Pyramid TODOs ============= Should-Have ----------- - Consider moving the call to _set_security_policies (and like params) after the initial commit, so that authn and authz policies specified by the user (and like settings) in the constructor override included ones. Rationale: I want the configurator to behave like someone did:: config = Configurator() config.set_foo(...) config.set_bar(..) when they do:: config = Config(foo=... bar=...) - Name WSGI app "main" instead of pipeline in scaffold configs? - Make another release of debug toolbar (has now redirects turned off by default so tutorials aren't weird). - Mention debug toolbar in tutorials. - Make it possible to use tween aliases in explicit tween config? If not, the tween factories of all add-ons must be APIs. - Merge Michael's route group work. - Deprecate pyramid.security.view_execution_permitted (it only works for traversal). - Debugging setting for detecting why authenticated_userid(request) might return None. - Make "localizer" a property of request (instead of requiring "get_localizer(request)"? - Create a ``current_route_path`` function and make it a method of request? - "static_path" API (omit host and port)? Nice-to-Have ------------ - Turn "config" into a package. - Kill off ``bfg.routes`` envvars in router. - Some sort of API for rendering a view callable object to a response from within another view callable. - 1.4: turn ``pyramid.settings.Settings`` into a function that returns the original dict (after ``__getattr__`` deprecation period, it was deprecated in 1.2). - Eliminate non-deployment-non-scaffold-related Paste dependencies: ``paste.urlparser.StaticURLParser``, ``paste.auth.auth_tkt`` (cutnpaste or reimplement both). - Alias the stupid long default session factory name. - Fix indirect circular import between router and config. - Add narrative docs for wsgiapp and wsgiapp2. - Provide a ``has_view`` function. - Debug option to print view matching decision (e.g. debug_viewlookup or so). - Speed up startup time (defer _bootstrap and registerCommonDirectives() until needed by ZCML, as well as unfound speedups). - Nicer Mako exceptions in debug toolbar. - Better "Extending" chapter. - Try to make test suite pass on IronPython. - Non-bwcompat use of threadlocals that need to be documented or ameliorated: security.principals_allowed_by_permission resource.OverrideProvider._get_overrides: can't credibly be removed, because it stores an overrideprovider as a module-scope global. traversal.traverse: this API is a stepchild, and needs to be changed. Configurator.add_translation_dirs: not passed any context but a message, can't credibly be removed. - Supply ``X-Vhm-Host`` support. - Basic WSGI documentation (pipeline / app / server). - Change docs about creating a venusian decorator to not use ZCA. - Try to better explain the relationship between a renderer and a template in the templates chapter and elsewhere. Scan the documentation for reference to a renderer as *only* view configuration (it's a larger concept now). - Create a ``render_view`` that works by using config.derive_view against an existing view instead of querying the registry. - Create a function which performs a recursive request. - Update App engine chapter with less creaky directions. Probably Bad Ideas ------------------ - Add functionality that mocks the behavior of ``repoze.browserid``. - Consider implementing the API outlined in http://plope.com/pyramid_auth_design_api_postmortem, phasing out the current auth-n-auth abstractions in a backwards compatible way. - Maybe add ``add_renderer_globals`` method to Configurator.