summaryrefslogtreecommitdiff
path: root/CHANGES.txt
diff options
context:
space:
mode:
Diffstat (limited to 'CHANGES.txt')
-rw-r--r--CHANGES.txt145
1 files changed, 141 insertions, 4 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 8295a98c9..9f780fe45 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,142 @@
+Unreleased
+==========
+
+Features
+--------
+
+- An authorization API has been added as a method of the
+ request: ``request.has_permission``.
+
+ ``request.has_permission`` is a method-based alternative to the
+ ``pyramid.security.has_permission`` API and works exactly the same. The
+ older API is now deprecated.
+
+- Property API attributes have been added to the request for easier access to
+ authentication data: ``request.authenticated_userid``,
+ ``request.unauthenticated_userid``, and ``request.effective_principals``.
+
+ These are analogues, respectively, of
+ ``pyramid.security.authenticated_userid``,
+ ``pyramid.security.unauthenticated_userid``, and
+ ``pyramid.security.effective_principals``. They operate exactly the same,
+ except they are attributes of the request instead of functions accepting a
+ request. They are properties, so they cannot be assigned to. The older
+ function-based APIs are now deprecated.
+
+- Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be run
+ directly, allowing custom arguments to be sent to the python interpreter
+ at runtime. For example::
+
+ python -3 -m pyramid.scripts.pserve development.ini
+
+- Added a specific subclass of ``HTTPBadRequest`` named
+ ``pyramid.exceptions.BadCSRFToken`` which will now be raised in response
+ to failures in ``check_csrf_token``.
+ See https://github.com/Pylons/pyramid/pull/1149
+
+- Added a new ``SignedCookieSessionFactory`` which is very similar to the
+ ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on
+ signing content. The custom serializer arguments to this function should
+ only focus on serializing, unlike its predecessor which required the
+ serializer to also perform signing.
+ See https://github.com/Pylons/pyramid/pull/1142
+
+- Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie
+ factory that can be used by framework implementors to create their own
+ session implementations. It provides a reusable API which focuses strictly
+ on providing a dictionary-like object that properly handles renewals,
+ timeouts, and conformance with the ``ISession`` API.
+ See https://github.com/Pylons/pyramid/pull/1142
+
+Bug Fixes
+---------
+
+- Fix the ``pcreate`` script so that when the target directory name ends with a
+ slash it does not produce a non-working project directory structure.
+ Previously saying ``pcreate -s starter /foo/bar/`` produced different output
+ than saying ``pcreate -s starter /foo/bar``. The former did not work
+ properly.
+
+- Fix the ``principals_allowed_by_permission`` method of
+ ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__``
+ on resources. Previously it did not try to call the ``__acl__``
+ if it was callable.
+
+- The ``pviews`` script did not work when a url required custom request
+ methods in order to perform traversal. Custom methods and descriptors added
+ via ``pyramid.config.Configurator.add_request_method`` will now be present,
+ allowing traversal to continue.
+ See https://github.com/Pylons/pyramid/issues/1104
+
+- Remove unused ``renderer`` argument from ``Configurator.add_route``.
+
+- Allow the ``BasicAuthenticationPolicy`` to work with non-ascii usernames
+ and passwords. The charset is not passed as part of the header and different
+ browsers alternate between UTF-8 and Latin-1, so the policy now attempts
+ to decode with UTF-8 first, and will fallback to Latin-1.
+ See https://github.com/Pylons/pyramid/pull/1170
+
+- The ``@view_defaults`` now apply to notfound and forbidden views
+ that are defined as methods of a decorated class.
+ See https://github.com/Pylons/pyramid/issues/1173
+
+Documentation
+-------------
+
+- Added a "Quick Tutorial" to go with the Quick Tour
+
+- Removed mention of ``pyramid_beaker`` from docs. Beaker is no longer
+ maintained. Point people at ``pyramid_redis_sessions`` instead.
+
+- Add documentation for ``pyramid.interfaces.IRendererFactory`` and
+ ``pyramid.interfaces.IRenderer``.
+
+Backwards Incompatibilities
+---------------------------
+
+- The key/values in the ``_query`` parameter of ``request.route_url`` and the
+ ``query`` parameter of ``request.resource_url`` (and their variants), used
+ to encode a value of ``None`` as the string ``'None'``, leaving the resulting
+ query string to be ``a=b&key=None``. The value is now dropped in this
+ situation, leaving a query string of ``a=b&key=``.
+ See https://github.com/Pylons/pyramid/issues/1119
+
+Deprecations
+------------
+
+- Deprecate the ``pyramid.interfaces.ITemplateRenderer`` interface. It was
+ ill-defined and became unused when Mako and Chameleon template bindings were
+ split into their own packages.
+
+- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been
+ deprecated and is superseded by the
+ ``pyramid.session.SignedCookieSessionFactory``. Note that while the cookies
+ generated by the ``UnencryptedCookieSessionFactoryConfig``
+ are compatible with cookies generated by old releases, cookies generated by
+ the SignedCookieSessionFactory are not. See
+ https://github.com/Pylons/pyramid/pull/1142
+
+- The ``pyramid.security.has_permission`` API is now deprecated. Instead, use
+ the newly-added ``has_permission`` method of the request object.
+
+- The ``pyramid.security.forget`` API is now deprecated. Instead, use
+ the newly-added ``forget_userid`` method of the request object.
+
+- The ``pyramid.security.remember`` API is now deprecated. Instead, use
+ the newly-added ``remember_userid`` method of the request object.
+
+- The ``pyramid.security.effective_principals`` API is now deprecated.
+ Instead, use the newly-added ``effective_principals`` attribute of the
+ request object.
+
+- The ``pyramid.security.authenticated_userid`` API is now deprecated.
+ Instead, use the newly-added ``authenticated_userid`` attribute of the
+ request object.
+
+- The ``pyramid.security.unauthenticated_userid`` API is now deprecated.
+ Instead, use the newly-added ``unauthenticated_userid`` attribute of the
+ request object.
+
1.5a2 (2013-09-22)
==================
@@ -247,7 +386,7 @@ Features
The above example will ensure that the view is called if the request method
is not POST (at least if no other view is more specific).
- The :class:`pyramid.config.not_` class can be used against any value that is
+ The ``pyramid.config.not_`` class can be used against any value that is
a predicate value passed in any of these contexts:
- ``pyramid.config.Configurator.add_view``
@@ -316,9 +455,7 @@ Features
In the past, only the most specific type containing views would be checked
and if no matching view could be found then a PredicateMismatch would be
raised. Now predicate mismatches don't hide valid views registered on
- super-types. Here's an example that now works:
-
- .. code-block:: python
+ super-types. Here's an example that now works::
class IResource(Interface):
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-02 14:24:17 +0000