From 86ed4016ea6a681d4f579ace62cea032a679544d Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Sun, 24 May 2009 23:12:59 +0000 Subject: Features -------- - It is now possible to write a custom security policy that returns a customized ``Forbidden`` WSGI application when BFG cannot authorize an invocation of a view. To this end, ISecurityPolicy objects must now have a ``forbidden`` method. This method should return a WSGI application. The returned WSGI application should generate a response which is appropriate when access to a view resource was forbidden by the security policy (e.g. perhaps a login page). ``repoze.bfg`` is willing to operate with a custom security policy that does not have a ``forbidden`` method, but it will issue a warning; eventually security policies without a ``forbidden`` method will cease to work under ``repoze.bfg``. Note that the ``forbidden`` WSGI application returned by the security policy is not used if a developer has registered an IForbiddenAppFactory (see the "Hooks" narrative chapter); the explicitly registered IForbiddenAppFactory will be preferred over the (more general) security policy forbidden app factory. - All default security policies now have a ``forbidden`` callable attached to them. This particular callable returns a WSGI application which generates a ``401 Unauthorized`` response for backwards compatibility (had backwards compatibility not been an issue, this callable would have returned a WSGI app that generated a ``403 Forbidden`` response). Backwards Incompatibilities --------------------------- - Custom NotFound and Forbidden (nee' Unauthorized) WSGI applications (registered a a utility for INotFoundAppFactory and IUnauthorizedAppFactory) could rely on an environment key named ``message`` describing the circumstance of the response. This key has been renamed to ``repoze.bfg.message`` (as per the WSGI spec, which requires environment extensions to contain dots). Deprecations ------------ - The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has been renamed to ``repoze.bfg.interfaces.IForbiddenAppFactory``. --- CHANGES.txt | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) (limited to 'CHANGES.txt') diff --git a/CHANGES.txt b/CHANGES.txt index 40a810305..3650b674f 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,51 @@ +Next release +============ + +Features +-------- + +- It is now possible to write a custom security policy that returns a + customized ``Forbidden`` WSGI application when BFG cannot authorize + an invocation of a view. To this end, ISecurityPolicy objects must + now have a ``forbidden`` method. This method should return a WSGI + application. The returned WSGI application should generate a + response which is appropriate when access to a view resource was + forbidden by the security policy (e.g. perhaps a login page). + ``repoze.bfg`` is willing to operate with a custom security policy + that does not have a ``forbidden`` method, but it will issue a + warning; eventually security policies without a ``forbidden`` method + will cease to work under ``repoze.bfg``. + + Note that the ``forbidden`` WSGI application returned by the + security policy is not used if a developer has registered an + IForbiddenAppFactory (see the "Hooks" narrative chapter); the + explicitly registered IForbiddenAppFactory will be preferred over + the (more general) security policy forbidden app factory. + +- All default security policies now have a ``forbidden`` callable + attached to them. This particular callable returns a WSGI + application which generates a ``401 Unauthorized`` response for + backwards compatibility (had backwards compatibility not been an + issue, this callable would have returned a WSGI app that generated a + ``403 Forbidden`` response). + +Backwards Incompatibilities +--------------------------- + +- Custom NotFound and Forbidden (nee' Unauthorized) WSGI applications + (registered a a utility for INotFoundAppFactory and + IUnauthorizedAppFactory) could rely on an environment key named + ``message`` describing the circumstance of the response. This key + has been renamed to ``repoze.bfg.message`` (as per the WSGI spec, + which requires environment extensions to contain dots). + +Deprecations +------------ + +- The ``repoze.bfg.interfaces.IUnauthorizedAppFactory`` interface has + been renamed to ``repoze.bfg.interfaces.IForbiddenAppFactory``. + + 0.8.1 (2009-05-21) ================== -- cgit v1.2.3