diff options
Diffstat (limited to 'CHANGES.txt')
| -rw-r--r-- | CHANGES.txt | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 25d2dc75c..563851e74 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -6,13 +6,20 @@ Features - Added an ``effective_principals`` route and view predicate. -Bug Fixes ---------- - -- :func:`pyramid.security.view_execution_permitted` would return `True` if - no view could be found. This case now raises an exception as it doesn't - make sense make an assertion about a non-existant view. See - https://github.com/Pylons/pyramid/issues/299. +- Do not allow the userid returned from the ``authenticated_userid`` or the + userid that is one of the list of principals returned by + ``effective_principals`` to be either of the strings ``system.Everyone`` or + ``system.Authenticated`` when any of the built-in authorization policies that + live in ``pyramid.authentication`` are in use. These two strings are + reserved for internal usage by Pyramid and they will not be accepted as valid + userids. + +- Slightly better debug logging from RepozeWho1AuthenticationPolicy. + +- ``pyramid.security.view_execution_permitted`` used to return `True` if no + view could be found. It now raises a ``TypeError`` exception in that case, as + it doesn't make sense to assert that a nonexistent view is + execution-permitted. See https://github.com/Pylons/pyramid/issues/299. 1.4a3 (2012-10-26) ================== |