year # other places throughout the built documents. # # The short X.Y version. -version = '1.3a5' +version = '1.3a6' # The full version, including alpha/beta/rc tags. release = version diff --git a/docs/narr/project.rst b/docs/narr/project.rst index 5696b0b73..eb8867c6b 100644 --- a/docs/narr/project.rst +++ b/docs/narr/project.rst @@ -118,11 +118,11 @@ your application, or install your application for deployment or development. A ``.ini`` file named ``development.ini`` will be created in the project directory. You will use this ``.ini`` file to configure a server, to run -your application, and to debug your application. It sports configuration +your application, and to debug your application. It contains configuration that enables an interactive debugger and settings optimized for development. Another ``.ini`` file named ``production.ini`` will also be created in the -project directory. It sports configuration that disables any interactive +project directory. It contains configuration that disables any interactive debugger (to prevent inappropriate access and disclosure), and turns off a number of debugging settings. You can use this file to put your application into production. diff --git a/docs/narr/security.rst b/docs/narr/security.rst index 1ad35b961..07ec0f21e 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -73,16 +73,15 @@ to enable an authorization policy. Enabling an Authorization Policy Imperatively ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Passing an ``authorization_policy`` argument to the constructor of the -:class:`~pyramid.config.Configurator` class enables an -authorization policy. +Use the :meth:`~pyramid.config.Configurator.set_authorization_policy` method +of the :class:`~pyramid.config.Configurator` to enable an authorization +policy. -You must also enable an :term:`authentication policy` in order to -enable the authorization policy. This is because authorization, in -general, depends upon authentication. Use the -``authentication_policy`` argument to the -:class:`~pyramid.config.Configurator` class during -application setup to specify an authentication policy. +You must also enable an :term:`authentication policy` in order to enable the +authorization policy. This is because authorization, in general, depends +upon authentication. Use the +:meth:`~pyramid.config.Configurator.set_authentication_policy` and method +during application setup to specify the authentication policy. For example: @@ -95,13 +94,14 @@ For example: from pyramid.authorization import ACLAuthorizationPolicy authentication_policy = AuthTktAuthenticationPolicy('seekrit') authorization_policy = ACLAuthorizationPolicy() - config = Configurator(authentication_policy=authentication_policy, - authorization_policy=authorization_policy) + config = Configurator() + config.set_authentication_policy(authentication_policy) + config.set_authorization_policy(authorization_policy) .. note:: the ``authentication_policy`` and ``authorization_policy`` - arguments may also be passed to the Configurator as :term:`dotted - Python name` values, each representing the dotted name path to a - suitable implementation global defined at Python module scope. + arguments may also be passed to their respective methods mentioned above + as :term:`dotted Python name` values, each representing the dotted name + path to a suitable implementation global defined at Python module scope. The above configuration enables a policy which compares the value of an "auth ticket" cookie passed in the request's environment which contains a reference @@ -110,9 +110,9 @@ to a single :term:`principal` against the principals present in any :term:`view`. While it is possible to mix and match different authentication and -authorization policies, it is an error to pass an authentication -policy without the authorization policy or vice versa to a -:term:`Configurator` constructor. +authorization policies, it is an error to configure a Pyramid application +with an authentication policy but without the authorization policy or vice +versa. If you do this, you'll receive an error at application startup time. See also the :mod:`pyramid.authorization` and :mod:`pyramid.authentication` modules for alternate implementations @@ -188,13 +188,8 @@ In support of making it easier to configure applications which are the permission string to all view registrations which don't otherwise name a ``permission`` argument. -These APIs are in support of configuring a default permission for an -application: - -- The ``default_permission`` constructor argument to the - :mod:`~pyramid.config.Configurator` constructor. - -- The :meth:`pyramid.config.Configurator.set_default_permission` method. +The :meth:`pyramid.config.Configurator.set_default_permission` method +supports configuring a default permission for an application. When a default permission is registered: @@ -605,8 +600,8 @@ that implements the following interface: current user on subsequent requests. """ After you do so, you can pass an instance of such a class into the -:class:`~pyramid.config.Configurator` class at configuration -time as ``authentication_policy`` to use it. +:class:`~pyramid.config.Configurator.set_authentication_policy` method +configuration time to use it. .. index:: single: authorization policy (creating) @@ -616,18 +611,16 @@ time as ``authentication_policy`` to use it. Creating Your Own Authorization Policy -------------------------------------- -An authorization policy is a policy that allows or denies access after -a user has been authenticated. By default, :app:`Pyramid` will use -the :class:`pyramid.authorization.ACLAuthorizationPolicy` if an -authentication policy is activated and an authorization policy isn't -otherwise specified. +An authorization policy is a policy that allows or denies access after a user +has been authenticated. Most :app:`Pyramid` applications will use the +default :class:`pyramid.authorization.ACLAuthorizationPolicy`. -In some cases, it's useful to be able to use a different +However, in some cases, it's useful to be able to use a different authorization policy than the default -:class:`~pyramid.authorization.ACLAuthorizationPolicy`. For -example, it might be desirable to construct an alternate authorization -policy which allows the application to use an authorization mechanism -that does not involve :term:`ACL` objects. +:class:`~pyramid.authorization.ACLAuthorizationPolicy`. For example, it +might be desirable to construct an alternate authorization policy which +allows the application to use an authorization mechanism that does not +involve :term:`ACL` objects. :app:`Pyramid` ships with only a single default authorization policy, so you'll need to create your own if you'd like to use a @@ -655,5 +648,5 @@ following interface: used.""" After you do so, you can pass an instance of such a class into the -:class:`~pyramid.config.Configurator` class at configuration -time as ``authorization_policy`` to use it. +:class:`~pyramid.config.Configurator.set_authorization_policy` method at +configuration time to use it. diff --git a/docs/tutorials/wiki/src/authorization/tutorial/__init__.py b/docs/tutorials/wiki/src/authorization/tutorial/__init__.py index 20ee685ee..6989145d8 100644 --- a/docs/tutorials/wiki/src/authorization/tutorial/__init__.py +++ b/docs/tutorials/wiki/src/authorization/tutorial/__init__.py @@ -17,9 +17,9 @@ def main(global_config, **settings): authn_policy = AuthTktAuthenticationPolicy(secret='sosecret', callback=groupfinder) authz_policy = ACLAuthorizationPolicy() - config = Configurator(root_factory=root_factory, settings=settings, - authentication_policy=authn_policy, - authorization_policy=authz_policy) + config = Configurator(root_factory=root_factory, settings=settings) + config.set_authentication_policy(authn_policy) + config.set_authorization_policy(authz_policy) config.add_static_view('static', 'static', cache_max_age=3600) config.scan() return config.make_wsgi_app() diff --git a/docs/tutorials/wiki/src/tests/tutorial/__init__.py b/docs/tutorials/wiki/src/tests/tutorial/__init__.py index 20ee685ee..6989145d8 100644 --- a/docs/tutorials/wiki/src/tests/tutorial/__init__.py +++ b/docs/tutorials/wiki/src/tests/tutorial/__init__.py @@ -17,9 +17,9 @@ def main(global_config, **settings): authn_policy = AuthTktAuthenticationPolicy(secret='sosecret', callback=groupfinder) authz_policy = ACLAuthorizationPolicy() - config = Configurator(root_factory=root_factory, settings=settings, - authentication_policy=authn_policy, - authorization_policy=authz_policy) + config = Configurator(root_factory=root_factory, settings=settings) + config.set_authentication_policy(authn_policy) + config.set_authorization_policy(authz_policy) config.add_static_view('static', 'static', cache_max_age=3600) config.scan() return config.make_wsgi_app() diff --git a/docs/tutorials/wiki2/src/authorization/tutorial/__init__.py b/docs/tutorials/wiki2/src/authorization/tutorial/__init__.py index 04dd5fe82..7e290a1e1 100644 --- a/docs/tutorials/wiki2/src/authorization/tutorial/__init__.py +++ b/docs/tutorials/wiki2/src/authorization/tutorial/__init__.py @@ -17,9 +17,9 @@ def main(global_config, **settings): 'sosecret', callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, - root_factory='tutorial.models.RootFactory', - authentication_policy=authn_policy, - authorization_policy=authz_policy) + root_factory='tutorial.models.RootFactory') + config.set_authentication_policy(authn_policy) + config.set_authorization_policy(authz_policy) config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('view_wiki', '/') config.add_route('login', '/login') diff --git a/docs/tutorials/wiki2/src/tests/tutorial/__init__.py b/docs/tutorials/wiki2/src/tests/tutorial/__init__.py index 04dd5fe82..7e290a1e1 100644 --- a/docs/tutorials/wiki2/src/tests/tutorial/__init__.py +++ b/docs/tutorials/wiki2/src/tests/tutorial/__init__.py @@ -17,9 +17,9 @@ def main(global_config, **settings): 'sosecret', callback=groupfinder) authz_policy = ACLAuthorizationPolicy() config = Configurator(settings=settings, - root_factory='tutorial.models.RootFactory', - authentication_policy=authn_policy, - authorization_policy=authz_policy) + root_factory='tutorial.models.RootFactory') + config.set_authentication_policy(authn_policy) + config.set_authorization_policy(authz_policy) config.add_static_view('static', 'static', cache_max_age=3600) config.add_route('view_wiki', '/') config.add_route('login', '/login') diff --git a/docs/whatsnew-1.3.rst b/docs/whatsnew-1.3.rst index ee4e2ccb5..ed7024f62 100644 --- a/docs/whatsnew-1.3.rst +++ b/docs/whatsnew-1.3.rst @@ -240,6 +240,16 @@ Minor Feature Additions - We allow extra keyword arguments to be passed to the :meth:`pyramid.config.Configurator.action` method. +- New API: :meth:`pyramid.config.Configurator.set_request_property`. Add lazy + property descriptors to a request without changing the request factory. + This method provides conflict detection and is the suggested way to add + properties to a request. + +- Responses generated by Pyramid's :class:`pyramid.views.static_view` now use + a ``wsgi.file_wrapper`` (see + http://www.python.org/dev/peps/pep-0333/#optional-platform-specific-file-handling) + when one is provided by the web server. + Backwards Incompatibilities --------------------------- @@ -300,6 +310,11 @@ Backwards Incompatibilities ``add_route`` as a pattern, it will now fail at startup time. Use Unicode instead. +- The ``path_info`` route and view predicates now match against + ``request.upath_info`` (Unicode) rather than ``request.path_info`` + (indeterminate value based on Python 3 vs. Python 2). This has to be done + to normalize matching on Python 2 and Python 3. + Documentation Enhancements -------------------------- diff --git a/pyramid/config/views.py b/pyramid/config/views.py index 89a0d77c5..0359c46f7 100644 --- a/pyramid/config/views.py +++ b/pyramid/config/views.py @@ -567,17 +567,18 @@ class MultiView(object): raise PredicateMismatch(self.name) def viewdefaults(wrapped): - def wrapper(*arg, **kw): + def wrapper(self, *arg, **kw): defaults = {} - if len(arg) > 1: - view = arg[1] + if arg: + view = arg[0] else: view = kw.get('view') + view = self.maybe_dotted(view) if inspect.isclass(view): defaults = getattr(view, '__view_defaults__', {}).copy() defaults.update(kw) defaults['_backframes'] = 3 # for action_method - return wrapped(*arg, **defaults) + return wrapped(self, *arg, **defaults) return wraps(wrapped)(wrapper) class ViewsConfiguratorMixin(object): @@ -1544,11 +1545,12 @@ class StaticURLInfo(object): registry = get_current_registry() for (url, spec, route_name) in self._get_registrations(registry): if path.startswith(spec): - subpath = url_quote(path[len(spec):]) + subpath = path[len(spec):] if url is None: kw['subpath'] = subpath return request.route_url(route_name, **kw) else: + subpath = url_quote(subpath) return urljoin(url, subpath) raise ValueError('No static URL definition matching %s' % path) diff --git a/pyramid/tests/test_config/test_views.py b/pyramid/tests/test_config/test_views.py index dd96579b7..4af29325a 100644 --- a/pyramid/tests/test_config/test_views.py +++ b/pyramid/tests/test_config/test_views.py @@ -1474,6 +1474,40 @@ class TestViewsConfigurationMixin(unittest.TestCase): context = DummyContext() request = self._makeRequest(config) self.assertRaises(PredicateMismatch, wrapper, context, request) + + def test_add_view_with_view_defaults_viewname_is_dottedname_kwarg(self): + from pyramid.renderers import null_renderer + from pyramid.exceptions import PredicateMismatch + from zope.interface import directlyProvides + config = self._makeOne(autocommit=True) + config.add_view( + view='pyramid.tests.test_config.test_views.DummyViewDefaultsClass', + renderer=null_renderer) + wrapper = self._getViewCallable(config) + context = DummyContext() + directlyProvides(context, IDummy) + request = self._makeRequest(config) + self.assertEqual(wrapper(context, request), 'OK') + context = DummyContext() + request = self._makeRequest(config) + self.assertRaises(PredicateMismatch, wrapper, context, request) + + def test_add_view_with_view_defaults_viewname_is_dottedname_nonkwarg(self): + from pyramid.renderers import null_renderer + from pyramid.exceptions import PredicateMismatch + from zope.interface import directlyProvides + config = self._makeOne(autocommit=True) + config.add_view( + 'pyramid.tests.test_config.test_views.DummyViewDefaultsClass', + renderer=null_renderer) + wrapper = self._getViewCallable(config) + context = DummyContext() + directlyProvides(context, IDummy) + request = self._makeRequest(config) + self.assertEqual(wrapper(context, request), 'OK') + context = DummyContext() + request = self._makeRequest(config) + self.assertRaises(PredicateMismatch, wrapper, context, request) def test_add_view_with_view_config_and_view_defaults_doesnt_conflict(self): from pyramid.renderers import null_renderer @@ -3508,6 +3542,18 @@ class TestStaticURLInfo(unittest.TestCase): result = inst.generate('package:path/', request) self.assertEqual(result, 'http://example.com/foo/') + def test_generate_quoting(self): + config = testing.setUp() + try: + config.add_static_view('images', path='mypkg:templates') + inst = self._makeOne() + request = testing.DummyRequest() + request.registry = config.registry + result = inst.generate('mypkg:templates/foo%2Fbar', request) + self.assertEqual(result, 'http://example.com/images/foo%252Fbar') + finally: + testing.tearDown() + def test_generate_route_url(self): inst = self._makeOne() registrations = [(None, 'package:path/', '__viewname/')] @@ -3521,13 +3567,13 @@ class TestStaticURLInfo(unittest.TestCase): result = inst.generate('package:path/abc', request, a=1) self.assertEqual(result, 'url') - def test_generate_url_quoted_local(self): + def test_generate_url_unquoted_local(self): inst = self._makeOne() registrations = [(None, 'package:path/', '__viewname/')] inst._get_registrations = lambda *x: registrations def route_url(n, **kw): self.assertEqual(n, '__viewname/') - self.assertEqual(kw, {'subpath':'abc%20def', 'a':1}) + self.assertEqual(kw, {'subpath':'abc def', 'a':1}) return 'url' request = self._makeRequest() request.route_url = route_url @@ -3745,3 +3791,12 @@ class DummyStaticURLInfo: def add(self, config, name, spec, **kw): self.added.append((config, name, spec, kw)) + +class DummyViewDefaultsClass(object): + __view_defaults__ = { + 'containment':'pyramid.tests.test_config.IDummy' + } + def __init__(self, request): + pass + def __call__(self): + return 'OK' @@ -56,7 +56,7 @@ if not PY3: ]) setup(name='pyramid', - version='1.3a5', + version='1.3a6', description=('The Pyramid web application development framework, a ' 'Pylons project'), long_description=README + '\n\n' + CHANGES, |