diff options
| -rw-r--r-- | CHANGES.txt | 684 | ||||
| -rw-r--r-- | HISTORY.txt | 680 | ||||
| -rw-r--r-- | README.rst | 2 | ||||
| -rw-r--r-- | RELEASING.txt | 8 | ||||
| -rw-r--r-- | docs/conf.py | 2 | ||||
| -rw-r--r-- | docs/index.rst | 1 | ||||
| -rw-r--r-- | docs/whatsnew-1.6.rst | 170 | ||||
| -rw-r--r-- | setup.py | 2 |
8 files changed, 857 insertions, 692 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 471683d25..a9e159275 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,5 +1,5 @@ -Next release -============ +1.6 (2015-04-14) +================ Features -------- @@ -233,683 +233,3 @@ Scaffolds - You can now run the scaffolding func tests via ``tox py2-scaffolds`` and ``tox py3-scaffolds``. -1.5 (2014-04-08) -================ - -- Avoid crash in ``pserve --reload`` under Py3k, when iterating over possibly - mutated ``sys.modules``. - -- ``UnencryptedCookieSessionFactoryConfig`` failed if the secret contained - higher order characters. See https://github.com/Pylons/pyramid/issues/1246 - -- Fixed a bug in ``UnencryptedCookieSessionFactoryConfig`` and - ``SignedCookieSessionFactory`` where ``timeout=None`` would cause a new - session to always be created. Also in ``SignedCookieSessionFactory`` a - ``reissue_time=None`` would cause an exception when modifying the session. - See https://github.com/Pylons/pyramid/issues/1247 - -- Updated docs and scaffolds to keep in step with new 2.0 release of - ``Lingua``. This included removing all ``setup.cfg`` files from scaffolds - and documentation environments. - -1.5b1 (2014-02-08) -================== - -Features --------- - -- We no longer eagerly clear ``request.exception`` and ``request.exc_info`` in - the exception view tween. This makes it possible to inspect exception - information within a finished callback. See - https://github.com/Pylons/pyramid/issues/1223. - -1.5a4 (2014-01-28) -================== - -Features --------- - -- Updated scaffolds with new theme, fixed documentation and sample project. - -Bug Fixes ---------- - -- Depend on a newer version of WebOb so that we pull in some crucial bug-fixes - that were showstoppers for functionality in Pyramid. - -- Add a trailing semicolon to the JSONP response. This fixes JavaScript syntax - errors for old IE versions. See https://github.com/Pylons/pyramid/pull/1205 - -- Fix a memory leak when the configurator's ``set_request_property`` method was - used or when the configurator's ``add_request_method`` method was used with - the ``property=True`` attribute. See - https://github.com/Pylons/pyramid/issues/1212 . - -1.5a3 (2013-12-10) -================== - -Features --------- - -- An authorization API has been added as a method of the - request: ``request.has_permission``. - - ``request.has_permission`` is a method-based alternative to the - ``pyramid.security.has_permission`` API and works exactly the same. The - older API is now deprecated. - -- Property API attributes have been added to the request for easier access to - authentication data: ``request.authenticated_userid``, - ``request.unauthenticated_userid``, and ``request.effective_principals``. - - These are analogues, respectively, of - ``pyramid.security.authenticated_userid``, - ``pyramid.security.unauthenticated_userid``, and - ``pyramid.security.effective_principals``. They operate exactly the same, - except they are attributes of the request instead of functions accepting a - request. They are properties, so they cannot be assigned to. The older - function-based APIs are now deprecated. - -- Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be run - directly, allowing custom arguments to be sent to the python interpreter - at runtime. For example:: - - python -3 -m pyramid.scripts.pserve development.ini - -- Added a specific subclass of ``HTTPBadRequest`` named - ``pyramid.exceptions.BadCSRFToken`` which will now be raised in response - to failures in ``check_csrf_token``. - See https://github.com/Pylons/pyramid/pull/1149 - -- Added a new ``SignedCookieSessionFactory`` which is very similar to the - ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing - content. The custom serializer arguments to this function should only focus - on serializing, unlike its predecessor which required the serializer to also - perform signing. See https://github.com/Pylons/pyramid/pull/1142 . Note - that cookies generated using ``SignedCookieSessionFactory`` are not - compatible with cookies generated using ``UnencryptedCookieSessionFactory``, - so existing user session data will be destroyed if you switch to it. - -- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie - factory that can be used by framework implementors to create their own - session implementations. It provides a reusable API which focuses strictly - on providing a dictionary-like object that properly handles renewals, - timeouts, and conformance with the ``ISession`` API. - See https://github.com/Pylons/pyramid/pull/1142 - -- The anchor argument to ``pyramid.request.Request.route_url`` and - ``pyramid.request.Request.resource_url`` and their derivatives will now be - escaped via URL quoting to ensure minimal conformance. See - https://github.com/Pylons/pyramid/pull/1183 - -- Allow sending of ``_query`` and ``_anchor`` options to - ``pyramid.request.Request.static_url`` when an external URL is being - generated. - See https://github.com/Pylons/pyramid/pull/1183 - -- You can now send a string as the ``_query`` argument to - ``pyramid.request.Request.route_url`` and - ``pyramid.request.Request.resource_url`` and their derivatives. When a - string is sent instead of a list or dictionary. it is URL-quoted however it - does not need to be in ``k=v`` form. This is useful if you want to be able - to use a different query string format than ``x-www-form-urlencoded``. See - https://github.com/Pylons/pyramid/pull/1183 - -- ``pyramid.testing.DummyRequest`` now has a ``domain`` attribute to match the - new WebOb 1.3 API. Its value is ``example.com``. - -Bug Fixes ---------- - -- Fix the ``pcreate`` script so that when the target directory name ends with a - slash it does not produce a non-working project directory structure. - Previously saying ``pcreate -s starter /foo/bar/`` produced different output - than saying ``pcreate -s starter /foo/bar``. The former did not work - properly. - -- Fix the ``principals_allowed_by_permission`` method of - ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__`` - on resources. Previously it did not try to call the ``__acl__`` - if it was callable. - -- The ``pviews`` script did not work when a url required custom request - methods in order to perform traversal. Custom methods and descriptors added - via ``pyramid.config.Configurator.add_request_method`` will now be present, - allowing traversal to continue. - See https://github.com/Pylons/pyramid/issues/1104 - -- Remove unused ``renderer`` argument from ``Configurator.add_route``. - -- Allow the ``BasicAuthenticationPolicy`` to work with non-ascii usernames - and passwords. The charset is not passed as part of the header and different - browsers alternate between UTF-8 and Latin-1, so the policy now attempts - to decode with UTF-8 first, and will fallback to Latin-1. - See https://github.com/Pylons/pyramid/pull/1170 - -- The ``@view_defaults`` now apply to notfound and forbidden views - that are defined as methods of a decorated class. - See https://github.com/Pylons/pyramid/issues/1173 - -Documentation -------------- - -- Added a "Quick Tutorial" to go with the Quick Tour - -- Removed mention of ``pyramid_beaker`` from docs. Beaker is no longer - maintained. Point people at ``pyramid_redis_sessions`` instead. - -- Add documentation for ``pyramid.interfaces.IRendererFactory`` and - ``pyramid.interfaces.IRenderer``. - -Backwards Incompatibilities ---------------------------- - -- The key/values in the ``_query`` parameter of ``request.route_url`` and the - ``query`` parameter of ``request.resource_url`` (and their variants), used - to encode a value of ``None`` as the string ``'None'``, leaving the resulting - query string to be ``a=b&key=None``. The value is now dropped in this - situation, leaving a query string of ``a=b&key=``. - See https://github.com/Pylons/pyramid/issues/1119 - -Deprecations ------------- - -- Deprecate the ``pyramid.interfaces.ITemplateRenderer`` interface. It was - ill-defined and became unused when Mako and Chameleon template bindings were - split into their own packages. - -- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been - deprecated and is superseded by the - ``pyramid.session.SignedCookieSessionFactory``. Note that while the cookies - generated by the ``UnencryptedCookieSessionFactoryConfig`` - are compatible with cookies generated by old releases, cookies generated by - the SignedCookieSessionFactory are not. See - https://github.com/Pylons/pyramid/pull/1142 - -- The ``pyramid.security.has_permission`` API is now deprecated. Instead, use - the newly-added ``has_permission`` method of the request object. - -- The ``pyramid.security.effective_principals`` API is now deprecated. - Instead, use the newly-added ``effective_principals`` attribute of the - request object. - -- The ``pyramid.security.authenticated_userid`` API is now deprecated. - Instead, use the newly-added ``authenticated_userid`` attribute of the - request object. - -- The ``pyramid.security.unauthenticated_userid`` API is now deprecated. - Instead, use the newly-added ``unauthenticated_userid`` attribute of the - request object. - -Dependencies ------------- - -- Pyramid now depends on WebOb>=1.3 (it uses ``webob.cookies.CookieProfile`` - from 1.3+). - -1.5a2 (2013-09-22) -================== - -Features --------- - -- Users can now provide dotted Python names to as the ``factory`` argument - the Configurator methods named ``add_{view,route,subscriber}_predicate`` - (instead of passing the predicate factory directly, you can pass a - dotted name which refers to the factory). - -Bug Fixes ---------- - -- Fix an exception in ``pyramid.path.package_name`` when resolving the package - name for namespace packages that had no ``__file__`` attribute. - -Backwards Incompatibilities ---------------------------- - -- Pyramid no longer depends on or configures the Mako and Chameleon templating - system renderers by default. Disincluding these templating systems by - default means that the Pyramid core has fewer dependencies and can run on - future platforms without immediate concern for the compatibility of its - templating add-ons. It also makes maintenance slightly more effective, as - different people can maintain the templating system add-ons that they - understand and care about without needing commit access to the Pyramid core, - and it allows users who just don't want to see any packages they don't use - come along for the ride when they install Pyramid. - - This means that upon upgrading to Pyramid 1.5a2+, projects that use either - of these templating systems will see a traceback that ends something like - this when their application attempts to render a Chameleon or Mako template:: - - ValueError: No such renderer factory .pt - - Or:: - - ValueError: No such renderer factory .mako - - Or:: - - ValueError: No such renderer factory .mak - - Support for Mako templating has been moved into an add-on package named - ``pyramid_mako``, and support for Chameleon templating has been moved into - an add-on package named ``pyramid_chameleon``. These packages are drop-in - replacements for the old built-in support for these templating langauges. - All you have to do is install them and make them active in your configuration - to register renderer factories for ``.pt`` and/or ``.mako`` (or ``.mak``) to - make your application work again. - - To re-add support for Chameleon and/or Mako template renderers into your - existing projects, follow the below steps. - - If you depend on Mako templates: - - * Make sure the ``pyramid_mako`` package is installed. One way to do this - is by adding ``pyramid_mako`` to the ``install_requires`` section of your - package's ``setup.py`` file and afterwards rerunning ``setup.py develop``:: - - setup( - #... - install_requires=[ - 'pyramid_mako', # new dependency - 'pyramid', - #... - ], - ) - - * Within the portion of your application which instantiates a Pyramid - ``pyramid.config.Configurator`` (often the ``main()`` function in - your project's ``__init__.py`` file), tell Pyramid to include the - ``pyramid_mako`` includeme:: - - config = Configurator(.....) - config.include('pyramid_mako') - - If you depend on Chameleon templates: - - * Make sure the ``pyramid_chameleon`` package is installed. One way to do - this is by adding ``pyramid_chameleon`` to the ``install_requires`` section - of your package's ``setup.py`` file and afterwards rerunning - ``setup.py develop``:: - - setup( - #... - install_requires=[ - 'pyramid_chameleon', # new dependency - 'pyramid', - #... - ], - ) - - * Within the portion of your application which instantiates a Pyramid - ``~pyramid.config.Configurator`` (often the ``main()`` function in - your project's ``__init__.py`` file), tell Pyramid to include the - ``pyramid_chameleon`` includeme:: - - config = Configurator(.....) - config.include('pyramid_chameleon') - - Note that it's also fine to install these packages into *older* Pyramids for - forward compatibility purposes. Even if you don't upgrade to Pyramid 1.5 - immediately, performing the above steps in a Pyramid 1.4 installation is - perfectly fine, won't cause any difference, and will give you forward - compatibility when you eventually do upgrade to Pyramid 1.5. - - With the removal of Mako and Chameleon support from the core, some - unit tests that use the ``pyramid.renderers.render*`` methods may begin to - fail. If any of your unit tests are invoking either - ``pyramid.renderers.render()`` or ``pyramid.renderers.render_to_response()`` - with either Mako or Chameleon templates then the - ``pyramid.config.Configurator`` instance in effect during - the unit test should be also be updated to include the addons, as shown - above. For example:: - - class ATest(unittest.TestCase): - def setUp(self): - self.config = pyramid.testing.setUp() - self.config.include('pyramid_mako') - - def test_it(self): - result = pyramid.renderers.render('mypkg:templates/home.mako', {}) - - Or:: - - class ATest(unittest.TestCase): - def setUp(self): - self.config = pyramid.testing.setUp() - self.config.include('pyramid_chameleon') - - def test_it(self): - result = pyramid.renderers.render('mypkg:templates/home.pt', {}) - -- If you're using the Pyramid debug toolbar, when you upgrade Pyramid to - 1.5a2+, you'll also need to upgrade the ``pyramid_debugtoolbar`` package to - at least version 1.0.8, as older toolbar versions are not compatible with - Pyramid 1.5a2+ due to the removal of Mako support from the core. It's - fine to use this newer version of the toolbar code with older Pyramids too. - -- Removed the ``request.response_*`` varying attributes. These attributes - have been deprecated since Pyramid 1.1, and as per the deprecation policy, - have now been removed. - -- ``request.response`` will no longer be mutated when using the - ``pyramid.renderers.render()`` API. Almost all renderers mutate the - ``request.response`` response object (for example, the JSON renderer sets - ``request.response.content_type`` to ``application/json``), but this is - only necessary when the renderer is generating a response; it was a bug - when it was done as a side effect of calling ``pyramid.renderers.render()``. - -- Removed the ``bfg2pyramid`` fixer script. - -- The ``pyramid.events.NewResponse`` event is now sent **after** response - callbacks are executed. It previously executed before response callbacks - were executed. Rationale: it's more useful to be able to inspect the response - after response callbacks have done their jobs instead of before. - -- Removed the class named ``pyramid.view.static`` that had been deprecated - since Pyramid 1.1. Instead use ``pyramid.static.static_view`` with - ``use_subpath=True`` argument. - -- Removed the ``pyramid.view.is_response`` function that had been deprecated - since Pyramid 1.1. Use the ``pyramid.request.Request.is_response`` method - instead. - -- Removed the ability to pass the following arguments to - ``pyramid.config.Configurator.add_route``: ``view``, ``view_context``. - ``view_for``, ``view_permission``, ``view_renderer``, and ``view_attr``. - Using these arguments had been deprecated since Pyramid 1.1. Instead of - passing view-related arguments to ``add_route``, use a separate call to - ``pyramid.config.Configurator.add_view`` to associate a view with a route - using its ``route_name`` argument. Note that this impacts the - ``pyramid.config.Configurator.add_static_view`` function too, because it - delegates to ``add_route``. - -- Removed the ability to influence and query a ``pyramid.request.Request`` - object as if it were a dictionary. Previously it was possible to use methods - like ``__getitem__``, ``get``, ``items``, and other dictlike methods to - access values in the WSGI environment. This behavior had been deprecated - since Pyramid 1.1. Use methods of ``request.environ`` (a real dictionary) - instead. - -- Removed ancient backwards compatibily hack in - ``pyramid.traversal.DefaultRootFactory`` which populated the ``__dict__`` of - the factory with the matchdict values for compatibility with BFG 0.9. - -- The ``renderer_globals_factory`` argument to the - ``pyramid.config.Configurator` constructor and its ``setup_registry`` method - has been removed. The ``set_renderer_globals_factory`` method of - ``pyramid.config.Configurator`` has also been removed. The (internal) - ``pyramid.interfaces.IRendererGlobals`` interface was also removed. These - arguments, methods and interfaces had been deprecated since 1.1. Use a - ``BeforeRender`` event subscriber as documented in the "Hooks" chapter of the - Pyramid narrative documentation instead of providing renderer globals values - to the configurator. - -Deprecations ------------- - -- The ``pyramid.config.Configurator.set_request_property`` method now issues - a deprecation warning when used. It had been docs-deprecated in 1.4 - but did not issue a deprecation warning when used. - -1.5a1 (2013-08-30) -================== - -Features --------- - -- A new http exception subclass named ``pyramid.httpexceptions.HTTPSuccessful`` - was added. You can use this class as the ``context`` of an exception - view to catch all 200-series "exceptions" (e.g. "raise HTTPOk"). This - also allows you to catch *only* the ``HTTPOk`` exception itself; previously - this was impossible because a number of other exceptions - (such as ``HTTPNoContent``) inherited from ``HTTPOk``, but now they do not. - -- You can now generate "hybrid" urldispatch/traversal URLs more easily - by using the new ``route_name``, ``route_kw`` and ``route_remainder_name`` - arguments to ``request.resource_url`` and ``request.resource_path``. See - the new section of the "Combining Traversal and URL Dispatch" documentation - chapter entitled "Hybrid URL Generation". - -- It is now possible to escape double braces in Pyramid scaffolds (unescaped, - these represent replacement values). You can use ``\{\{a\}\}`` to - represent a "bare" ``{{a}}``. See - https://github.com/Pylons/pyramid/pull/862 - -- Add ``localizer`` and ``locale_name`` properties (reified) to the request. - See https://github.com/Pylons/pyramid/issues/508. Note that the - ``pyramid.i18n.get_localizer`` and ``pyramid.i18n.get_locale_name`` functions - now simply look up these properties on the request. - -- Add ``pdistreport`` script, which prints the Python version in use, the - Pyramid version in use, and the version number and location of all Python - distributions currently installed. - -- Add the ability to invert the result of any view, route, or subscriber - predicate using the ``not_`` class. For example:: - - from pyramid.config import not_ - - @view_config(route_name='myroute', request_method=not_('POST')) - def myview(request): ... - - The above example will ensure that the view is called if the request method - is not POST (at least if no other view is more specific). - - The ``pyramid.config.not_`` class can be used against any value that is - a predicate value passed in any of these contexts: - - - ``pyramid.config.Configurator.add_view`` - - - ``pyramid.config.Configurator.add_route`` - - - ``pyramid.config.Configurator.add_subscriber`` - - - ``pyramid.view.view_config`` - - - ``pyramid.events.subscriber`` - -- ``scripts/prequest.py``: add support for submitting ``PUT`` and ``PATCH`` - requests. See https://github.com/Pylons/pyramid/pull/1033. add support for - submitting ``OPTIONS`` and ``PROPFIND`` requests, and allow users to specify - basic authentication credentials in the request via a ``--login`` argument to - the script. See https://github.com/Pylons/pyramid/pull/1039. - -- ``ACLAuthorizationPolicy`` supports ``__acl__`` as a callable. This - removes the ambiguity between the potential ``AttributeError`` that would - be raised on the ``context`` when the property was not defined and the - ``AttributeError`` that could be raised from any user-defined code within - a dynamic property. It is recommended to define a dynamic ACL as a callable - to avoid this ambiguity. See https://github.com/Pylons/pyramid/issues/735. - -- Allow a protocol-relative URL (e.g. ``//example.com/images``) to be passed to - ``pyramid.config.Configurator.add_static_view``. This allows - externally-hosted static URLs to be generated based on the current protocol. - -- The ``AuthTktAuthenticationPolicy`` has two new options to configure its - domain usage: - - * ``parent_domain``: if set the authentication cookie is set on - the parent domain. This is useful if you have multiple sites sharing the - same domain. - * ``domain``: if provided the cookie is always set for this domain, bypassing - all usual logic. - - See https://github.com/Pylons/pyramid/pull/1028, - https://github.com/Pylons/pyramid/pull/1072 and - https://github.com/Pylons/pyramid/pull/1078. - -- The ``AuthTktAuthenticationPolicy`` now supports IPv6 addresses when using - the ``include_ip=True`` option. This is possibly incompatible with - alternative ``auth_tkt`` implementations, as the specification does not - define how to properly handle IPv6. See - https://github.com/Pylons/pyramid/issues/831. - -- Make it possible to use variable arguments via - ``pyramid.paster.get_appsettings``. This also allowed the generated - ``initialize_db`` script from the ``alchemy`` scaffold to grow support - for options in the form ``a=1 b=2`` so you can fill in - values in a parameterized ``.ini`` file, e.g. - ``initialize_myapp_db etc/development.ini a=1 b=2``. - See https://github.com/Pylons/pyramid/pull/911 - -- The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view - predicate now take into account the value of the HTTP header named - ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they - always did). The header is tried when the form parameter does not exist. - -- View lookup will now search for valid views based on the inheritance - hierarchy of the context. It tries to find views based on the most - specific context first, and upon predicate failure, will move up the - inheritance chain to test views found by the super-type of the context. - In the past, only the most specific type containing views would be checked - and if no matching view could be found then a PredicateMismatch would be - raised. Now predicate mismatches don't hide valid views registered on - super-types. Here's an example that now works:: - - class IResource(Interface): - - ... - - @view_config(context=IResource) - def get(context, request): - - ... - - @view_config(context=IResource, request_method='POST') - def post(context, request): - - ... - - @view_config(context=IResource, request_method='DELETE') - def delete(context, request): - - ... - - @implementer(IResource) - class MyResource: - - ... - - @view_config(context=MyResource, request_method='POST') - def override_post(context, request): - - ... - - Previously the override_post view registration would hide the get - and delete views in the context of MyResource -- leading to a - predicate mismatch error when trying to use GET or DELETE - methods. Now the views are found and no predicate mismatch is - raised. - See https://github.com/Pylons/pyramid/pull/786 and - https://github.com/Pylons/pyramid/pull/1004 and - https://github.com/Pylons/pyramid/pull/1046 - -- The ``pserve`` command now takes a ``-v`` (or ``--verbose``) flag and a - ``-q`` (or ``--quiet``) flag. Output from running ``pserve`` can be - controlled using these flags. ``-v`` can be specified multiple times to - increase verbosity. ``-q`` sets verbosity to ``0`` unconditionally. The - default verbosity level is ``1``. - -- The ``alchemy`` scaffold tests now provide better coverage. See - https://github.com/Pylons/pyramid/pull/1029 - -- The ``pyramid.config.Configurator.add_route`` method now supports being - called with an external URL as pattern. See - https://github.com/Pylons/pyramid/issues/611 and the documentation section - in the "URL Dispatch" chapter entitled "External Routes" for more information. - -Bug Fixes ---------- - -- It was not possible to use ``pyramid.httpexceptions.HTTPException`` as - the ``context`` of an exception view as very general catchall for - http-related exceptions when you wanted that exception view to override the - default exception view. See https://github.com/Pylons/pyramid/issues/985 - -- When the ``pyramid.reload_templates`` setting was true, and a Chameleon - template was reloaded, and the renderer specification named a macro - (e.g. ``foo#macroname.pt``), renderings of the template after the template - was reloaded due to a file change would produce the entire template body - instead of just a rendering of the macro. See - https://github.com/Pylons/pyramid/issues/1013. - -- Fix an obscure problem when combining a virtual root with a route with a - ``*traverse`` in its pattern. Now the traversal path generated in - such a configuration will be correct, instead of an element missing - a leading slash. - -- Fixed a Mako renderer bug returning a tuple with a previous defname value - in some circumstances. See https://github.com/Pylons/pyramid/issues/1037 - for more information. - -- Make the ``pyramid.config.assets.PackageOverrides`` object implement the API - for ``__loader__`` objects specified in PEP 302. Proxies to the - ``__loader__`` set by the importer, if present; otherwise, raises - ``NotImplementedError``. This makes Pyramid static view overrides work - properly under Python 3.3 (previously they would not). See - https://github.com/Pylons/pyramid/pull/1015 for more information. - -- ``mako_templating``: added defensive workaround for non-importability of - ``mako`` due to upstream ``markupsafe`` dropping Python 3.2 support. Mako - templating will no longer work under the combination of MarkupSafe 0.17 and - Python 3.2 (although the combination of MarkupSafe 0.17 and Python 3.3 or any - supported Python 2 version will work OK). - -- Spaces and dots may now be in mako renderer template paths. This was - broken when support for the new makodef syntax was added in 1.4a1. - See https://github.com/Pylons/pyramid/issues/950 - -- ``pyramid.debug_authorization=true`` will now correctly print out - ``Allowed`` for views registered with ``NO_PERMISSION_REQUIRED`` instead - of invoking the ``permits`` method of the authorization policy. - See https://github.com/Pylons/pyramid/issues/954 - -- Pyramid failed to install on some systems due to being packaged with - some test files containing higher order characters in their names. These - files have now been removed. See - https://github.com/Pylons/pyramid/issues/981 - -- ``pyramid.testing.DummyResource`` didn't define ``__bool__``, so code under - Python 3 would use ``__len__`` to find truthiness; this usually caused an - instance of DummyResource to be "falsy" instead of "truthy". See - https://github.com/Pylons/pyramid/pull/1032 - -- The ``alchemy`` scaffold would break when the database was MySQL during - tables creation. See https://github.com/Pylons/pyramid/pull/1049 - -- The ``current_route_url`` method now attaches the query string to the URL by - default. See - https://github.com/Pylons/pyramid/issues/1040 - -- Make ``pserve.cherrypy_server_runner`` Python 3 compatible. See - https://github.com/Pylons/pyramid/issues/718 - -Backwards Incompatibilities ---------------------------- - -- Modified the ``current_route_url`` method in pyramid.Request. The method - previously returned the URL without the query string by default, it now does - attach the query string unless it is overriden. - -- The ``route_url`` and ``route_path`` APIs no longer quote ``/`` - to ``%2F`` when a replacement value contains a ``/``. This was pointless, - as WSGI servers always unquote the slash anyway, and Pyramid never sees the - quoted value. - -- It is no longer possible to set a ``locale_name`` attribute of the request, - nor is it possible to set a ``localizer`` attribute of the request. These - are now "reified" properties that look up a locale name and localizer - respectively using the machinery described in the "Internationalization" - chapter of the documentation. - -- If you send an ``X-Vhm-Root`` header with a value that ends with a slash (or - any number of slashes), the trailing slash(es) will be removed before a URL - is generated when you use use ``request.resource_url`` or - ``request.resource_path``. Previously the virtual root path would not have - trailing slashes stripped, which would influence URL generation. - -- The ``pyramid.interfaces.IResourceURL`` interface has now grown two new - attributes: ``virtual_path_tuple`` and ``physical_path_tuple``. These should - be the tuple form of the resource's path (physical and virtual). - diff --git a/HISTORY.txt b/HISTORY.txt index 242568e98..c30bb2711 100644 --- a/HISTORY.txt +++ b/HISTORY.txt @@ -1,3 +1,683 @@ +1.5 (2014-04-08) +================ + +- Avoid crash in ``pserve --reload`` under Py3k, when iterating over possibly + mutated ``sys.modules``. + +- ``UnencryptedCookieSessionFactoryConfig`` failed if the secret contained + higher order characters. See https://github.com/Pylons/pyramid/issues/1246 + +- Fixed a bug in ``UnencryptedCookieSessionFactoryConfig`` and + ``SignedCookieSessionFactory`` where ``timeout=None`` would cause a new + session to always be created. Also in ``SignedCookieSessionFactory`` a + ``reissue_time=None`` would cause an exception when modifying the session. + See https://github.com/Pylons/pyramid/issues/1247 + +- Updated docs and scaffolds to keep in step with new 2.0 release of + ``Lingua``. This included removing all ``setup.cfg`` files from scaffolds + and documentation environments. + +1.5b1 (2014-02-08) +================== + +Features +-------- + +- We no longer eagerly clear ``request.exception`` and ``request.exc_info`` in + the exception view tween. This makes it possible to inspect exception + information within a finished callback. See + https://github.com/Pylons/pyramid/issues/1223. + +1.5a4 (2014-01-28) +================== + +Features +-------- + +- Updated scaffolds with new theme, fixed documentation and sample project. + +Bug Fixes +--------- + +- Depend on a newer version of WebOb so that we pull in some crucial bug-fixes + that were showstoppers for functionality in Pyramid. + +- Add a trailing semicolon to the JSONP response. This fixes JavaScript syntax + errors for old IE versions. See https://github.com/Pylons/pyramid/pull/1205 + +- Fix a memory leak when the configurator's ``set_request_property`` method was + used or when the configurator's ``add_request_method`` method was used with + the ``property=True`` attribute. See + https://github.com/Pylons/pyramid/issues/1212 . + +1.5a3 (2013-12-10) +================== + +Features +-------- + +- An authorization API has been added as a method of the + request: ``request.has_permission``. + + ``request.has_permission`` is a method-based alternative to the + ``pyramid.security.has_permission`` API and works exactly the same. The + older API is now deprecated. + +- Property API attributes have been added to the request for easier access to + authentication data: ``request.authenticated_userid``, + ``request.unauthenticated_userid``, and ``request.effective_principals``. + + These are analogues, respectively, of + ``pyramid.security.authenticated_userid``, + ``pyramid.security.unauthenticated_userid``, and + ``pyramid.security.effective_principals``. They operate exactly the same, + except they are attributes of the request instead of functions accepting a + request. They are properties, so they cannot be assigned to. The older + function-based APIs are now deprecated. + +- Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be run + directly, allowing custom arguments to be sent to the python interpreter + at runtime. For example:: + + python -3 -m pyramid.scripts.pserve development.ini + +- Added a specific subclass of ``HTTPBadRequest`` named + ``pyramid.exceptions.BadCSRFToken`` which will now be raised in response + to failures in ``check_csrf_token``. + See https://github.com/Pylons/pyramid/pull/1149 + +- Added a new ``SignedCookieSessionFactory`` which is very similar to the + ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing + content. The custom serializer arguments to this function should only focus + on serializing, unlike its predecessor which required the serializer to also + perform signing. See https://github.com/Pylons/pyramid/pull/1142 . Note + that cookies generated using ``SignedCookieSessionFactory`` are not + compatible with cookies generated using ``UnencryptedCookieSessionFactory``, + so existing user session data will be destroyed if you switch to it. + +- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie + factory that can be used by framework implementors to create their own + session implementations. It provides a reusable API which focuses strictly + on providing a dictionary-like object that properly handles renewals, + timeouts, and conformance with the ``ISession`` API. + See https://github.com/Pylons/pyramid/pull/1142 + +- The anchor argument to ``pyramid.request.Request.route_url`` and + ``pyramid.request.Request.resource_url`` and their derivatives will now be + escaped via URL quoting to ensure minimal conformance. See + https://github.com/Pylons/pyramid/pull/1183 + +- Allow sending of ``_query`` and ``_anchor`` options to + ``pyramid.request.Request.static_url`` when an external URL is being + generated. + See https://github.com/Pylons/pyramid/pull/1183 + +- You can now send a string as the ``_query`` argument to + ``pyramid.request.Request.route_url`` and + ``pyramid.request.Request.resource_url`` and their derivatives. When a + string is sent instead of a list or dictionary. it is URL-quoted however it + does not need to be in ``k=v`` form. This is useful if you want to be able + to use a different query string format than ``x-www-form-urlencoded``. See + https://github.com/Pylons/pyramid/pull/1183 + +- ``pyramid.testing.DummyRequest`` now has a ``domain`` attribute to match the + new WebOb 1.3 API. Its value is ``example.com``. + +Bug Fixes +--------- + +- Fix the ``pcreate`` script so that when the target directory name ends with a + slash it does not produce a non-working project directory structure. + Previously saying ``pcreate -s starter /foo/bar/`` produced different output + than saying ``pcreate -s starter /foo/bar``. The former did not work + properly. + +- Fix the ``principals_allowed_by_permission`` method of + ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__`` + on resources. Previously it did not try to call the ``__acl__`` + if it was callable. + +- The ``pviews`` script did not work when a url required custom request + methods in order to perform traversal. Custom methods and descriptors added + via ``pyramid.config.Configurator.add_request_method`` will now be present, + allowing traversal to continue. + See https://github.com/Pylons/pyramid/issues/1104 + +- Remove unused ``renderer`` argument from ``Configurator.add_route``. + +- Allow the ``BasicAuthenticationPolicy`` to work with non-ascii usernames + and passwords. The charset is not passed as part of the header and different + browsers alternate between UTF-8 and Latin-1, so the policy now attempts + to decode with UTF-8 first, and will fallback to Latin-1. + See https://github.com/Pylons/pyramid/pull/1170 + +- The ``@view_defaults`` now apply to notfound and forbidden views + that are defined as methods of a decorated class. + See https://github.com/Pylons/pyramid/issues/1173 + +Documentation +------------- + +- Added a "Quick Tutorial" to go with the Quick Tour + +- Removed mention of ``pyramid_beaker`` from docs. Beaker is no longer + maintained. Point people at ``pyramid_redis_sessions`` instead. + +- Add documentation for ``pyramid.interfaces.IRendererFactory`` and + ``pyramid.interfaces.IRenderer``. + +Backwards Incompatibilities +--------------------------- + +- The key/values in the ``_query`` parameter of ``request.route_url`` and the + ``query`` parameter of ``request.resource_url`` (and their variants), used + to encode a value of ``None`` as the string ``'None'``, leaving the resulting + query string to be ``a=b&key=None``. The value is now dropped in this + situation, leaving a query string of ``a=b&key=``. + See https://github.com/Pylons/pyramid/issues/1119 + +Deprecations +------------ + +- Deprecate the ``pyramid.interfaces.ITemplateRenderer`` interface. It was + ill-defined and became unused when Mako and Chameleon template bindings were + split into their own packages. + +- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been + deprecated and is superseded by the + ``pyramid.session.SignedCookieSessionFactory``. Note that while the cookies + generated by the ``UnencryptedCookieSessionFactoryConfig`` + are compatible with cookies generated by old releases, cookies generated by + the SignedCookieSessionFactory are not. See + https://github.com/Pylons/pyramid/pull/1142 + +- The ``pyramid.security.has_permission`` API is now deprecated. Instead, use + the newly-added ``has_permission`` method of the request object. + +- The ``pyramid.security.effective_principals`` API is now deprecated. + Instead, use the newly-added ``effective_principals`` attribute of the + request object. + +- The ``pyramid.security.authenticated_userid`` API is now deprecated. + Instead, use the newly-added ``authenticated_userid`` attribute of the + request object. + +- The ``pyramid.security.unauthenticated_userid`` API is now deprecated. + Instead, use the newly-added ``unauthenticated_userid`` attribute of the + request object. + +Dependencies +------------ + +- Pyramid now depends on WebOb>=1.3 (it uses ``webob.cookies.CookieProfile`` + from 1.3+). + +1.5a2 (2013-09-22) +================== + +Features +-------- + +- Users can now provide dotted Python names to as the ``factory`` argument + the Configurator methods named ``add_{view,route,subscriber}_predicate`` + (instead of passing the predicate factory directly, you can pass a + dotted name which refers to the factory). + +Bug Fixes +--------- + +- Fix an exception in ``pyramid.path.package_name`` when resolving the package + name for namespace packages that had no ``__file__`` attribute. + +Backwards Incompatibilities +--------------------------- + +- Pyramid no longer depends on or configures the Mako and Chameleon templating + system renderers by default. Disincluding these templating systems by + default means that the Pyramid core has fewer dependencies and can run on + future platforms without immediate concern for the compatibility of its + templating add-ons. It also makes maintenance slightly more effective, as + different people can maintain the templating system add-ons that they + understand and care about without needing commit access to the Pyramid core, + and it allows users who just don't want to see any packages they don't use + come along for the ride when they install Pyramid. + + This means that upon upgrading to Pyramid 1.5a2+, projects that use either + of these templating systems will see a traceback that ends something like + this when their application attempts to render a Chameleon or Mako template:: + + ValueError: No such renderer factory .pt + + Or:: + + ValueError: No such renderer factory .mako + + Or:: + + ValueError: No such renderer factory .mak + + Support for Mako templating has been moved into an add-on package named + ``pyramid_mako``, and support for Chameleon templating has been moved into + an add-on package named ``pyramid_chameleon``. These packages are drop-in + replacements for the old built-in support for these templating langauges. + All you have to do is install them and make them active in your configuration + to register renderer factories for ``.pt`` and/or ``.mako`` (or ``.mak``) to + make your application work again. + + To re-add support for Chameleon and/or Mako template renderers into your + existing projects, follow the below steps. + + If you depend on Mako templates: + + * Make sure the ``pyramid_mako`` package is installed. One way to do this + is by adding ``pyramid_mako`` to the ``install_requires`` section of your + package's ``setup.py`` file and afterwards rerunning ``setup.py develop``:: + + setup( + #... + install_requires=[ + 'pyramid_mako', # new dependency + 'pyramid', + #... + ], + ) + + * Within the portion of your application which instantiates a Pyramid + ``pyramid.config.Configurator`` (often the ``main()`` function in + your project's ``__init__.py`` file), tell Pyramid to include the + ``pyramid_mako`` includeme:: + + config = Configurator(.....) + config.include('pyramid_mako') + + If you depend on Chameleon templates: + + * Make sure the ``pyramid_chameleon`` package is installed. One way to do + this is by adding ``pyramid_chameleon`` to the ``install_requires`` section + of your package's ``setup.py`` file and afterwards rerunning + ``setup.py develop``:: + + setup( + #... + install_requires=[ + 'pyramid_chameleon', # new dependency + 'pyramid', + #... + ], + ) + + * Within the portion of your application which instantiates a Pyramid + ``~pyramid.config.Configurator`` (often the ``main()`` function in + your project's ``__init__.py`` file), tell Pyramid to include the + ``pyramid_chameleon`` includeme:: + + config = Configurator(.....) + config.include('pyramid_chameleon') + + Note that it's also fine to install these packages into *older* Pyramids for + forward compatibility purposes. Even if you don't upgrade to Pyramid 1.5 + immediately, performing the above steps in a Pyramid 1.4 installation is + perfectly fine, won't cause any difference, and will give you forward + compatibility when you eventually do upgrade to Pyramid 1.5. + + With the removal of Mako and Chameleon support from the core, some + unit tests that use the ``pyramid.renderers.render*`` methods may begin to + fail. If any of your unit tests are invoking either + ``pyramid.renderers.render()`` or ``pyramid.renderers.render_to_response()`` + with either Mako or Chameleon templates then the + ``pyramid.config.Configurator`` instance in effect during + the unit test should be also be updated to include the addons, as shown + above. For example:: + + class ATest(unittest.TestCase): + def setUp(self): + self.config = pyramid.testing.setUp() + self.config.include('pyramid_mako') + + def test_it(self): + result = pyramid.renderers.render('mypkg:templates/home.mako', {}) + + Or:: + + class ATest(unittest.TestCase): + def setUp(self): + self.config = pyramid.testing.setUp() + self.config.include('pyramid_chameleon') + + def test_it(self): + result = pyramid.renderers.render('mypkg:templates/home.pt', {}) + +- If you're using the Pyramid debug toolbar, when you upgrade Pyramid to + 1.5a2+, you'll also need to upgrade the ``pyramid_debugtoolbar`` package to + at least version 1.0.8, as older toolbar versions are not compatible with + Pyramid 1.5a2+ due to the removal of Mako support from the core. It's + fine to use this newer version of the toolbar code with older Pyramids too. + +- Removed the ``request.response_*`` varying attributes. These attributes + have been deprecated since Pyramid 1.1, and as per the deprecation policy, + have now been removed. + +- ``request.response`` will no longer be mutated when using the + ``pyramid.renderers.render()`` API. Almost all renderers mutate the + ``request.response`` response object (for example, the JSON renderer sets + ``request.response.content_type`` to ``application/json``), but this is + only necessary when the renderer is generating a response; it was a bug + when it was done as a side effect of calling ``pyramid.renderers.render()``. + +- Removed the ``bfg2pyramid`` fixer script. + +- The ``pyramid.events.NewResponse`` event is now sent **after** response + callbacks are executed. It previously executed before response callbacks + were executed. Rationale: it's more useful to be able to inspect the response + after response callbacks have done their jobs instead of before. + +- Removed the class named ``pyramid.view.static`` that had been deprecated + since Pyramid 1.1. Instead use ``pyramid.static.static_view`` with + ``use_subpath=True`` argument. + +- Removed the ``pyramid.view.is_response`` function that had been deprecated + since Pyramid 1.1. Use the ``pyramid.request.Request.is_response`` method + instead. + +- Removed the ability to pass the following arguments to + ``pyramid.config.Configurator.add_route``: ``view``, ``view_context``. + ``view_for``, ``view_permission``, ``view_renderer``, and ``view_attr``. + Using these arguments had been deprecated since Pyramid 1.1. Instead of + passing view-related arguments to ``add_route``, use a separate call to + ``pyramid.config.Configurator.add_view`` to associate a view with a route + using its ``route_name`` argument. Note that this impacts the + ``pyramid.config.Configurator.add_static_view`` function too, because it + delegates to ``add_route``. + +- Removed the ability to influence and query a ``pyramid.request.Request`` + object as if it were a dictionary. Previously it was possible to use methods + like ``__getitem__``, ``get``, ``items``, and other dictlike methods to + access values in the WSGI environment. This behavior had been deprecated + since Pyramid 1.1. Use methods of ``request.environ`` (a real dictionary) + instead. + +- Removed ancient backwards compatibily hack in + ``pyramid.traversal.DefaultRootFactory`` which populated the ``__dict__`` of + the factory with the matchdict values for compatibility with BFG 0.9. + +- The ``renderer_globals_factory`` argument to the + ``pyramid.config.Configurator` constructor and its ``setup_registry`` method + has been removed. The ``set_renderer_globals_factory`` method of + ``pyramid.config.Configurator`` has also been removed. The (internal) + ``pyramid.interfaces.IRendererGlobals`` interface was also removed. These + arguments, methods and interfaces had been deprecated since 1.1. Use a + ``BeforeRender`` event subscriber as documented in the "Hooks" chapter of the + Pyramid narrative documentation instead of providing renderer globals values + to the configurator. + +Deprecations +------------ + +- The ``pyramid.config.Configurator.set_request_property`` method now issues + a deprecation warning when used. It had been docs-deprecated in 1.4 + but did not issue a deprecation warning when used. + +1.5a1 (2013-08-30) +================== + +Features +-------- + +- A new http exception subclass named ``pyramid.httpexceptions.HTTPSuccessful`` + was added. You can use this class as the ``context`` of an exception + view to catch all 200-series "exceptions" (e.g. "raise HTTPOk"). This + also allows you to catch *only* the ``HTTPOk`` exception itself; previously + this was impossible because a number of other exceptions + (such as ``HTTPNoContent``) inherited from ``HTTPOk``, but now they do not. + +- You can now generate "hybrid" urldispatch/traversal URLs more easily + by using the new ``route_name``, ``route_kw`` and ``route_remainder_name`` + arguments to ``request.resource_url`` and ``request.resource_path``. See + the new section of the "Combining Traversal and URL Dispatch" documentation + chapter entitled "Hybrid URL Generation". + +- It is now possible to escape double braces in Pyramid scaffolds (unescaped, + these represent replacement values). You can use ``\{\{a\}\}`` to + represent a "bare" ``{{a}}``. See + https://github.com/Pylons/pyramid/pull/862 + +- Add ``localizer`` and ``locale_name`` properties (reified) to the request. + See https://github.com/Pylons/pyramid/issues/508. Note that the + ``pyramid.i18n.get_localizer`` and ``pyramid.i18n.get_locale_name`` functions + now simply look up these properties on the request. + +- Add ``pdistreport`` script, which prints the Python version in use, the + Pyramid version in use, and the version number and location of all Python + distributions currently installed. + +- Add the ability to invert the result of any view, route, or subscriber + predicate using the ``not_`` class. For example:: + + from pyramid.config import not_ + + @view_config(route_name='myroute', request_method=not_('POST')) + def myview(request): ... + + The above example will ensure that the view is called if the request method + is not POST (at least if no other view is more specific). + + The ``pyramid.config.not_`` class can be used against any value that is + a predicate value passed in any of these contexts: + + - ``pyramid.config.Configurator.add_view`` + + - ``pyramid.config.Configurator.add_route`` + + - ``pyramid.config.Configurator.add_subscriber`` + + - ``pyramid.view.view_config`` + + - ``pyramid.events.subscriber`` + +- ``scripts/prequest.py``: add support for submitting ``PUT`` and ``PATCH`` + requests. See https://github.com/Pylons/pyramid/pull/1033. add support for + submitting ``OPTIONS`` and ``PROPFIND`` requests, and allow users to specify + basic authentication credentials in the request via a ``--login`` argument to + the script. See https://github.com/Pylons/pyramid/pull/1039. + +- ``ACLAuthorizationPolicy`` supports ``__acl__`` as a callable. This + removes the ambiguity between the potential ``AttributeError`` that would + be raised on the ``context`` when the property was not defined and the + ``AttributeError`` that could be raised from any user-defined code within + a dynamic property. It is recommended to define a dynamic ACL as a callable + to avoid this ambiguity. See https://github.com/Pylons/pyramid/issues/735. + +- Allow a protocol-relative URL (e.g. ``//example.com/images``) to be passed to + ``pyramid.config.Configurator.add_static_view``. This allows + externally-hosted static URLs to be generated based on the current protocol. + +- The ``AuthTktAuthenticationPolicy`` has two new options to configure its + domain usage: + + * ``parent_domain``: if set the authentication cookie is set on + the parent domain. This is useful if you have multiple sites sharing the + same domain. + * ``domain``: if provided the cookie is always set for this domain, bypassing + all usual logic. + + See https://github.com/Pylons/pyramid/pull/1028, + https://github.com/Pylons/pyramid/pull/1072 and + https://github.com/Pylons/pyramid/pull/1078. + +- The ``AuthTktAuthenticationPolicy`` now supports IPv6 addresses when using + the ``include_ip=True`` option. This is possibly incompatible with + alternative ``auth_tkt`` implementations, as the specification does not + define how to properly handle IPv6. See + https://github.com/Pylons/pyramid/issues/831. + +- Make it possible to use variable arguments via + ``pyramid.paster.get_appsettings``. This also allowed the generated + ``initialize_db`` script from the ``alchemy`` scaffold to grow support + for options in the form ``a=1 b=2`` so you can fill in + values in a parameterized ``.ini`` file, e.g. + ``initialize_myapp_db etc/development.ini a=1 b=2``. + See https://github.com/Pylons/pyramid/pull/911 + +- The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view + predicate now take into account the value of the HTTP header named + ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they + always did). The header is tried when the form parameter does not exist. + +- View lookup will now search for valid views based on the inheritance + hierarchy of the context. It tries to find views based on the most + specific context first, and upon predicate failure, will move up the + inheritance chain to test views found by the super-type of the context. + In the past, only the most specific type containing views would be checked + and if no matching view could be found then a PredicateMismatch would be + raised. Now predicate mismatches don't hide valid views registered on + super-types. Here's an example that now works:: + + class IResource(Interface): + + ... + + @view_config(context=IResource) + def get(context, request): + + ... + + @view_config(context=IResource, request_method='POST') + def post(context, request): + + ... + + @view_config(context=IResource, request_method='DELETE') + def delete(context, request): + + ... + + @implementer(IResource) + class MyResource: + + ... + + @view_config(context=MyResource, request_method='POST') + def override_post(context, request): + + ... + + Previously the override_post view registration would hide the get + and delete views in the context of MyResource -- leading to a + predicate mismatch error when trying to use GET or DELETE + methods. Now the views are found and no predicate mismatch is + raised. + See https://github.com/Pylons/pyramid/pull/786 and + https://github.com/Pylons/pyramid/pull/1004 and + https://github.com/Pylons/pyramid/pull/1046 + +- The ``pserve`` command now takes a ``-v`` (or ``--verbose``) flag and a + ``-q`` (or ``--quiet``) flag. Output from running ``pserve`` can be + controlled using these flags. ``-v`` can be specified multiple times to + increase verbosity. ``-q`` sets verbosity to ``0`` unconditionally. The + default verbosity level is ``1``. + +- The ``alchemy`` scaffold tests now provide better coverage. See + https://github.com/Pylons/pyramid/pull/1029 + +- The ``pyramid.config.Configurator.add_route`` method now supports being + called with an external URL as pattern. See + https://github.com/Pylons/pyramid/issues/611 and the documentation section + in the "URL Dispatch" chapter entitled "External Routes" for more information. + +Bug Fixes +--------- + +- It was not possible to use ``pyramid.httpexceptions.HTTPException`` as + the ``context`` of an exception view as very general catchall for + http-related exceptions when you wanted that exception view to override the + default exception view. See https://github.com/Pylons/pyramid/issues/985 + +- When the ``pyramid.reload_templates`` setting was true, and a Chameleon + template was reloaded, and the renderer specification named a macro + (e.g. ``foo#macroname.pt``), renderings of the template after the template + was reloaded due to a file change would produce the entire template body + instead of just a rendering of the macro. See + https://github.com/Pylons/pyramid/issues/1013. + +- Fix an obscure problem when combining a virtual root with a route with a + ``*traverse`` in its pattern. Now the traversal path generated in + such a configuration will be correct, instead of an element missing + a leading slash. + +- Fixed a Mako renderer bug returning a tuple with a previous defname value + in some circumstances. See https://github.com/Pylons/pyramid/issues/1037 + for more information. + +- Make the ``pyramid.config.assets.PackageOverrides`` object implement the API + for ``__loader__`` objects specified in PEP 302. Proxies to the + ``__loader__`` set by the importer, if present; otherwise, raises + ``NotImplementedError``. This makes Pyramid static view overrides work + properly under Python 3.3 (previously they would not). See + https://github.com/Pylons/pyramid/pull/1015 for more information. + +- ``mako_templating``: added defensive workaround for non-importability of + ``mako`` due to upstream ``markupsafe`` dropping Python 3.2 support. Mako + templating will no longer work under the combination of MarkupSafe 0.17 and + Python 3.2 (although the combination of MarkupSafe 0.17 and Python 3.3 or any + supported Python 2 version will work OK). + +- Spaces and dots may now be in mako renderer template paths. This was + broken when support for the new makodef syntax was added in 1.4a1. + See https://github.com/Pylons/pyramid/issues/950 + +- ``pyramid.debug_authorization=true`` will now correctly print out + ``Allowed`` for views registered with ``NO_PERMISSION_REQUIRED`` instead + of invoking the ``permits`` method of the authorization policy. + See https://github.com/Pylons/pyramid/issues/954 + +- Pyramid failed to install on some systems due to being packaged with + some test files containing higher order characters in their names. These + files have now been removed. See + https://github.com/Pylons/pyramid/issues/981 + +- ``pyramid.testing.DummyResource`` didn't define ``__bool__``, so code under + Python 3 would use ``__len__`` to find truthiness; this usually caused an + instance of DummyResource to be "falsy" instead of "truthy". See + https://github.com/Pylons/pyramid/pull/1032 + +- The ``alchemy`` scaffold would break when the database was MySQL during + tables creation. See https://github.com/Pylons/pyramid/pull/1049 + +- The ``current_route_url`` method now attaches the query string to the URL by + default. See + https://github.com/Pylons/pyramid/issues/1040 + +- Make ``pserve.cherrypy_server_runner`` Python 3 compatible. See + https://github.com/Pylons/pyramid/issues/718 + +Backwards Incompatibilities +--------------------------- + +- Modified the ``current_route_url`` method in pyramid.Request. The method + previously returned the URL without the query string by default, it now does + attach the query string unless it is overriden. + +- The ``route_url`` and ``route_path`` APIs no longer quote ``/`` + to ``%2F`` when a replacement value contains a ``/``. This was pointless, + as WSGI servers always unquote the slash anyway, and Pyramid never sees the + quoted value. + +- It is no longer possible to set a ``locale_name`` attribute of the request, + nor is it possible to set a ``localizer`` attribute of the request. These + are now "reified" properties that look up a locale name and localizer + respectively using the machinery described in the "Internationalization" + chapter of the documentation. + +- If you send an ``X-Vhm-Root`` header with a value that ends with a slash (or + any number of slashes), the trailing slash(es) will be removed before a URL + is generated when you use use ``request.resource_url`` or + ``request.resource_path``. Previously the virtual root path would not have + trailing slashes stripped, which would influence URL generation. + +- The ``pyramid.interfaces.IResourceURL`` interface has now grown two new + attributes: ``virtual_path_tuple`` and ``physical_path_tuple``. These should + be the tuple form of the resource's path (physical and virtual). + 1.4 (2012-12-18) ================ diff --git a/README.rst b/README.rst index 6de42ea40..9adfd90e7 100644 --- a/README.rst +++ b/README.rst @@ -1,7 +1,7 @@ Pyramid ======= -.. image:: https://travis-ci.org/Pylons/pyramid.png?branch=master +.. image:: https://travis-ci.org/Pylons/pyramid.png?branch=1.6-branch :target: https://travis-ci.org/Pylons/pyramid .. image:: https://readthedocs.org/projects/pyramid/badge/?version=master diff --git a/RELEASING.txt b/RELEASING.txt index 88c3ad73d..d891aa620 100644 --- a/RELEASING.txt +++ b/RELEASING.txt @@ -13,7 +13,7 @@ Releasing Pyramid Make sure statement coverage is at 100% (the test run will fail if not). -- Run Windows tests for Python 2.6, 2.7, 3.2, and 3.3 if feasible. +- Run tests on Windows if feasible. - Make sure all scaffold tests pass (Py 2.6, 2.7, 3.2, 3.3, 3.4, pypy, and pypy3 on UNIX; this doesn't work on Windows): @@ -29,12 +29,6 @@ Releasing Pyramid - update README.rst to use correct versions of badges and URLs according to each branch and context, i.e., RTD "latest" == GitHub/Travis "1.x-branch". -- Make sure docs render OK:: - - $ tox -e {py2,py3}-docs - - There should be no meaningful errors or warnings. - - Change setup.py version to the new version number. - Change CHANGES.txt heading to reflect the new version number. diff --git a/docs/conf.py b/docs/conf.py index fa4578275..65c0e3a8b 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -159,7 +159,7 @@ html_theme_path = ['_themes'] html_theme = 'pyramid' html_theme_options = dict( github_url='https://github.com/Pylons/pyramid', - in_progress='true', + in_progress='false', ) # The name for this set of Sphinx documents. If None, it defaults to diff --git a/docs/index.rst b/docs/index.rst index fc7560e8f..0ee3557bf 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -153,6 +153,7 @@ Change History .. toctree:: :maxdepth: 1 + whatsnew-1.6 whatsnew-1.5 whatsnew-1.4 whatsnew-1.3 diff --git a/docs/whatsnew-1.6.rst b/docs/whatsnew-1.6.rst new file mode 100644 index 000000000..c38aa7a91 --- /dev/null +++ b/docs/whatsnew-1.6.rst @@ -0,0 +1,170 @@ +What's New In Pyramid 1.6 +========================= + +This article explains the new features in :app:`Pyramid` version 1.6 as +compared to its predecessor, :app:`Pyramid` 1.6. It also documents backwards +incompatibilities between the two versions and deprecations added to +:app:`Pyramid` 1.6, as well as software dependency changes and notable +documentation additions. + +Backwards Incompatibilities +--------------------------- + +- ``request.response`` will no longer be mutated when using the + :func:`~pyramid.renderers.render_to_response` API. It is now necessary + to pass in + a ``response=`` argument to :func:`~pyramid.renderers.render_to_response` if + you wish to supply the renderer with a custom response object for it to + use. If you do not pass one then a response object will be created using the + current response factory. Almost all renderers mutate the + ``request.response`` response object (for example, the JSON renderer sets + ``request.response.content_type`` to ``application/json``). However, when + invoking ``render_to_response`` it is not expected that the response object + being returned would be the same one used later in the request. The response + object returned from ``render_to_response`` is now explicitly different from + ``request.response``. This does not change the API of a renderer. See + https://github.com/Pylons/pyramid/pull/1563 + + +Feature Additions +----------------- + +- Cache busting for static assets has been added and is available via a new + argument to :meth:`pyramid.config.Configurator.add_static_view`: + ``cachebust``. Core APIs are shipped for both cache busting via query + strings and path segments and may be extended to fit into custom asset + pipelines. See https://github.com/Pylons/pyramid/pull/1380 and + https://github.com/Pylons/pyramid/pull/1583 + +- Assets can now be overidden by an absolute path on the filesystem when using + the :meth:`~pyramid.config.Configurator.override_asset` API. This makes it + possible to fully support serving up static content from a mutable directory + while still being able to use the :meth:`~pyramid.request.Request.static_url` + API and :meth:`~pyramid.config.Configurator.add_static_view`. Previously it + was not possible to use :meth:`~pyramid.config.Configurator.add_static_view` + with an absolute path **and** generate urls to the content. This change + replaces the call, ``config.add_static_view('/abs/path', 'static')``, with + ``config.add_static_view('myapp:static', 'static')`` and + ``config.override_asset(to_override='myapp:static/', + override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely + made up and does not need to exist - it is used for generating urls via + ``request.static_url('myapp:static/foo.png')``. See + https://github.com/Pylons/pyramid/issues/1252 + +- Added :meth:`~pyramid.config.Configurator.set_response_factory` and the + ``response_factory`` keyword argument to the constructor of + :class:`~pyramid.config.Configurator` for defining a factory that will return + a custom ``Response`` class. See https://github.com/Pylons/pyramid/pull/1499 + +- Add :attr:`pyramid.config.Configurator.root_package` attribute and init + parameter to assist with includeable packages that wish to resolve + resources relative to the package in which the configurator was created. + This is especially useful for addons that need to load asset specs from + settings, in which case it is may be natural for a developer to define + imports or assets relative to the top-level package. + See https://github.com/Pylons/pyramid/pull/1337 + +- Overall improvments for the ``proutes`` command. Added ``--format`` and + ``--glob`` arguments to the command, introduced the ``method`` + column for displaying available request methods, and improved the ``view`` + output by showing the module instead of just ``__repr__``. + See https://github.com/Pylons/pyramid/pull/1488 + +- ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server + URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533 + +- Support keyword-only arguments and function annotations in views in + Python 3. See https://github.com/Pylons/pyramid/pull/1556 + +- The ``append_slash`` argument of + :meth:`~pyramid.config.Configurator.add_notfound_view()` will now accept + anything that implements the :class:`~pyramid.interfaces.IResponse` interface + and will use that as the response class instead of the default + :class:`~pyramid.httpexceptions.HTTPFound`. See + https://github.com/Pylons/pyramid/pull/1610 + +- The :class:`~pyramid.config.Configurator` has grown the ability to allow + actions to call other actions during a commit-cycle. This enables much more + logic to be placed into actions, such as the ability to invoke other actions + or group them for improved conflict detection. We have also exposed and + documented the config phases that Pyramid uses in order to further assist in + building conforming addons. See https://github.com/Pylons/pyramid/pull/1513 + +- Allow an iterator to be returned from a renderer. Previously it was only + possible to return bytes or unicode. + See https://github.com/Pylons/pyramid/pull/1417 + +- Improve robustness to timing attacks in the + :class:`~pyramid.authentication.AuthTktCookieHelper` and the + :class:`~pyramid.session.SignedCookieSessionFactory` classes by using the + stdlib's ``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and + 3.3+). See https://github.com/Pylons/pyramid/pull/1457 + +- Improve the readability of the ``pcreate`` shell script output. + See https://github.com/Pylons/pyramid/pull/1453 + +- Make it simple to define notfound and forbidden views that wish to use the + default exception-response view but with altered predicates and other + configuration options. The ``view`` argument is now optional in + :meth:`~pyramid.config.Configurator.add_notfound_view` and + :meth:`~pyramid.config.Configurator.add_forbidden_view` See + https://github.com/Pylons/pyramid/issues/494 + +- The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is + defined in the environment prior to launching the interpreter. + See https://github.com/Pylons/pyramid/pull/1448 + +- Add new HTTP exception objects for status codes + ``428 Precondition Required``, ``429 Too Many Requests`` and + ``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``. + See https://github.com/Pylons/pyramid/pull/1372/files + +- ``pcreate`` when run without a scaffold argument will now print information + on the missing flag, as well as a list of available scaffolds. See + https://github.com/Pylons/pyramid/pull/1566 and + https://github.com/Pylons/pyramid/issues/1297 + +- Add :func:`pyramid.request.apply_request_extensions` function which can be + used in testing to apply any request extensions configured via + ``config.add_request_method``. Previously it was only possible to test the + extensions by going through Pyramid's router. See + https://github.com/Pylons/pyramid/pull/1581 + + +- Make it possible to subclass ``pyramid.request.Request`` and also use + ``pyramid.request.Request.add_request.method``. See + https://github.com/Pylons/pyramid/issues/1529 + +Deprecations +------------ + +- The ``principal`` argument to :func:`pyramid.security.remember` was renamed + to ``userid``. Using ``principal`` as the argument name still works and will + continue to work for the next few releases, but a deprecation warning is + printed. + + +Scaffolding Enhancements +------------------------ + +- Added line numbers to the log formatters in the scaffolds to assist with + debugging. See https://github.com/Pylons/pyramid/pull/1326 + +- Update scaffold generating machinery to return the version of pyramid and + pyramid docs for use in scaffolds. Updated ``starter``, ``alchemy`` and + ``zodb`` templates to have links to correctly versioned documentation and + reflect which pyramid was used to generate the scaffold. + +- Removed non-ascii copyright symbol from templates, as this was + causing the scaffolds to fail for project generation. + +Documentation Enhancements +-------------------------- + +- Removed logging configuration from Quick Tutorial ini files except for + scaffolding- and logging-related chapters to avoid needing to explain it too + early. + +- Improve and clarify the documentation on what Pyramid defines as a + ``principal`` and a ``userid`` in its security APIs. + See https://github.com/Pylons/pyramid/pull/1399 @@ -68,7 +68,7 @@ testing_extras = tests_require + [ ] setup(name='pyramid', - version='1.6.dev0', + version='1.6a1', description='The Pyramid Web Framework, a Pylons project', long_description=README + '\n\n' + CHANGES, classifiers=[ |