| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2008-11-02 | Features | Chris McDonough | |
| - The ``BFG_DEBUG_AUTHORIZATION`` envvar and the ``debug_authorization`` config file value now only imply debugging of view-invoked security checks. Previously, information was printed for every call to ``has_permission`` as well, which made output confusing. To debug ``has_permission`` checks and other manual permission checks, use the debugger and print statements in your own code. - Authorization debugging info is now only present in the HTTP response body oif ``debug_authorization`` is true. - The format of authorization debug messages was improved. - A new ``BFG_DEBUG_NOTFOUND`` envvar was added and a symmetric ``debug_notfound`` config file value was added. When either is true, and a NotFound response is returned by the BFG router (because a view could not be found), debugging information is printed to stderr. When this value is set true, the body of HTTPNotFound responses will also contain the same debugging information. - ``Allowed`` and ``Denied`` responses from the security machinery are now specialized into two types: ACL types, and non-ACL types. The ACL-related responses are instances of ``repoze.bfg.security.ACLAllowed`` and ``repoze.bfg.security.ACLDenied``. The non-ACL-related responses are ``repoze.bfg.security.Allowed`` and ``repoze.bfg.security.Denied``. The allowed-type responses continue to evaluate equal to things that themselves evaluate equal to the ``True`` boolean, while the denied-type responses continue to evaluate equal to things that themselves evaluate equal to the ``False`` boolean. The only difference between the two types is the information attached to them for debugging purposes. - Added a new ``BFG_DEBUG_ALL`` envvar and a symmetric ``debug_all`` config file value. When either is true, all other debug-related flags are set true unconditionally (e.g. ``debug_notfound`` and ``debug_authorization``). Documentation - Added info about debug flag changes. - Added a section to the security chapter named "Debugging Imperative Authorization Failures" (for e.g. ``has_permssion``). | |||
| 2008-10-03 | Docs | Chris McDonough | |
| - An "Environment and Configuration" chapter was added to the narrative portion of the documentation. Features - Ensure bfg doesn't generate warnings when running under Python 2.6. - The environment variable ``BFG_RELOAD_TEMPLATES`` is now available (serves the same purpose as ``reload_templates`` in the config file). - A new configuration file option ``debug_authorization`` was added. This turns on printing of security authorization debug statements to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment variable was also added; this performs the same duty. Bug Fixes - The environment variable ``BFG_SECURITY_DEBUG`` did not always work. It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed. Deprecations - A deprecation warning is now issued when old API names from the ``repoze.bfg.templates`` module are imported. Backwards incompatibilities - The ``BFG_SECURITY_DEBUG`` environment variable was renamed to ``BFG_DEBUG_AUTHORIZATION``. | |||
| 2008-09-28 | (no commit message) | Chris McDonough | |
| 2008-09-28 | Features | Chris McDonough | |
| - A ``repoze.bfg.location`` API module was added. Backwards incompatibilities - Applications must now use the ``repoze.bfg.interfaces.ILocation`` interface rather than ``zope.location.interfaces.ILocation`` to represent that a model object is "location-aware". We've removed a dependency on ``zope.location`` for cleanliness purposes: as new versions of zope libraries are released which have improved dependency information, getting rid of our dependence on ``zope.location`` will prevent a newly installed repoze.bfg application from requiring the ``zope.security``, egg, which not truly used at all in a "stock" repoze.bfg setup. These dependencies are still required by the stack at this time; this is purely a futureproofing move. The security and model documentation for previous versions of ``repoze.bfg`` recommended using the ``zope.location.interfaces.ILocation`` interface to represent that a model object is "location-aware". This documentation has been changed to reflect that this interface should now be imported from ``repoze.bfg.interfaces.ILocation`` instead. | |||
| 2008-09-06 | Define ACE. | Chris McDonough | |
| 2008-09-06 | Dollar. | Chris McDonough | |
| 2008-09-06 | Info about debugging security failures. | Chris McDonough | |
| 2008-07-28 | (no commit message) | Chris McDonough | |
| 2008-07-28 | Tweaks. | Chris McDonough | |
| 2008-07-28 | Tweaks. | Chris McDonough | |
| 2008-07-26 | Tweaks. | Chris McDonough | |
| 2008-07-24 | Shunted jargon off to glossary. | Chris McDonough | |
| 2008-07-21 | ACL stuff. | Chris McDonough | |
| 2008-07-18 | Dammit. | Chris McDonough | |
| 2008-07-18 | Add the beginnings of security docs. | Chris McDonough | |
 |
index : pyramid | |
| Pyramid web framework (fork of https://github.com/Pylons/pyramid). | Daniel |
| summaryrefslogtreecommitdiff |