| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
``__parent__`` of an object that claims it implements ILocation
during traversal even if the ``__name__`` or ``__parent__`` of the
object traversed does not match the name used in the traversal
step or the or the traversal parent . Rationale: it was insane to
do so. This bug was only found due to a misconfiguration in an
application that mistakenly had intermediate persistent
non-ILocation objects; traversal was causing a persistent write on
every request under this setup.
- ``repoze.bfg.location.locate`` now unconditionally sets
``__name__`` and ``__parent__`` on objects which provide ILocation
(it previously only set them conditionally if they didn't match
attributes already present on the object via equality).
Prep for 0.5.0.
|
|
where the template does not need to be wrapped in any containing
XML).
Prep for 0.4.9.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
API functions that act against models.
|
|
subscriber function in the events narrative documentation.
|
|
|
|
against a class rather than an interface.
|
|
|
|
``repoze.bfg.convention`` in context.
|
|
Retain old test as an integration test. Update documentation.
|
|
all generated URLs unless further elements are passed in as the
third and following arguments. Rationale: views often use
``model_url`` without the third-and-following arguments in order
to generate a URL for a model in order to point at the default
view of a model. The URL that points to the default view of the
*root* model is technically ``http://mysite/`` as opposed to
``http://mysite`` (browsers happen to ask for '/' implicitly in
the GET request). Because URLs are never automatically generated
for anything *except* models by ``model_url``, and because the
root model is not really special, we continue this pattern. The
impact of this change is minimal (at most you will have too many
slashes in your URL, which BFG deals with gracefully anyway).
Prep for 0.4.8.
|
|
style "object events" (subscribers accept more than a single event
argument). We extend the list with the arguments, rather than
append.
Prep for 0.4.7.
|
|
wrong value for the root object (e.g. ``model_path`` returned
``''`` for the root object, while it should have been returning
``'/'``).
Prep for 0.4.6.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Add minimal documentation of BFGTestCase.
|
|
- Added a ``repoze.bfg.testing`` module to attempt to make it
slightly easier to write unittest-based automated tests of BFG
applications. Information about this class is in the
documentation.
- The default template renderer now supports testing better by
looking for ``ITestingTemplateRenderer`` using a relative
pathname. This is exposed indirectly through the API named
``registerTemplate`` in ``repoze.bfg.testing``.
Deprecations
- The names ``repoze.bfg.interfaces.ITemplate`` ,
``repoze.bfg.interfaces.ITemplateFactory`` and
``repoze.bfg.interfaces.INodeTemplate`` have been deprecated.
These should now be imported as
``repoze.bfg.interfaces.ITemplateRenderer`` and
``repoze.bfg.interfaces.ITemplateRendererFactory``, and
``INodeTemplateRenderer`` respectively.
- The name ``repoze.bfg.chameleon_zpt.ZPTTemplateFactory`` is
deprecated. Use ``repoze.bfg.chameleon_zpt.ZPTTemplateRenderer``.
- The name ``repoze.bfg.chameleon_genshi.GenshiTemplateFactory`` is
deprecated. Use
``repoze.bfg.chameleon_genshi.GenshiTemplateRenderer``.
- The name ``repoze.bfg.xslt.XSLTemplateFactory`` is deprecated.
Use ``repoze.bfg.xslt.XSLTemplateRenderer``.
|
|
|
|
|
|
- The ``BFG_DEBUG_AUTHORIZATION`` envvar and the
``debug_authorization`` config file value now only imply debugging
of view-invoked security checks. Previously, information was
printed for every call to ``has_permission`` as well, which made
output confusing. To debug ``has_permission`` checks and other
manual permission checks, use the debugger and print statements in
your own code.
- Authorization debugging info is now only present in the HTTP
response body oif ``debug_authorization`` is true.
- The format of authorization debug messages was improved.
- A new ``BFG_DEBUG_NOTFOUND`` envvar was added and a symmetric
``debug_notfound`` config file value was added. When either is
true, and a NotFound response is returned by the BFG router
(because a view could not be found), debugging information is
printed to stderr. When this value is set true, the body of
HTTPNotFound responses will also contain the same debugging
information.
- ``Allowed`` and ``Denied`` responses from the security machinery
are now specialized into two types: ACL types, and non-ACL types.
The ACL-related responses are instances of
``repoze.bfg.security.ACLAllowed`` and
``repoze.bfg.security.ACLDenied``. The non-ACL-related responses
are ``repoze.bfg.security.Allowed`` and
``repoze.bfg.security.Denied``. The allowed-type responses
continue to evaluate equal to things that themselves evaluate
equal to the ``True`` boolean, while the denied-type responses
continue to evaluate equal to things that themselves evaluate
equal to the ``False`` boolean. The only difference between the
two types is the information attached to them for debugging
purposes.
- Added a new ``BFG_DEBUG_ALL`` envvar and a symmetric ``debug_all``
config file value. When either is true, all other debug-related
flags are set true unconditionally (e.g. ``debug_notfound`` and
``debug_authorization``).
Documentation
- Added info about debug flag changes.
- Added a section to the security chapter named "Debugging
Imperative Authorization Failures" (for e.g. ``has_permssion``).
|
|
server rather than ``PasteScript#cherrpy`` server. The cherrypy
server has a security risk in it when ``REMOTE_USER`` is trusted
by the downstream application.
|
|
|
|
view was found and called, but it returned something that did not
implement IResponse, the error would pass by unflagged. This was
noticed when I created a view function that essentially returned
None, but received a NotFound error rather than a ValueError when
the view was rendered. This was fixed.
|
|
|
|
|
|
|
|
|
|
|
|
|
