RedHatTraining/pyramid.git

Steve Piercy

2016-01-29 e95f5cf14a9d1061a79994104b8c4280e1b12f94

commit \| author \| age
5d856d	1	1.4.10 (unreleased)
TS	2	===================
	3
	4	- Ensure that ``pyramid.httpexceptions.exception_response`` returns the
	5	appropriate "concreate" class for ``400`` and ``500`` status codes.
	6
92a087	7	- ``pyramid.httpexceptions.HTTPException`` now defaults to
MM	8	``520 Unknown Error`` instead of ``None None`` to conform with changes in
	9	WebOb 1.5.
	10	See https://github.com/Pylons/pyramid/pull/1865
	11
22f408	12	1.4.9 (2015-04-28)
2b6576	13	==================
166879	14
MM	15	- Further fix the JSONP renderer by prefixing the returned content with
	16	a comment. This should mitigate attacks from Flash (See CVE-2014-4671).
	17	See https://github.com/Pylons/pyramid/pull/1647
	18
	19	- Allow periods and brackets (``[]``) in the JSONP callback. The original
	20	fix was overly-restrictive and broke Angular.
	21	See https://github.com/Pylons/pyramid/pull/1647
	22
b7cdd6	23	1.4.8 (2015-04-14)
MM	24	==================
	25
	26	- 1.4.7 had some missing files.
	27
3fa1b7	28	1.4.7 (2015-04-14)
CM	29	==================
	30
	31	- The JSONP renderer created JavaScript code in such a way that a callback
	32	variable could be used to arbitrarily inject javascript into the response
	33	object. https://github.com/Pylons/pyramid/pull/1626
	34
01138a	35	1.4.6 (2014-05-31)
MM	36	==================
c5ccaf	37
DH	38	Bug Fixes
	39	---------
01138a	40
55560c	41	- Allow ``config.add_route_predicate`` and ``config.add_view_predicate`` to
MM	42	accept an importable dotted-string for the ``factory`` argument.
	43
c5ccaf	44	- Fix an exception in ``package_name()`` when resolving the package
DH	45	name for namespace packages.
	46
28f6e9	47	1.4.5 (2013-08-30)
MJ	48	==================
0cc839	49
c455ea	50	Bug Fixes
CM	51	---------
	52
595034	53	- The ``alchemy`` scaffold would break when the database was MySQL during
CM	54	tables creation. See https://github.com/Pylons/pyramid/pull/1049. Backport
	55	from master.
	56
c455ea	57	- It was not possible to use ``pyramid.httpexceptions.HTTPException`` as
CM	58	the ``context`` of an exception view as very general catchall for
	59	http-related exceptions when you wanted that exception view to override the
	60	default exception view. See https://github.com/Pylons/pyramid/issues/985.
	61	Backport from master.
	62
0cc839	63	- When the ``pyramid.reload_templates`` setting was true, and a Chameleon
CM	64	template was reloaded, and the renderer specification named a macro
	65	(e.g. ``foo#macroname.pt``), renderings of the template after the template
	66	was reloaded due to a file change would produce the entire template body
	67	instead of just a rendering of the macro. See
c455ea	68	https://github.com/Pylons/pyramid/issues/1013. Backport from master.
0cc839	69
ae6135	70	- Fixed a Mako renderer bug returning a tuple with a previous defname value
BL	71	in some circumstances. See https://github.com/Pylons/pyramid/issues/1037 for
	72	more information. Backport from master.
	73
6aabdd	74	- Make ``pserve.cherrypy_server_runner`` Python 3 compatible. See
TL	75	https://github.com/Pylons/pyramid/issues/718. Backport from master.
	76
e20c7c	77	1.4.4 (2013-08-27)
CM	78	==================
458095	79
CM	80	Bug Fixes
	81	---------
	82
	83	- Fix an obscure problem when combining a virtual root with a route with a
	84	``*traverse`` in its pattern. Now the traversal path generated in
	85	such a configuration will be correct, instead of an element missing
	86	a leading slash.
	87
0a842c	88	1.4.3 (2013-07-18)
CM	89	==================
	90
	91	Bug Fixes
	92	---------
b54f6d	93
CM	94	- ``pyramid.testing.DummyResource`` didn't define ``__bool__``, so code under
0cc839	95	Python 3 would use ``__len__`` to find truthiness; this usually caused an
9c2424	96	instance of DummyResource to be "falsy" instead of "truthy". See
CM	97	https://github.com/Pylons/pyramid/pull/1032
b54f6d	98
e63bda	99	1.4.2 (2013-05-21)
CM	100	==================
	101
	102	Bug Fixes
	103	---------
bdc928	104
bcecb6	105	- ``mako_templating``: added defensive workaround for non-importability of
CM	106	``mako`` due to upstream ``markupsafe`` dropping Python 3.2 support. Mako
	107	templating will no longer work under the combination of MarkupSafe 0.17 and
	108	Python 3.2 (although the combination of MarkupSafe 0.17 and Python 3.3 or any
	109	supported Python 2 version will work OK).
bdc928	110
8ebdc0	111	- Make the ``pyramid.config.assets.PackageOverrides`` object implement the API
TS	112	for ``__loader__`` objects specified in PEP 302. Proxies to the
	113	``__loader__`` set by the importer, if present; otherwise, raises
	114	``NotImplementedError``. This makes Pyramid static view overrides work
	115	properly under Python 3.3 (previously they would not). See
	116	https://github.com/Pylons/pyramid/pull/1015 for more information.
	117
17d80b	118	1.4.1 (2013-04-23)
39695d	119	==================
MM	120
	121	Bug Fixes
	122	---------
	123
	124	- Spaces and dots may now be in mako renderer template paths. This was
	125	broken when support for the new makodef syntax was added in 1.4a1.
	126	See https://github.com/Pylons/pyramid/issues/950
	127
f89644	128	- ``pyramid.debug_authorization=true`` will now correctly print out
MM	129	``Allowed`` for views registered with ``NO_PERMISSION_REQUIRED`` instead
	130	of invoking the ``permits`` method of the authorization policy.
	131	See https://github.com/Pylons/pyramid/issues/954
	132
0f1f51	133	- Pyramid failed to install on some systems due to being packaged with
MM	134	some test files containing higher order characters in their names. These
	135	files have now been removed. See
	136	https://github.com/Pylons/pyramid/issues/981
	137
96ab9f	138	1.4 (2012-12-18)
CM	139	================
758fa2	140
CM	141	Docs
	142	----
	143
	144	- Fix functional tests in the ZODB tutorial
	145
e609e1	146	1.4b3 (2012-12-10)
CM	147	==================
	148
	149	- Packaging release only, no code changes. 1.4b2 was a brownbag release due to
	150	missing directories in the tarball.
	151
a7e0e6	152	1.4b2 (2012-12-10)
CM	153	==================
	154
	155	Docs
	156	----
	157
	158	- Scaffolding is now PEP-8 compliant (at least for a brief shining moment).
	159
	160	- Tutorial improvements.
ed1419	161
MM	162	Backwards Incompatibilities
	163	---------------------------
	164
	165	- Modified the ``_depth`` argument to ``pyramid.view.view_config`` to accept
	166	a value relative to the invocation of ``view_config`` itself. Thus, when it
	167	was previously expecting a value of ``1`` or greater, to reflect that
	168	the caller of ``view_config`` is 1 stack frame away from ``venusian.attach``,
	169	this implementation detail is now hidden.
	170
a078e1	171	- Modified the ``_backframes`` argument to ``pyramid.util.action_method`` in a
CM	172	similar way to the changes described to ``_depth`` above. This argument
	173	remains undocumented, but might be used in the wild by some insane person.
	174
1608b2	175	1.4b1 (2012-11-21)
CM	176	==================
0ccdc2	177
71cd93	178	Features
CM	179	--------
	180
	181	- Small microspeed enhancement which anticipates that a
	182	``pyramid.response.Response`` object is likely to be returned from a view.
	183	Some code is shortcut if the class of the object returned by a view is this
	184	class. A similar microoptimization was done to
	185	``pyramid.request.Request.is_response``.
	186
9132f6	187	- Make it possible to use variable arguments on ``p*`` commands (``pserve``,
CM	188	``pshell``, ``pviews``, etc) in the form ``a=1 b=2`` so you can fill in
	189	values in parameterized ``.ini`` file, e.g. ``pshell etc/development.ini
6ba0fc	190	http_port=8080``. See https://github.com/Pylons/pyramid/pull/714
9132f6	191
f700d3	192	- A somewhat advanced and obscure feature of Pyramid event handlers is their
CM	193	ability to handle "multi-interface" notifications. These notifications have
	194	traditionally presented multiple objects to the subscriber callable. For
	195	instance, if an event was sent by code like this::
28fc3d	196
CM	197	registry.notify(event, context)
	198
	199	In the past, in order to catch such an event, you were obligated to write and
	200	register an event subscriber that mentioned both the event and the context in
	201	its argument list::
	202
	203	@subscriber([SomeEvent, SomeContextType])
f700d3	204	def asubscriber(event, context):
28fc3d	205	pass
CM	206
f700d3	207	In many subscriber callables registered this way, it was common for the logic
CM	208	in the subscriber callable to completely ignore the second and following
	209	arguments (e.g. ``context`` in the above example might be ignored), because
	210	they usually existed as attributes of the event anyway. You could usually
a3810e	211	get the same value by doing ``event.context`` or similar.
f700d3	212
CM	213	The fact that you needed to put an extra argument which you usually ignored
	214	in the subscriber callable body was only a minor annoyance until we added
a3810e	215	"subscriber predicates", used to narrow the set of circumstances under which
CM	216	a subscriber will be executed, in a prior 1.4 alpha release. Once those were
	217	added, the annoyance was escalated, because subscriber predicates needed to
	218	accept the same argument list and arity as the subscriber callables that they
	219	were configured against. So, for example, if you had these two subscriber
	220	registrations in your code::
28fc3d	221
CM	222	@subscriber([SomeEvent, SomeContextType])
f700d3	223	def asubscriber(event, context):
CM	224	pass
	225
	226	@subscriber(SomeOtherEvent)
	227	def asubscriber(event):
	228	pass
ae6135	229
f700d3	230	And you wanted to use a subscriber predicate::
CM	231
	232	@subscriber([SomeEvent, SomeContextType], mypredicate=True)
a3810e	233	def asubscriber1(event, context):
f700d3	234	pass
CM	235
	236	@subscriber(SomeOtherEvent, mypredicate=True)
a3810e	237	def asubscriber2(event):
f700d3	238	pass
CM	239
a3810e	240	If an existing ``mypredicate`` subscriber predicate had been written in such
CM	241	a way that it accepted only one argument in its ``__call__``, you could not
	242	use it against a subscription which named more than one interface in its
	243	subscriber interface list. Similarly, if you had written a subscriber
	244	predicate that accepted two arguments, you couldn't use it against a
	245	registration that named only a single interface type.
	246
	247	For example, if you created this predicate::
f700d3	248
CM	249	class MyPredicate(object):
	250	# portions elided...
	251	def __call__(self, event):
	252	return self.val == event.context.foo
	253
a3810e	254	It would not work against a multi-interface-registered subscription, so in
CM	255	the above example, when you attempted to use it against ``asubscriber1``, it
	256	would fail at runtime with a TypeError, claiming something was attempting to
	257	call it with too many arguments.
f700d3	258
a3810e	259	To hack around this limitation, you were obligated to design the
CM	260	``mypredicate`` predicate to expect to receive in its ``__call__`` either a
	261	single ``event`` argument (a SomeOtherEvent object) or a pair of arguments
	262	(a SomeEvent object and a SomeContextType object), presumably by doing
	263	something like this::
f700d3	264
CM	265	class MyPredicate(object):
	266	# portions elided...
	267	def __call__(self, event, context=None):
	268	return self.val == event.context.foo
	269
	270	This was confusing and bad.
	271
	272	In order to allow people to ignore unused arguments to subscriber callables
	273	and to normalize the relationship between event subscribers and subscriber
	274	predicates, we now allow both subscribers and subscriber predicates to accept
	275	only a single ``event`` argument even if they've been subscribed for
	276	notifications that involve multiple interfaces. Subscribers and subscriber
	277	predicates that accept only one argument will receive the first object passed
	278	to ``notify``; this is typically (but not always) the event object. The
	279	other objects involved in the subscription lookup will be discarded. You can
	280	now write an event subscriber that accepts only ``event`` even if it
	281	subscribes to multiple interfaces::
	282
	283	@subscriber([SomeEvent, SomeContextType])
	284	def asubscriber(event):
28fc3d	285	# this will work!
CM	286
f700d3	287	This prevents you from needing to match the subscriber callable parameters to
CM	288	the subscription type unnecessarily, especially when you don't make use of
	289	any argument in your subscribers except for the event object itself.
	290
	291	Note, however, that if the event object is not the first
	292	object in the call to ``notify``, you'll run into trouble. For example, if
	293	notify is called with the context argument first::
28fc3d	294
CM	295	registry.notify(context, event)
	296
f700d3	297	You won't be able to take advantage of the event-only feature. It will
CM	298	"work", but the object received by your event handler won't be the event
	299	object, it will be the context object, which won't be very useful::
28fc3d	300
CM	301	@subscriber([SomeContextType, SomeEvent])
f700d3	302	def asubscriber(event):
ae6135	303	# bzzt! you'll be getting the context here as ``event``, and it'll
28fc3d	304	# be useless
CM	305
	306	Existing multiple-argument subscribers continue to work without issue, so you
	307	should continue use those if your system notifies using multiple interfaces
	308	and the first interface is not the event interface. For example::
	309
	310	@subscriber([SomeContextType, SomeEvent])
f700d3	311	def asubscriber(context, event):
28fc3d	312	# this will still work!
CM	313
	314	The event-only feature makes it possible to use a subscriber predicate that
	315	accepts only a request argument within both multiple-interface subscriber
f700d3	316	registrations and single-interface subscriber registrations. You needn't
CM	317	make slightly different variations of predicates depending on the
	318	subscription type arguments. Instead, just write all your subscriber
	319	predicates so they only accept ``event`` in their ``__call__`` and they'll be
	320	useful across all registrations for subscriptions that use an event as their
	321	first argument, even ones which accept more than just ``event``.
28fc3d	322
f700d3	323	However, the same caveat applies to predicates as to subscriber callables: if
CM	324	you're subscribing to a multi-interface event, and the first interface is not
	325	the event interface, the predicate won't work properly. In such a case,
	326	you'll need to match the predicate ``__call__`` argument ordering and
	327	composition to the ordering of the interfaces. For example, if the
	328	registration for the subscription uses ``[SomeContext, SomeEvent]``, you'll
	329	need to reflect that in the ordering of the parameters of the predicate's
	330	``__call__`` method::
28fc3d	331
CM	332	def __call__(self, context, event):
	333	return event.request.path.startswith(self.val)
	334
f700d3	335	tl;dr: 1) When using multi-interface subscriptions, always use the event type
CM	336	as the first subscription registration argument and 2) When 1 is true, use
	337	only ``event`` in your subscriber and subscriber predicate parameter lists,
	338	no matter how many interfaces the subscriber is notified with. This
	339	combination will result in the maximum amount of reusability of subscriber
	340	predicates and the least amount of thought on your part. Drink responsibly.
28fc3d	341
0ccdc2	342	Bug Fixes
CM	343	---------
	344
	345	- A failure when trying to locate the attribute ``__text__`` on route and view
	346	predicates existed when the ``debug_routematch`` setting was true or when the
	347	``pviews`` command was used. See https://github.com/Pylons/pyramid/pull/727
	348
b5e444	349	Documentation
CM	350	-------------
	351
	352	- Sync up tutorial source files with the files that are rendered by the
	353	scaffold that each uses.
	354
948068	355	1.4a4 (2012-11-14)
CM	356	==================
c7337b	357
CM	358	Features
	359	--------
	360
19b820	361	- ``pyramid.authentication.AuthTktAuthenticationPolicy`` has been updated to
MM	362	support newer hashing algorithms such as ``sha512``. Existing applications
39ef68	363	should consider updating if possible for improved security over the default
CM	364	md5 hashing.
19b820	365
c7337b	366	- Added an ``effective_principals`` route and view predicate.
CM	367
07c9ee	368	- Do not allow the userid returned from the ``authenticated_userid`` or the
CM	369	userid that is one of the list of principals returned by
	370	``effective_principals`` to be either of the strings ``system.Everyone`` or
	371	``system.Authenticated`` when any of the built-in authorization policies that
	372	live in ``pyramid.authentication`` are in use. These two strings are
	373	reserved for internal usage by Pyramid and they will not be accepted as valid
	374	userids.
	375
ca4656	376	- Slightly better debug logging from
MM	377	``pyramid.authentication.RepozeWho1AuthenticationPolicy``.
47146e	378
39ef68	379	- ``pyramid.security.view_execution_permitted`` used to return ``True`` if no
926fb6	380	view could be found. It now raises a ``TypeError`` exception in that case, as
CM	381	it doesn't make sense to assert that a nonexistent view is
	382	execution-permitted. See https://github.com/Pylons/pyramid/issues/299.
cb745b	383
a8d71c	384	- Allow a ``_depth`` argument to ``pyramid.view.view_config``, which will
CM	385	permit limited composition reuse of the decorator by other software that
	386	wants to provide custom decorators that are much like view_config.
	387
170124	388	- Allow an iterable of decorators to be passed to
MM	389	``pyramid.config.Configurator.add_view``. This allows views to be wrapped
	390	by more than one decorator without requiring combining the decorators
	391	yourself.
	392
a007a4	393	Bug Fixes
CM	394	---------
	395
	396	- In the past if a renderer returned ``None``, the body of the resulting
	397	response would be set explicitly to the empty string. Instead, now, the body
	398	is left unchanged, which allows the renderer to set a body itself by using
	399	e.g. ``request.response.body = b'foo'``. The body set by the renderer will
	400	be unmolested on the way out. See
	401	https://github.com/Pylons/pyramid/issues/709
	402
34d4cd	403	- In uncommon cases, the ``pyramid_excview_tween_factory`` might have
CM	404	inadvertently raised a ``KeyError`` looking for ``request_iface`` as an
	405	attribute of the request. It no longer fails in this case. See
	406	https://github.com/Pylons/pyramid/issues/700
048754	407
267dbd	408	- Be more tolerant of potential error conditions in ``match_param`` and
CM	409	``physical_path`` predicate implementations; instead of raising an exception,
	410	return False.
	411
39ef68	412	- ``pyramid.view.render_view`` was not functioning properly under Python 3.x
CM	413	due to a byte/unicode discrepancy. See
f89cfc	414	http://github.com/Pylons/pyramid/issues/721
MM	415
ca3df8	416	Deprecations
MM	417	------------
	418
39ef68	419	- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning if
CM	420	an application is using the policy without explicitly passing a ``hashalg``
	421	argument. This is because the default is "md5" which is considered
	422	theoretically subject to collision attacks. If you really want "md5" then you
	423	must specify it explicitly to get rid of the warning.
	424
	425	Documentation
	426	-------------
	427
	428	- All of the tutorials that use
	429	``pyramid.authentication.AuthTktAuthenticationPolicy`` now explicitly pass
	430	``sha512`` as a ``hashalg`` argument.
	431
ca3df8	432
66fe1d	433	Internals
CM	434	---------
	435
	436	- Move ``TopologicalSorter`` from ``pyramid.config.util`` to ``pyramid.util``,
	437	move ``CyclicDependencyError`` from ``pyramid.config.util`` to
	438	``pyramid.exceptions``, rename ``Singleton`` to ``Sentinel`` and move from
ca4656	439	``pyramid.config.util`` to ``pyramid.util``; this is in an effort to
048754	440	move that stuff that may be an API one day out of ``pyramid.config.util``,
66fe1d	441	because that package should never be imported from non-Pyramid code.
CM	442	TopologicalSorter is still not an API, but may become one.
	443
39ef68	444	- Get rid of shady monkeypatching of ``pyramid.request.Request`` and
CM	445	``pyramid.response.Response`` done within the ``__init__.py`` of Pyramid.
	446	Webob no longer relies on this being done. Instead, the ResponseClass
	447	attribute of the Pyramid Request class is assigned to the Pyramid response
	448	class; that's enough to satisfy WebOb and behave as it did before with the
	449	monkeypatching.
	450
4a6cca	451	1.4a3 (2012-10-26)
CM	452	==================
d6fb00	453
CM	454	Bug Fixes
	455	---------
	456
06a904	457	- The match_param predicate's text method was fixed to sort its values.
CM	458	Part of https://github.com/Pylons/pyramid/pull/705
	459
d6fb00	460	- 1.4a ``pyramid.scripting.prepare`` behaved differently than 1.3 series
CM	461	function of same name. In particular, if passed a request, it would not
	462	set the ``registry`` attribute of the request like 1.3 did. A symptom
	463	would be that passing a request to ``pyramid.paster.bootstrap`` (which uses
	464	the function) that did not have a ``registry`` attribute could assume that
	465	the registry would be attached to the request by Pyramid. This assumption
	466	could be made in 1.3, but not in 1.4. The assumption can now be made in
	467	1.4 too (a registry is attached to a request passed to bootstrap or
	468	prepare).
	469
66d277	470	- When registering a view configuration that named a Chameleon ZPT renderer
CM	471	with a macro name in it (e.g. ``renderer='some/template#somemacro.pt``) as
043ccd	472	well as a view configuration without a macro name in it that pointed to the
9937a4	473	same template (e.g. ``renderer='some/template.pt'``), internal caching could
66d277	474	confuse the two, and your code might have rendered one instead of the
CM	475	other.
	476
1273d5	477	Features
CM	478	--------
	479
c25a8f	480	- Allow multiple values to be specified to the ``request_param`` view/route
CM	481	predicate as a sequence. Previously only a single string value was allowed.
	482	See https://github.com/Pylons/pyramid/pull/705
	483
	484	- Comments with references to documentation sections placed in scaffold
	485	``.ini`` files.
	486
	487	- Added an HTTP Basic authentication policy
	488	at ``pyramid.authentication.BasicAuthAuthenticationPolicy``.
	489
1273d5	490	- The Configurator ``testing_securitypolicy`` method now returns the policy
CM	491	object it creates.
	492
	493	- The Configurator ``testing_securitypolicy`` method accepts two new
	494	arguments: ``remember_result`` and ``forget_result``. If supplied, these
	495	values influence the result of the policy's ``remember`` and ``forget``
	496	methods, respectively.
	497
	498	- The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a
	499	``forgotten`` value on the policy (the value ``True``) when its ``forget``
	500	method is called.
	501
	502	- The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a
	503	``remembered`` value on the policy, which is the value of the ``principal``
	504	argument it's called with when its ``remember`` method is called.
	505
c25a8f	506	- New ``physical_path`` view predicate. If specified, this value should be a
CM	507	string or a tuple representing the physical traversal path of the context
	508	found via traversal for this predicate to match as true. For example:
	509	``physical_path='/'`` or ``physical_path='/a/b/c'`` or ``physical_path=('',
	510	'a', 'b', 'c')``. This is not a path prefix match or a regex, it's a
	511	whole-path match. It's useful when you want to always potentially show a
	512	view when some object is traversed to, but you can't be sure about what kind
	513	of object it will be, so you can't use the ``context`` predicate. The
	514	individual path elements inbetween slash characters or in tuple elements
	515	should be the Unicode representation of the name of the resource and should
	516	not be encoded in any way.
	517
072cbf	518	1.4a2 (2012-09-27)
CM	519	==================
68c25d	520
d27bc7	521	Bug Fixes
CM	522	---------
	523
4388d3	524	- When trying to determine Mako defnames and Chameleon macro names in asset
CM	525	specifications, take into account that the filename may have a hyphen in
	526	it. See https://github.com/Pylons/pyramid/pull/692
d27bc7	527
68c25d	528	Features
CM	529	--------
	530
	531	- A new ``pyramid.session.check_csrf_token`` convenience function was added.
	532
80cd0b	533	- A ``check_csrf`` view predicate was added. For example, you can now do
CM	534	``config.add_view(someview, check_csrf=True)``. When the predicate is
	535	checked, if the ``csrf_token`` value in ``request.params`` matches the CSRF
	536	token in the request's session, the view will be permitted to execute.
	537	Otherwise, it will not be permitted to execute.
68c25d	538
098599	539	- Add ``Base.metadata.bind = engine`` to alchemy template, so that tables
CM	540	defined imperatively will work.
	541
	542	Documentation
	543	-------------
	544
	545	- update wiki2 SQLA tutorial with the changes required after inserting
	546	``Base.metadata.bind = engine`` into the alchemy scaffold.
	547
ce1e86	548	1.4a1 (2012-09-16)
CM	549	==================
f6bd88	550
a39dd2	551	Bug Fixes
CM	552	---------
	553
1794b4	554	- Forward port from 1.3 branch: When no authentication policy was configured,
CM	555	a call to ``pyramid.security.effective_principals`` would unconditionally
	556	return the empty list. This was incorrect, it should have unconditionally
	557	returned ``[Everyone]``, and now does.
8782de	558
3074e7	559	- Explicit url dispatch regexes can now contain colons.
CM	560	https://github.com/Pylons/pyramid/issues/629
	561
e65251	562	- On at least one 64-bit Ubuntu system under Python 3.2, using the
CM	563	``view_config`` decorator caused a ``RuntimeError: dictionary changed size
	564	during iteration`` exception. It no longer does. See
	565	https://github.com/Pylons/pyramid/issues/635 for more information.
	566
8b2675	567	- In Mako Templates lookup, check if the uri is already adjusted and bring
BL	568	it back to an asset spec. Normally occurs with inherited templates or
	569	included components.
	570	https://github.com/Pylons/pyramid/issues/606
	571	https://github.com/Pylons/pyramid/issues/607
	572
ae6135	573	- In Mako Templates lookup, check for absolute uri (using mako directories)
7853bc	574	when mixing up inheritance with asset specs.
BL	575	https://github.com/Pylons/pyramid/issues/662
	576
75a8ff	577	- HTTP Accept headers were not being normalized causing potentially
MM	578	conflicting view registrations to go unnoticed. Two views that only
	579	differ in the case ('text/html' vs. 'text/HTML') will now raise an error.
	580	https://github.com/Pylons/pyramid/pull/620
	581
a9289d	582	- Forward-port from 1.3 branch: when registering multiple views with an
CM	583	``accept`` predicate in a Pyramid application runing under Python 3, you
	584	might have received a ``TypeError: unorderable types: function() <
	585	function()`` exception.
	586
de797c	587	Features
CM	588	--------
a39dd2	589
d24659	590	- Configurator.add_directive now accepts arbitrary callables like partials or
CM	591	objects implementing ``__call__`` which dont have ``__name__`` and
	592	``__doc__`` attributes. See https://github.com/Pylons/pyramid/issues/621
	593	and https://github.com/Pylons/pyramid/pull/647.
	594
95f766	595	- Third-party custom view, route, and subscriber predicates can now be added
CM	596	for use by view authors via
	597	``pyramid.config.Configurator.add_view_predicate``,
	598	``pyramid.config.Configurator.add_route_predicate`` and
	599	``pyramid.config.Configurator.add_subscriber_predicate``. So, for example,
0196b2	600	doing this::
CM	601
	602	config.add_view_predicate('abc', my.package.ABCPredicate)
	603
	604	Might allow a view author to do this in an application that configured that
	605	predicate::
	606
	607	@view_config(abc=1)
	608
95f766	609	Similar features exist for ``add_route``, and ``add_subscriber``. See
CM	610	"Adding A Third Party View, Route, or Subscriber Predicate" in the Hooks
	611	chapter for more information.
0196b2	612
735abf	613	Note that changes made to support the above feature now means that only
CM	614	actions registered using the same "order" can conflict with one another.
	615	It used to be the case that actions registered at different orders could
	616	potentially conflict, but to my knowledge nothing ever depended on this
	617	behavior (it was a bit silly).
	618
de797c	619	- Custom objects can be made easily JSON-serializable in Pyramid by defining
CM	620	a ``__json__`` method on the object's class. This method should return
	621	values natively serializable by ``json.dumps`` (such as ints, lists,
	622	dictionaries, strings, and so forth).
077fa3	623
e012aa	624	- The JSON renderer now allows for the definition of custom type adapters to
CM	625	convert unknown objects to JSON serializations.
	626
360f25	627	- As of this release, the ``request_method`` predicate, when used, will also
CM	628	imply that ``HEAD`` is implied when you use ``GET``. For example, using
	629	``@view_config(request_method='GET')`` is equivalent to using
561a44	630	``@view_config(request_method=('GET', 'HEAD'))``. Using
360f25	631	``@view_config(request_method=('GET', 'POST')`` is equivalent to using
CM	632	``@view_config(request_method=('GET', 'HEAD', 'POST')``. This is because
	633	HEAD is a variant of GET that omits the body, and WebOb has special support
	634	to return an empty body when a HEAD is used.
15c40a	635
023c88	636	- ``config.add_request_method`` has been introduced to support extending
2c2534	637	request objects with arbitrary callables. This method expands on the
MM	638	previous ``config.set_request_property`` by supporting methods as well as
	639	properties. This method now causes less code to be executed at
	640	request construction time than ``config.set_request_property`` in
	641	version 1.3.
fcb209	642
2c2534	643	- Don't add a ``?`` to URLs generated by ``request.resource_url`` if the
fcb209	644	``query`` argument is provided but empty.
CM	645
2c2534	646	- Don't add a ``?`` to URLs generated by ``request.route_url`` if the
fcb209	647	``_query`` argument is provided but empty.
988035	648
CM	649	- The static view machinery now raises (rather than returns) ``HTTPNotFound``
	650	and ``HTTPMovedPermanently`` exceptions, so these can be caught by the
	651	NotFound view (and other exception views).
ea009a	652
54d3e3	653	- The Mako renderer now supports a def name in an asset spec. When the def
8b55a6	654	name is present in the asset spec, the system will render the template def
CM	655	within the template and will return the result. An example asset spec is
	656	``package:path/to/template#defname.mako``. This will render the def named
54d3e3	657	``defname`` inside the ``template.mako`` template instead of rendering the
CM	658	entire template. The old way of returning a tuple in the form
	659	``('defname', {})`` from the view is supported for backward compatibility,
8b55a6	660
CM	661	- The Chameleon ZPT renderer now accepts a macro name in an asset spec. When
	662	the macro name is present in the asset spec, the system will render the
	663	macro listed as a ``define-macro`` and return the result instead of
	664	rendering the entire template. An example asset spec:
	665	``package:path/to/template#macroname.pt``. This will render the macro
	666	defined as ``macroname`` within the ``template.pt`` template instead of the
	667	entire templae.
61a57e	668
CM	669	- When there is a predicate mismatch exception (seen when no view matches for
	670	a given request due to predicates not working), the exception now contains
	671	a textual description of the predicate which didn't match.
6b180c	672
CM	673	- An ``add_permission`` directive method was added to the Configurator. This
	674	directive registers a free-standing permission introspectable into the
	675	Pyramid introspection system. Frameworks built atop Pyramid can thus use
08c221	676	the ``permissions`` introspectable category data to build a
6b180c	677	comprehensive list of permissions supported by a running system. Before
CM	678	this method was added, permissions were already registered in this
	679	introspectable category as a side effect of naming them in an ``add_view``
	680	call, this method just makes it possible to arrange for a permission to be
	681	put into the ``permissions`` introspectable category without naming it
	682	along with an associated view. Here's an example of usage of
	683	``add_permission``::
	684
	685	config = Configurator()
	686	config.add_permission('view')
2c2534	687
45b6e1	688	- The ``UnencryptedCookieSessionFactoryConfig`` now accepts
MM	689	``signed_serialize`` and ``signed_deserialize`` hooks which may be used
	690	to influence how the sessions are marshalled (by default this is done
	691	with HMAC+pickle).
	692
28dba0	693	- ``pyramid.testing.DummyRequest`` now supports methods supplied by the
CM	694	``pyramid.util.InstancePropertyMixin`` class such as ``set_property``.
735987	695
CM	696	- Request properties and methods added via ``config.set_request_property`` or
	697	``config.add_request_method`` are now available to tweens.
	698
	699	- Request properties and methods added via ``config.set_request_property`` or
	700	``config.add_request_method`` are now available in the request object
	701	returned from ``pyramid.paster.bootstrap``.
	702
dc8b49	703	- ``request.context`` of environment request during ``bootstrap`` is now the
CM	704	root object if a context isn't already set on a provided request.
	705
07cb8f	706	- The ``pyramid.decorator.reify`` function is now an API, and was added to
CM	707	the API documentation.
	708
97150c	709	- Added the ``pyramid.testing.testConfig`` context manager, which can be used
CM	710	to generate a configurator in a test, e.g. ``with testing.testConfig(...):``.
	711
64452e	712	- Users can now invoke a subrequest from within view code using a new
CM	713	``request.invoke_subrequest`` API.
37d2c2	714
2c2534	715	Deprecations
MM	716	------------
	717
9cdb28	718	- The ``pyramid.config.Configurator.set_request_property`` has been
CM	719	documentation-deprecated. The method remains usable but the more
023c88	720	featureful ``pyramid.config.Configurator.add_request_method`` should be
9cdb28	721	used in its place (it has all of the same capabilities but can also extend
CM	722	the request object with methods).
ebcdc7	723
CM	724	Backwards Incompatibilities
	725	---------------------------
	726
25d3dd	727	- The Pyramid router no longer adds the values ``bfg.routes.route`` or
ebcdc7	728	``bfg.routes.matchdict`` to the request's WSGI environment dictionary.
CM	729	These values were docs-deprecated in ``repoze.bfg`` 1.0 (effectively seven
	730	minor releases ago). If your code depended on these values, use
	731	request.matched_route and request.matchdict instead.
	732
	733	- It is no longer possible to pass an environ dictionary directly to
	734	``pyramid.traversal.ResourceTreeTraverser.__call__`` (aka
	735	``ModelGraphTraverser.__call__``). Instead, you must pass a request
	736	object. Passing an environment instead of a request has generated a
	737	deprecation warning since Pyramid 1.1.
	738
	739	- Pyramid will no longer work properly if you use the
	740	``webob.request.LegacyRequest`` as a request factory. Instances of the
	741	LegacyRequest class have a ``request.path_info`` which return a string.
	742	This Pyramid release assumes that ``request.path_info`` will
	743	unconditionally be Unicode.
	744
3d4272	745	- The functions from ``pyramid.chameleon_zpt`` and ``pyramid.chameleon_text``
CM	746	named ``get_renderer``, ``get_template``, ``render_template``, and
	747	``render_template_to_response`` have been removed. These have issued a
	748	deprecation warning upon import since Pyramid 1.0. Use
	749	``pyramid.renderers.get_renderer()``,
	750	``pyramid.renderers.get_renderer().implementation()``,
	751	``pyramid.renderers.render()`` or ``pyramid.renderers.render_to_response``
	752	respectively instead of these functions.
	753
94a6f3	754	- The ``pyramid.configuration`` module was removed. It had been deprecated
CM	755	since Pyramid 1.0 and printed a deprecation warning upon its use. Use
	756	``pyramid.config`` instead.
	757
b274d0	758	- The ``pyramid.paster.PyramidTemplate`` API was removed. It had been
CM	759	deprecated since Pyramid 1.1 and issued a warning on import. If your code
	760	depended on this, adjust your code to import
	761	``pyramid.scaffolds.PyramidTemplate`` instead.
	762
ef2e51	763	- The ``pyramid.settings.get_settings()`` API was removed. It had been
CM	764	printing a deprecation warning since Pyramid 1.0. If your code depended on
	765	this API, use ``pyramid.threadlocal.get_current_registry().settings``
	766	instead or use the ``settings`` attribute of the registry available from
	767	the request (``request.registry.settings``).
	768
69e0aa	769	- These APIs from the ``pyramid.testing`` module were removed. They have
CM	770	been printing deprecation warnings since Pyramid 1.0:
	771
	772	* ``registerDummySecurityPolicy``, use
	773	``pyramid.config.Configurator.testing_securitypolicy`` instead.
	774
	775	* ``registerResources`` (aka ``registerModels``, use
	776	``pyramid.config.Configurator.testing_resources`` instead.
	777
	778	* ``registerEventListener``, use
	779	``pyramid.config.Configurator.testing_add_subscriber`` instead.
	780
	781	* ``registerTemplateRenderer`` (aka `registerDummyRenderer``), use
	782	``pyramid.config.Configurator.testing_add_template`` instead.
	783
	784	* ``registerView``, use ``pyramid.config.Configurator.add_view`` instead.
	785
	786	* ``registerUtility``, use
	787	``pyramid.config.Configurator.registry.registerUtility`` instead.
	788
	789	* ``registerAdapter``, use
	790	``pyramid.config.Configurator.registry.registerAdapter`` instead.
	791
ae6135	792	* ``registerSubscriber``, use
69e0aa	793	``pyramid.config.Configurator.add_subscriber`` instead.
CM	794
ae6135	795	* ``registerRoute``, use
69e0aa	796	``pyramid.config.Configurator.add_route`` instead.
CM	797
ae6135	798	* ``registerSettings``, use
69e0aa	799	``pyramid.config.Configurator.add_settings`` instead.
CM	800
64452e	801	- In Pyramid 1.3 and previous, the ``__call__`` method of a Response object
CM	802	was invoked before any finished callbacks were executed. As of this
	803	release, the ``__call__`` method of a Response object is invoked after
	804	finished callbacks are executed. This is in support of the
	805	``request.invoke_subrequest`` feature.
	806
b72ba1	807	Documentation
CM	808	-------------
	809
	810	- Added an "Upgrading Pyramid" chapter to the narrative documentation. It
07cb8f	811	describes how to cope with deprecations and removals of Pyramid APIs and
CM	812	how to show Pyramid-generated deprecation warnings while running tests and
	813	while running a server.
b72ba1	814
37d2c2	815	- Added a "Invoking a Subrequest" chapter to the documentation. It describes
64452e	816	how to use the new ``request.invoke_subrequest`` API.
37d2c2	817
ebcdc7	818	Dependencies
CM	819	------------
	820
	821	- Pyramid now requires WebOb 1.2b3+ (the prior Pyramid release only relied on
	822	1.2dev+). This is to ensure that we obtain a version of WebOb that returns
	823	``request.path_info`` as text.
	824