| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
``registerDummySecurityPolicy``, ``registerResources``, ``registerModels``,
``registerEventListener``, ``registerTemplateRenderer``,
``registerDummyRenderer``, ``registerView``, ``registerUtility``,
``registerAdapter``, ``registerSubscriber``, ``registerRoute``,
and ``registerSettings``.
- Deprecated-since-BFG-1.2 APIs from ``pyramid.testing`` now properly emit
deprecation warnings.
|
|
``route_path``, ``route_url``, and ``static_url`` methods to
``pyramid.request.Request`` API docs.
|
|
Advanced Configuration narrative chapter.
|
|
module. It continues life within the ``pyramid_zcml`` package. This
leaves the ``pyramid.router`` module without any API functions.
- The ``configure_zcml`` setting within the deployment settings (within
``**settings`` passed to a Pyramid ``main`` function) has ceased to have any
meaning.
- The ``starter_zcml`` paster template has been moved to the ``pyramid_zcml``
package.
- The ``bfg2pyramid`` script now converts ZCML include tags that have
``repoze.bfg.includes`` as a package attribute to the value
``pyramid_zcml``. For example, ``<include package="repoze.bfg.includes">``
will be converted to ``<include package="pyramid_zcml">``.
- The ``load_zcml`` method of a Configurator has been removed from the
Pyramid core. Loading ZCML is now a feature of the ``pyramid_zcml``
package, which can be downloaded from PyPI. Documentation for the package
should be available via http://pylonsproject.org, which describes how to
get this method back after depending upon ``pyramid_zcml`` as an
``install_requires`` dependency.
- The ``pyramid.includes`` subpackage has been removed. ZCML files which use
include the package ``pyramid.includes`` (e.g. ``<include
package="pyramid.includes">``) now must include the ``pyramid_zcml``
package instead (e.g. ``<include package="pyramid_zcml"/>).
- The "Declarative Configuration" narrative chapter has been removed (it was
moved to the ``pyramid_zcml`` pakcage).
- The add_directive method now accepts an "action_wrap" flag.
- Fix some orphaned references.
- Remove some docstring references to ZCML directives.
- All integration test fixtures have been changed to use imperative
configuration rather than ZCML configuration.
|
|
pyramid.view, handler ZCML directive. This functionality is to be moved to a "pyramid_handlers" package.
Fix add_directive to properly persist directives across configurator creations.
|
|
|
|
on the "current" route (if any) and its matchdict values.
|
|
This class can be used by third-party authentication policy developers to
help in the mechanics of authentication cookie-setting.
|
|
``unauthenticated_userid`` method. This method supports an important
optimization required by people who are using persistent storages which do
not support object caching and whom want to create a "user object" as a
request attribute.
- A new API has been added to the ``pyramid.security`` module named
``unauthenticated_userid``. This API function calls the
``unauthenticated_userid`` method of the effective security policy.
- An ``unauthenticated_userid`` method has been added to the dummy
authentication policy returned by
``pyramid.config.Configurator.testing_securitypolicy``. It returns the
same thing as that the dummy authentication policy's
``authenticated_userid`` method.
- Since the ``pyramid.interfaces.IAuthenticationPolicy`` interface now
specifies that a policy implementation must implement an
``unauthenticated_userid`` method, all third-party custom authentication
policies now must implement this method. It, however, will only be called
when the global function named ``pyramid.security.unauthenticated_userid``
is invoked, so if you're not invoking that, you will not notice any issues.
- The (non-API) method of all internal authentication policy implementations
previously named ``_get_userid`` is now named ``unauthenticated_userid``,
promoted to an API method. If you were overriding this method, you'll now
need to override it as ``unauthenticated_userid`` instead.
|
|
|
|
|
|
"Preventing Cross-Site Request Forgery Attacks".
|
|
|
|
documentation chapter.
|
|
|
|
|
|
|
|
|
|
|
|
chapter (has ``implementation()`` method, required to be used when getting
at Chameleon macros).
|
|
URLs. Calling ``route_path`` is the same as calling
``pyramid.url.route_url`` with the argument ``_app_url`` equal to the empty
string.
- Add a ``pyramid.request.Request.route_path`` API. This is a convenience
method of the request which calls ``pyramid.url.route_url``.
|
|
|
|
``route_url``. These are simple passthroughs for their respective
functions in ``pyramid.url``.
- Documented the ``matchdict`` and ``matched_route`` attributes of the
request object in the Request API documentation.
|
|
|
|
to :app:`Pyramid`. A custom role setting was added to ``docs/conf.py`` to
allow for this. (internal)
|
|
|
|
|
|
|
|
that it is imported from pyramid. API docs can mention its inheritance from
webob (aka "Provide a webob.Response class facade for forward compat").
|
|
is sent as an event before a renderer is invoked (but after the
application-level renderer globals factory added via
``pyramid.configurator.configuration.set_renderer_globals_factory``, if any,
has injected its own keys). Applications may now subscribe to the
``IBeforeRender`` event type in order to introspect the and modify the set of
renderer globals before they are passed to a renderer. The event object
iself has a dictionary-like interface that can be used for this purpose. For
example::
from repoze.events import subscriber
from pyramid.interfaces import IRendererGlobalsEvent
@subscriber(IRendererGlobalsEvent)
def add_global(event):
event['mykey'] = 'foo'
If a subscriber attempts to add a key that already exist in the renderer
globals dictionary, a ``KeyError`` is raised. This limitation is due to the
fact that subscribers cannot be ordered relative to each other. The set of
keys added to the renderer globals dictionary by all subscribers and
app-level globals factories must be unique.
|
|
|
|
``signed_deserialize``.
|
|
|
|
|
|
|
|
that uses cookies
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
--------
- Compatibility with WebOb 1.0.
Requirements
------------
- Now requires WebOb >= 1.0.
Backwards Incompatibilities
---------------------------
- Due to changes introduced WebOb 1.0, the
``repoze.bfg.request.make_request_ascii`` event subscriber no longer
works, so it has been removed. This subscriber was meant to be used
in a deployment so that code written before BFG 0.7.0 could run
unchanged. At this point, such code will need to be rewritten to
expect Unicode from ``request.GET``, ``request.POST`` and
``request.params`` or it will need to be changed to use
``request.str_POST``, ``request.str_GET`` and/or
``request.str_params`` instead of the non-``str`` versions of same,
as the non-``str`` versions of the same APIs always now perform
decoding to Unicode.
|
|
``pregenerator`` argument. The pregenerator for the resulting route
is called by ``route_url`` in order to adjust the set of arguments
passed to it by the user for special purposes, such as Pylons
'subdomain' support. It will influence the URL returned by
``route_url``. See the ``repoze.bfg.interfaces.IRoutePregenerator``
interface for more information.
|
|
--------
- A ``request.matched_route`` attribute is now added to the request
when a route has matched. Its value is the "route" object that
matched (see the ``IRoute`` interface within
``repoze.bfg.interfaces`` API documentation for the API of a route
object).
- The ``exception`` attribute of the request is now set slightly
earlier and in a slightly different set of scenarios, for benefit of
"finished callbacks" and "response callbacks". In previous
versions, the ``exception`` attribute of the request was not set at
all if an exception view was not found. In this version, the
``request.exception`` attribute is set immediately when an exception
is caught by the router, even if an exception view could not be
found.
Backwards Incompatibilities
---------------------------
- The router no longer sets the value ``wsgiorg.routing_args`` into
the environ when a route matches. The value used to be something
like ``((), matchdict)``. This functionality was only ever
obliquely referred to in change logs; it was never documented as an
API.
- The ``exception`` attribute of the request now defaults to ``None``.
In prior versions, the ``request.exception`` attribute did not exist
if an exception was not raised by user code during request
processing; it only began existence once an exception view was
found.
Deprecations
------------
- References to the WSGI environment values ``bfg.routes.matchdict``
and ``bfg.routes.route`` were removed from documentation. These
will stick around internally for several more releases, but it is
``request.matchdict`` and ``request.matched_route`` are now the
"official" way to obtain the matchdict and the route object which
resulted in the match.
Documentation
-------------
- Added two sections to the "Hooks" chapter of the documentation:
"Using Response Callbacks" and "Using Finished Callbacks".
- Added documentation of the ``request.exception`` attribute to the
``repoze.bfg.request.Request`` API documentation.
- Added glossary entries for "response callback" and "finished
callback".
- The "Request Processing" narrative chapter has been updated to note
finished and response callback steps.
|
