From e25a70a7d1c2016eaeff9c630df9109e715bba3b Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Thu, 9 Sep 2010 17:46:49 +0000 Subject: Features -------- - In support of making it easier to configure applications which are "secure by default", a default permission feature was added. If supplied, the default permission is used as the permission string to all view registrations which don't otherwise name a permission. These APIs are in support of that: - A new constructor argument was added to the Configurator: ``default_permission``. - A new method was added to the Configurator: ``set_default_permission``. - A new ZCML directive was added: ``default_permission``. Documentation ------------- - Added documentation for the ``default_permission`` ZCML directive. - Added documentation for the ``default_permission`` constructor value and the ``set_default_permission`` method in the Configurator API documentation. - Added a new section to the "security" chapter named "Setting a Default Permission". - Document ``renderer_globals_factory`` and ``request_factory`` arguments to Configurator constructor. --- TODO.txt | 7 ------- 1 file changed, 7 deletions(-) (limited to 'TODO.txt') diff --git a/TODO.txt b/TODO.txt index 2a81a5741..ce29c9e46 100644 --- a/TODO.txt +++ b/TODO.txt @@ -62,10 +62,3 @@ - Change "Cleaning up After a Request" in the urldispatch chapter to use ``request.add_response_callback``. -- Add a default_view_permission setting: - - From IRC: if I use something like http://bfg.repoze.org/pastebin/764 - (does it even make any sense?), why do I still have to put - view_permission="something_random" inside every , so that - those alc's kick in? or am I doing it completely wrong? - -- cgit v1.2.3