diff options
| -rw-r--r-- | CHANGES.txt | 11 | ||||
| -rw-r--r-- | TODO.txt | 5 | ||||
| -rw-r--r-- | docs/narr/assets.rst | 2 |
3 files changed, 11 insertions, 7 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 7bd878fca..84b53b341 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,6 +1,14 @@ Next release ============ +Features +-------- + +- The AuthTktAuthenticationPolicy now accepts a ``tokens`` parameter via + ``pyramid.security.remember``. The value must be a sequence of strings. + Tokens are placed into the auth_tkt "tokens" field and returned in the + auth_tkt cookie. + Documentation ------------- @@ -299,9 +307,6 @@ Bug Fixes Features -------- -- When using the auth_tkt authentication plugin accept a ``tokens`` parameter - in :py:func:`pyramid.security.remember`. - - If a resource implements a ``__resource_url__`` method, it will be called as the result of invoking the ``pyramid.url.resource_url`` function to generate a URL, overriding the default logic. See the new "Generating The @@ -66,6 +66,8 @@ Must-Have (before 1.0) Should-Have ----------- +- Nicer Mako exceptions in WebError. + - Consider adding a default exception view for HTTPException and attendant ``redirect`` and ``abort`` functions ala Pylons. @@ -90,9 +92,6 @@ Should-Have - Make it possible to get at ACLDenied data from Forbidden response in exceptionview. -- ``config.meta`` or ``config.extend`` classmethod which adds a new method - ("directive") to the Configurator class. - Nice-to-Have ------------ diff --git a/docs/narr/assets.rst b/docs/narr/assets.rst index b1c1c419c..ee2e0440e 100644 --- a/docs/narr/assets.rst +++ b/docs/narr/assets.rst @@ -137,7 +137,7 @@ The value of the ``permission`` argument represents the :term:`permission` that the user must have relative to the current :term:`context` when the static view is invoked. A user will be required to possess this permission to view any of the files represented by ``path`` of the static view. If your -static resources must be protected by a more complex authorization scheme, +static assets must be protected by a more complex authorization scheme, see :ref:`advanced_static`. Here's another example that uses an :term:`asset specification` instead of an |