summaryrefslogtreecommitdiff
path: root/CHANGES.txt
diff options
context:
space:
mode:
Diffstat (limited to 'CHANGES.txt')
-rw-r--r--CHANGES.txt48
1 files changed, 48 insertions, 0 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index 40a810305..3650b674f 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,51 @@
+Next release
+============
+
+Features
+--------
+
+- It is now possible to write a custom security policy that returns a
+ customized ``Forbidden`` WSGI application when BFG cannot authorize
+ an invocation of a view. To this end, ISecurityPolicy objects must
+ now have a ``forbidden`` method. This method should return a WSGI
+ application. The returned WSGI application should generate a
+ response which is appropriate when access to a view resource was
+ forbidden by the security policy (e.g. perhaps a login page).
+ ``repoze.bfg`` is willing to operate with a custom security policy
+ that does not have a ``forbidden`` method, but it will issue a
+ warning; eventually security policies without a ``forbidden`` method
+ will cease to work under ``repoze.bfg``.
+
+ Note that the ``forbidden`` WSGI application returned by the
+ security policy is not used if a developer has registered an
+ IForbiddenAppFactory (see the "Hooks" narrative chapter); the
+ explicitly registered IForbiddenAppFactory will be preferred over
+ the (more general) security policy forbidden app factory.
+
+- All default security policies now have a ``forbidden`` callable
+ attached to them. This particular callable returns a WSGI
+ application which generates a ``401 Unauthorized`` response for
+ backwards compatibility (had backwards compatibility not been an
+ issue, this callable would have returned a WSGI app that generated a
+ ``403 Forbidden`` response).
+
+Backwards Incompatibilities
+---------------------------
+
+- Custom NotFound and Forbidden (nee' Unauthorized) WSGI applications
+ (registered a a utility for INotFoundAppFactory and
+ IUnauthorizedAppFactory) could rely on an environment key named
+ ``message`` describing the circumstance of the response. This key
+ has been renamed to ``repoze.bfg.message`` (as per the WSGI spec,
+ which requires environment extensions to contain dots).
+
+Deprecations
+------------
+
+- The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has
+ been renamed to ``repoze.bfg.interfaces.IForbiddenAppFactory``.
+
+
0.8.1 (2009-05-21)
==================
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-01 13:34:44 +0000