| Age | Commit message (Collapse) | Author |
|---|
|
|
|
- Added a ``repoze.bfg.testing`` module to attempt to make it
slightly easier to write unittest-based automated tests of BFG
applications. Information about this class is in the
documentation.
- The default template renderer now supports testing better by
looking for ``ITestingTemplateRenderer`` using a relative
pathname. This is exposed indirectly through the API named
``registerTemplate`` in ``repoze.bfg.testing``.
Deprecations
- The names ``repoze.bfg.interfaces.ITemplate`` ,
``repoze.bfg.interfaces.ITemplateFactory`` and
``repoze.bfg.interfaces.INodeTemplate`` have been deprecated.
These should now be imported as
``repoze.bfg.interfaces.ITemplateRenderer`` and
``repoze.bfg.interfaces.ITemplateRendererFactory``, and
``INodeTemplateRenderer`` respectively.
- The name ``repoze.bfg.chameleon_zpt.ZPTTemplateFactory`` is
deprecated. Use ``repoze.bfg.chameleon_zpt.ZPTTemplateRenderer``.
- The name ``repoze.bfg.chameleon_genshi.GenshiTemplateFactory`` is
deprecated. Use
``repoze.bfg.chameleon_genshi.GenshiTemplateRenderer``.
- The name ``repoze.bfg.xslt.XSLTemplateFactory`` is deprecated.
Use ``repoze.bfg.xslt.XSLTemplateRenderer``.
|
|
|
|
TypeError (use ``ACLDenied`` instead of ``Denied``).
|
|
|
|
make_app could cause attribute errors when attempting to look up
settings against the ISettings object (internal). Fixed by giving
the Settings objects defaults for ``debug_authorization`` and
``debug_notfound``.
|
|
|
|
- The ``BFG_DEBUG_AUTHORIZATION`` envvar and the
``debug_authorization`` config file value now only imply debugging
of view-invoked security checks. Previously, information was
printed for every call to ``has_permission`` as well, which made
output confusing. To debug ``has_permission`` checks and other
manual permission checks, use the debugger and print statements in
your own code.
- Authorization debugging info is now only present in the HTTP
response body oif ``debug_authorization`` is true.
- The format of authorization debug messages was improved.
- A new ``BFG_DEBUG_NOTFOUND`` envvar was added and a symmetric
``debug_notfound`` config file value was added. When either is
true, and a NotFound response is returned by the BFG router
(because a view could not be found), debugging information is
printed to stderr. When this value is set true, the body of
HTTPNotFound responses will also contain the same debugging
information.
- ``Allowed`` and ``Denied`` responses from the security machinery
are now specialized into two types: ACL types, and non-ACL types.
The ACL-related responses are instances of
``repoze.bfg.security.ACLAllowed`` and
``repoze.bfg.security.ACLDenied``. The non-ACL-related responses
are ``repoze.bfg.security.Allowed`` and
``repoze.bfg.security.Denied``. The allowed-type responses
continue to evaluate equal to things that themselves evaluate
equal to the ``True`` boolean, while the denied-type responses
continue to evaluate equal to things that themselves evaluate
equal to the ``False`` boolean. The only difference between the
two types is the information attached to them for debugging
purposes.
- Added a new ``BFG_DEBUG_ALL`` envvar and a symmetric ``debug_all``
config file value. When either is true, all other debug-related
flags are set true unconditionally (e.g. ``debug_notfound`` and
``debug_authorization``).
Documentation
- Added info about debug flag changes.
- Added a section to the security chapter named "Debugging
Imperative Authorization Failures" (for e.g. ``has_permssion``).
|
|
this logger is registered unconditionally and is used by the
authorization debug machinery. Applications may also make use of
it as necessary rather than inventing their own logger, for
convenience.
|
|
|
|
server rather than ``PasteScript#cherrpy`` server. The cherrypy
server has a security risk in it when ``REMOTE_USER`` is trusted
by the downstream application.
|
|
view was found and called, but it returned something that did not
implement IResponse, the error would pass by unflagged. This was
noticed when I created a view function that essentially returned
None, but received a NotFound error rather than a ValueError when
the view was rendered. This was fixed.
|
|
- An "Environment and Configuration" chapter was added to the narrative
portion of the documentation.
Features
- Ensure bfg doesn't generate warnings when running under Python
2.6.
- The environment variable ``BFG_RELOAD_TEMPLATES`` is now available
(serves the same purpose as ``reload_templates`` in the config file).
- A new configuration file option ``debug_authorization`` was added.
This turns on printing of security authorization debug statements
to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment
variable was also added; this performs the same duty.
Bug Fixes
- The environment variable ``BFG_SECURITY_DEBUG`` did not always work.
It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed.
Deprecations
- A deprecation warning is now issued when old API names from the
``repoze.bfg.templates`` module are imported.
Backwards incompatibilities
- The ``BFG_SECURITY_DEBUG`` environment variable was renamed to
``BFG_DEBUG_AUTHORIZATION``.
|
|
|
|
``repoze.bfg.templates`` module are imported.
|
|
- A ``repoze.bfg.location`` API module was added.
Backwards incompatibilities
- Applications must now use the ``repoze.bfg.interfaces.ILocation``
interface rather than ``zope.location.interfaces.ILocation`` to
represent that a model object is "location-aware". We've removed
a dependency on ``zope.location`` for cleanliness purposes: as
new versions of zope libraries are released which have improved
dependency information, getting rid of our dependence on
``zope.location`` will prevent a newly installed repoze.bfg
application from requiring the ``zope.security``, egg, which not
truly used at all in a "stock" repoze.bfg setup. These
dependencies are still required by the stack at this time; this
is purely a futureproofing move.
The security and model documentation for previous versions of
``repoze.bfg`` recommended using the
``zope.location.interfaces.ILocation`` interface to represent
that a model object is "location-aware". This documentation has
been changed to reflect that this interface should now be
imported from ``repoze.bfg.interfaces.ILocation`` instead.
|
|
|
|
|
|
|
|
so conditions such as method=GET did not work.
|
|
|
|
|
|
properly.
|
|
|
|
special "uncacheable" discriminators (for actions that have
variable results).
|
|
|
|
|
|
|
|
|
|
named ``render_view_to_response``, ``render_view_to_iterable`` and
``is_response``, which are documented in the API docs. These features
aid programmatic (non-request-driven) view execution.
|
|
|
|
|
|
"get_options" from __init__.py of repoze.bfg; use repoze.bfg.router:make_app and repoze.bfg.registry:get_options instead.
|
|
|
|
|
|
- Remove dependency on FormEncode (only needed by sampleapp).
- Fix paster template generation so that case-sensitivity is
preserved for project vs. package name.
- Depend on ``z3c.pt`` version 1.0a1 (which requires the ``[lxml]``
extra currently).
|
|
``configure.zcml.pck`` next to the applications's "normal"
configuration file. A given bfg app will usually start faster
if it's able to read the pickle data. It fails gracefully
to reading the real ZCML file if it cannot read the pickle.
|
|
|
|
renamed to ``app`` in order to have a different name than the bfg
function of the same name, to prevent confusion.
- Add "options" processing to bfg's ``make_app`` to support runtime
options. A new API function named ``get_options`` was added to
the registry module. This function is typically used in an
application's ``app`` entry point. The Paste config file section
for the app can now supply the ``reload_templates`` option, which,
if true, will prevent the need to restart the appserver in order
for ``z3c.pt`` or XSLT template changes to be detected.
- Use only the module name in generated project's "test_suite" (run
all tests found in the package).
- Default port for generated apps changed from 5432 to 6543
(Postgres default port is 6543).
|
|
only one attribute: ``reload_templates``. If e.g.::
<bfg:settings reload_templates="true"/>
is in your application's ZCML, you will not need to restart the
appserver in order for ``z3c.pt`` or XSLT template changes to be
detected and displayed.
|
|
|
|
|
|
|
|
|
|
In the process, make ITraverser a uni-adapter (on context) rather
than a multiadapter (on context and request).
|
|
``urldispatch.RoutesMapper`` object now accepts a keyword
parameter named ``context_factory``. If this parameter is
supplied, it must be a callable which returns an instance. This
instance is used as the context for the request when a route is
matched.
- The registration of a RoutesModelTraverser no longer needs to be
performed by the application; it's in the bfg ZCML now.
|
|
``bfg:view`` configure.zcml element. This attribute will have a
value which is a dotted Python path, pointing at an interface. If
the request object implements this interface when the view lookup
is performed, the appropriate view will be called.
- Remove "template only" views. These were just confusing and were
never documented.
|
|
events.rst chapter in the documentation's ``api`` directory.
|
|
|
|
|
