| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
``BFG_RELOAD_RESOURCES`` environment variable). When this is set to
true, the server never needs to be restarted when moving files
between directory resource overrides (esp. for templates currently).
- Add a ``reload_all`` configuration file setting (aka the
``BFG_RELOAD_ALL`` environment variable) that implies both
``reload_resources`` and ``reload_templates``.
- The ``static`` helper view class now uses a ``PackageURLParser`` in
order to allow for the overriding of static resources (CSS / logo
files, etc) using the ``resource`` ZCML directive. The
``PackageURLParser`` class was added to a (new) ``static`` module in
BFG; it is a subclass of the ``StaticURLParser`` class in
``paste.urlparser``.
- The ``repoze.bfg.templating.renderer_from_cache`` function now
checks for the ``reload_resources`` setting; if it's true, it does
not register a template renderer (it won't use the registry as a
template renderer cache).
- Add ``pkg_resources`` to the glossary.
- Update the "Environment" docs to note the existence of
``reload_resources`` and ``reload_all``.
- Use a colon instead of a tab as the separator between package name
and relpath to form the "spec" when register a ITemplateRenderer.
|
|
``BFG_UNICODE_PATH_SEGMENTS`` configuration variable have been
removed. Path segments are now always passed to model
``__getitem__`` methods as unicode. "True" has been the default for
this setting since 0.5.4, but changing this configuration setting to
false allowed you to go back to passing raw path element strings to
model ``__getitem__`` methods. This services a speed goal (we get
about +80 req/s by removing the check), and it's clearer just to
always expect unicode path segments in model ``__getitem__``
methods.
|
|
default traverser) always passed each URL path segment to any
``__getitem__`` method of a model object as a byte string (a
``str`` object). Now, by default the ModelGraphTraverser attempts
to decode the path segment to Unicode (a ``unicode`` object) using
the UTF-8 encoding before passing it to the ``__getitem__`` method
of a model object. This makes it possible for model objects to be
dumber in ``__getitem__`` when trying to resolve a subobject, as
model objects themselves no longer need to try to divine whether
or not to try to decode the path segment passed by the
traverser.
Note that since 0.5.4, URLs generated by repoze.bfg's
``model_url`` API will contain UTF-8 encoded path segments as
necessary, so any URL generated by BFG itself will be decodeable
by the traverser. If another application generates URLs to a BFG
application, to be resolved successully, it should generate the
URL with UTF-8 encoded path segments to be successfully resolved.
The decoder is not at all magical: if a non-UTF-8-decodeable path
segment (e.g. one encoded using UTF-16 or some other insanity) is
passed in the URL, BFG will raise a ``TypeError`` with a message
indicating it could not decode the path segment.
To turn on the older behavior, where path segments were not
decoded to Unicode before being passed to model object
``__getitem__`` by the traverser, and were passed as a raw byte
string, set the ``unicode_path_segments`` configuration setting to
a false value in your BFG application's section of the paste .ini
file, for example::
unicode_path_segments = False
Or start the application using the ``BFG_UNICODE_PATH_SEGMENT``
envvar set to a false value::
BFG_UNICODE_PATH_SEGMENTS=0
|
|
- The ``BFG_DEBUG_AUTHORIZATION`` envvar and the
``debug_authorization`` config file value now only imply debugging
of view-invoked security checks. Previously, information was
printed for every call to ``has_permission`` as well, which made
output confusing. To debug ``has_permission`` checks and other
manual permission checks, use the debugger and print statements in
your own code.
- Authorization debugging info is now only present in the HTTP
response body oif ``debug_authorization`` is true.
- The format of authorization debug messages was improved.
- A new ``BFG_DEBUG_NOTFOUND`` envvar was added and a symmetric
``debug_notfound`` config file value was added. When either is
true, and a NotFound response is returned by the BFG router
(because a view could not be found), debugging information is
printed to stderr. When this value is set true, the body of
HTTPNotFound responses will also contain the same debugging
information.
- ``Allowed`` and ``Denied`` responses from the security machinery
are now specialized into two types: ACL types, and non-ACL types.
The ACL-related responses are instances of
``repoze.bfg.security.ACLAllowed`` and
``repoze.bfg.security.ACLDenied``. The non-ACL-related responses
are ``repoze.bfg.security.Allowed`` and
``repoze.bfg.security.Denied``. The allowed-type responses
continue to evaluate equal to things that themselves evaluate
equal to the ``True`` boolean, while the denied-type responses
continue to evaluate equal to things that themselves evaluate
equal to the ``False`` boolean. The only difference between the
two types is the information attached to them for debugging
purposes.
- Added a new ``BFG_DEBUG_ALL`` envvar and a symmetric ``debug_all``
config file value. When either is true, all other debug-related
flags are set true unconditionally (e.g. ``debug_notfound`` and
``debug_authorization``).
Documentation
- Added info about debug flag changes.
- Added a section to the security chapter named "Debugging
Imperative Authorization Failures" (for e.g. ``has_permssion``).
|
|
- An "Environment and Configuration" chapter was added to the narrative
portion of the documentation.
Features
- Ensure bfg doesn't generate warnings when running under Python
2.6.
- The environment variable ``BFG_RELOAD_TEMPLATES`` is now available
(serves the same purpose as ``reload_templates`` in the config file).
- A new configuration file option ``debug_authorization`` was added.
This turns on printing of security authorization debug statements
to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment
variable was also added; this performs the same duty.
Bug Fixes
- The environment variable ``BFG_SECURITY_DEBUG`` did not always work.
It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed.
Deprecations
- A deprecation warning is now issued when old API names from the
``repoze.bfg.templates`` module are imported.
Backwards incompatibilities
- The ``BFG_SECURITY_DEBUG`` environment variable was renamed to
``BFG_DEBUG_AUTHORIZATION``.
|
