| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Fix registerModels to use the right traversal info names.
|
|
attached to the request object are always now tuples instead of
lists (performance).
|
|
a request that matches using URL dispatch. This feature was only
there to service the ``repoze.bfg.wsgi.wsgiapp2`` decorator and it
did it wrong; use ``*subpath`` instead now.
- The interface generation performed for named request factories had the
wrong base classes.
|
|
Traverser no longer returns matchdict.
|
|
and SCRIPT_NAME when a ``path_info`` key exists in the matchdict.
This used to be done in the traverser, which made no sense.
|
|
|
|
|
|
|
|
IAuthenticationPolicy/IForbiddenView/INotFoundView based on older
concepts from the router module's ``make_app`` function into the
``repoze.bfg.zcml.zcml_configure`` callable, to service
compatibility with scripts that use "zope.configuration.xmlconfig"
(replace with ``repoze.bfg.zml.zcml_configure`` as necessary to get
BBB logic)
|
|
directive can be used to name a view that should be invoked when the
request can't otherwise be resolved to a view callable. For example::
<notfound
view="helloworld.views.notfound_view"/>
- A new ZCML directive was added named ``forbidden``. This ZCML
directive can be used to name a view that should be invoked when a
view callable for a request is found, but cannot be invoked due to
an authorization failure. For example::
<forbidden
view="helloworld.views.forbidden_view"/>
|
|
|
|
|
|
|
|
a request object, instead of both a context and a request (which
still works, and always will). The following types work as views in
this style:
- functions that accept a single argument ``request``, e.g.::
def aview(request):
pass
- new and old-style classes that have an ``__init__`` method that
accepts ``self, request``, e.g.::
def View(object):
__init__(self, request):
pass
- Arbitrary callables that have a ``__call__`` method that accepts
``self, request``, e.g.::
def AView(object):
def __call__(self, request):
pass
view = AView()
This likely should have been the calling convention all along, as
the request has ``context`` as an attribute already, and with views
called as a result of URL dispatch, having the context in the
arguments is not very useful. C'est la vie.
|
|
``repoze.bfg.authentication.AuthTktAuthenticationPolicy``
constructor. If these are passed, cookies will be reset every so
often (cadged from the same change to repoze.who lately).
|
|
repoze.bfg.registry.get_registry -> repoze.bfg.threadlocal.get_current_registry
Remove getSiteManager from registry module.
|
|
on the request as the ``matchdict`` attribute:
``request.matchdict``. If no route matched, this attribute will be
None.
|
|
``environ["PATH_INFO"]`` on the notfound result page rather than the
fullly computed URL.
|
|
(``repoze.lru``).
|
|
# used routes (at least apps without any custom "context
# factory") in BFG 0.9.X and before
|
|
|
|
|
|
make that promise yet.
|
|
(``repoze.bfg.urldispatch.DefaultRoutesContext``) object now
subclasses from ``dict``. This means you can use the mapping
protocol in views against it.
|
|
derivation of values passed as the ``options`` value of
``repoze.bfg.router.make_app``. This API should be preferred
instead of using getUtility(ISettings). I added a new
``repoze.bfg.settings`` API document as well.
|
|
enough to be very helpful and had a misleading name.
|
|
should be used (**very sparingly**) to retrieve the "current"
request. See the ``repoze.bfg.request`` API documentation for more
information.
|
|
for use as a default context factory as documented in the "Hooks"
chapter.
|
|
alias for its ``condition_method`` argument for symmetry with the
``view`` directive.
|
|
|
|
``bfg_view`` decorators can now be one of the strings ``GET``,
``POST``, ``PUT``, ``DELETE``, or ``HEAD`` instead of a reference to
the respective interface type imported from
``repoze.bfg.interfaces``.
|
|
``repoze.bfg.wsgi.NotFound``, and ``repoze.bfg.wsgi.Unauthorized``.
These classes were disused with the introduction of the
``IUnauthorizedView`` and ``INotFoundView`` machinery.
|
|
unit tests.
|
|
non-response object now includes the view's name for troubleshooting
purposes.
- A "new response" event is emitted for forbiden and notfound views.
|
|
--------
- It is now possible to register a custom
``repoze.bfg.interfaces.INotFoundView`` for a given application.
This feature replaces the
``repoze.bfg.interfaces.INotFoundAppFactory`` feature previously
described in the Hooks chapter. The INotFoundView will be called
when the framework detects that a view lookup done as a result of a
reqest fails; it should accept a context object and a request
object; it should return an IResponse object (a webob response,
basically). See the Hooks narrative chapter of the BFG docs for
more info.
Deprecations
------------
- The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has
been deprecated in favor of using the new
``repoze.bfg.interfaces.IForbiddenResponseFactory`` mechanism.
|
|
``repoze.bfg.interfaces.IForbiddenView``.
|
|
``authenticated_userid`` function APIs in ``repoze.bfg.security``,
effectively a doing reversion to 0.8 and before behavior. Both
functions now again accept only the ``request`` parameter.
|
|
credentials from an auth_tkt cookie managed by the application
itself (instead of relying on an upstream data source for
authentication data). See the Security API chapter of the
documentation for more info.
- Allow RemoteUserAuthenticationPolicy and
RepozeWho1AuthenticationPolicy to accept various constructor
arguments. See the Security API chapter of the documentation for
more info.
|
|
obtains a WSGI application from a config file given a config file
name and a section name. See the ``repoze.bfg.paster`` API docs for
more information.
- Add a new module named ``scripting``. It contains a ``get_root``
API function, which, provided a Router instance, returns a traversal
root object and a "closer". See the ``repoze.bfg.scripting`` API
docs for more info.
|
|
package have been deprecated since version 0.3.8. Instead, import
``get_template``, ``render_template``, and
``render_template_to_response`` from the
``repoze.bfg.chameleon_zpt``module.
|
|
|
|
be used to get an interactive prompt with your BFG root object in
the global namespace. E.g.::
bin/paster bfgshell /path/to/myapp.ini myapp
See the ``Project`` chapter in the BFG documentation for more
information.
|
|
|
|
|
|
I'll do this work on the authchanges branch first.
|
|
``forbidden``) works properly.
|
|
|
|
|
|
--------
- It is now possible to write a custom security policy that returns a
customized ``Forbidden`` WSGI application when BFG cannot authorize
an invocation of a view. To this end, ISecurityPolicy objects must
now have a ``forbidden`` method. This method should return a WSGI
application. The returned WSGI application should generate a
response which is appropriate when access to a view resource was
forbidden by the security policy (e.g. perhaps a login page).
``repoze.bfg`` is willing to operate with a custom security policy
that does not have a ``forbidden`` method, but it will issue a
warning; eventually security policies without a ``forbidden`` method
will cease to work under ``repoze.bfg``.
Note that the ``forbidden`` WSGI application returned by the
security policy is not used if a developer has registered an
IForbiddenAppFactory (see the "Hooks" narrative chapter); the
explicitly registered IForbiddenAppFactory will be preferred over
the (more general) security policy forbidden app factory.
- All default security policies now have a ``forbidden`` callable
attached to them. This particular callable returns a WSGI
application which generates a ``401 Unauthorized`` response for
backwards compatibility (had backwards compatibility not been an
issue, this callable would have returned a WSGI app that generated a
``403 Forbidden`` response).
Backwards Incompatibilities
---------------------------
- Custom NotFound and Forbidden (nee' Unauthorized) WSGI applications
(registered a a utility for INotFoundAppFactory and
IUnauthorizedAppFactory) could rely on an environment key named
``message`` describing the circumstance of the response. This key
has been renamed to ``repoze.bfg.message`` (as per the WSGI spec,
which requires environment extensions to contain dots).
Deprecations
------------
- The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has
been renamed to ``repoze.bfg.interfaces.IForbiddenAppFactory``.
|
