From 267f2db66f514db43d0801237213799cd6797ee4 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@agendaless.com>
Date: Mon, 25 May 2009 00:27:08 +0000
Subject: Change the semantics of IForbiddenAppFactory.

---
 CHANGES.txt | 32 +++++++++++++++++++++++---------
 1 file changed, 23 insertions(+), 9 deletions(-)

(limited to 'CHANGES.txt')

diff --git a/CHANGES.txt b/CHANGES.txt
index fa9f44fb6..090c0f412 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -4,17 +4,30 @@ Next release
 Features
 --------
 
+- It is now possible to register a custom
+  ``repoze.bfg.interfaces.IForbiddenAppFactory`` for a given
+  application.  This feature replaces the
+  ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` feature previously
+  described in the Hooks chapter.  The IForbiddenAppFactory will be
+  called when the framework detects an authorization failure; it
+  should accept a context object and a request object; it should
+  return a WSGI application.  Read the below point for more info and
+  see the Hooks narrative chapter of the BFG docs for more info.
+
 - It is now possible to register a security policy that returns a
   customized ``Forbidden`` WSGI application when BFG cannot authorize
   an invocation of a view.  To this end, ISecurityPolicy objects must
-  now have a ``forbidden`` method.  This method should return a WSGI
-  application.  The returned WSGI application should generate a
-  response which is appropriate when access to a view resource was
-  forbidden by the security policy (e.g. perhaps a login page).
-  ``repoze.bfg`` is willing to operate with a custom security policy
-  that does not have a ``forbidden`` method, but it will issue a
-  warning; eventually security policies without a ``forbidden`` method
-  will cease to work under ``repoze.bfg``.
+  now have a ``forbidden`` method that accepts two arguments:
+  ``context`` and ``request``.  The ``context`` will be the context
+  found by the router, the ``request`` will be the current request.
+  This method should return a WSGI application.  The returned WSGI
+  application should generate a response which is appropriate when
+  access to a view resource was forbidden by the security policy
+  (e.g. perhaps a login page).  ``repoze.bfg`` is willing to operate
+  with a custom security policy that does not have a ``forbidden``
+  method, but it will issue a warning; eventually security policies
+  without a ``forbidden`` method will cease to work under
+  ``repoze.bfg``.
 
   Note that the ``forbidden`` WSGI application returned by the
   security policy is not used if a developer has registered an
@@ -43,7 +56,8 @@ Deprecations
 ------------
 
 - The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has
-  been renamed to ``repoze.bfg.interfaces.IForbiddenAppFactory``.
+  been deprecated in favor of using the new
+  ``repoze.bfg.interfaces.IForbiddenAppFactory`` mechanism.
 
 
 0.8.1 (2009-05-21)
-- 
cgit v1.2.3