commit | author | age
|
3fa1b7
|
1 |
1.4.7 (2015-04-14) |
CM |
2 |
================== |
|
3 |
|
|
4 |
- The JSONP renderer created JavaScript code in such a way that a callback |
|
5 |
variable could be used to arbitrarily inject javascript into the response |
|
6 |
object. https://github.com/Pylons/pyramid/pull/1626 |
|
7 |
|
01138a
|
8 |
1.4.6 (2014-05-31) |
MM |
9 |
================== |
c5ccaf
|
10 |
|
DH |
11 |
Bug Fixes |
|
12 |
--------- |
01138a
|
13 |
|
55560c
|
14 |
- Allow ``config.add_route_predicate`` and ``config.add_view_predicate`` to |
MM |
15 |
accept an importable dotted-string for the ``factory`` argument. |
|
16 |
|
c5ccaf
|
17 |
- Fix an exception in ``package_name()`` when resolving the package |
DH |
18 |
name for namespace packages. |
|
19 |
|
28f6e9
|
20 |
1.4.5 (2013-08-30) |
MJ |
21 |
================== |
0cc839
|
22 |
|
c455ea
|
23 |
Bug Fixes |
CM |
24 |
--------- |
|
25 |
|
595034
|
26 |
- The ``alchemy`` scaffold would break when the database was MySQL during |
CM |
27 |
tables creation. See https://github.com/Pylons/pyramid/pull/1049. Backport |
|
28 |
from master. |
|
29 |
|
c455ea
|
30 |
- It was not possible to use ``pyramid.httpexceptions.HTTPException`` as |
CM |
31 |
the ``context`` of an exception view as very general catchall for |
|
32 |
http-related exceptions when you wanted that exception view to override the |
|
33 |
default exception view. See https://github.com/Pylons/pyramid/issues/985. |
|
34 |
Backport from master. |
|
35 |
|
0cc839
|
36 |
- When the ``pyramid.reload_templates`` setting was true, and a Chameleon |
CM |
37 |
template was reloaded, and the renderer specification named a macro |
|
38 |
(e.g. ``foo#macroname.pt``), renderings of the template after the template |
|
39 |
was reloaded due to a file change would produce the entire template body |
|
40 |
instead of just a rendering of the macro. See |
c455ea
|
41 |
https://github.com/Pylons/pyramid/issues/1013. Backport from master. |
0cc839
|
42 |
|
ae6135
|
43 |
- Fixed a Mako renderer bug returning a tuple with a previous defname value |
BL |
44 |
in some circumstances. See https://github.com/Pylons/pyramid/issues/1037 for |
|
45 |
more information. Backport from master. |
|
46 |
|
6aabdd
|
47 |
- Make ``pserve.cherrypy_server_runner`` Python 3 compatible. See |
TL |
48 |
https://github.com/Pylons/pyramid/issues/718. Backport from master. |
|
49 |
|
e20c7c
|
50 |
1.4.4 (2013-08-27) |
CM |
51 |
================== |
458095
|
52 |
|
CM |
53 |
Bug Fixes |
|
54 |
--------- |
|
55 |
|
|
56 |
- Fix an obscure problem when combining a virtual root with a route with a |
|
57 |
``*traverse`` in its pattern. Now the traversal path generated in |
|
58 |
such a configuration will be correct, instead of an element missing |
|
59 |
a leading slash. |
|
60 |
|
0a842c
|
61 |
1.4.3 (2013-07-18) |
CM |
62 |
================== |
|
63 |
|
|
64 |
Bug Fixes |
|
65 |
--------- |
b54f6d
|
66 |
|
CM |
67 |
- ``pyramid.testing.DummyResource`` didn't define ``__bool__``, so code under |
0cc839
|
68 |
Python 3 would use ``__len__`` to find truthiness; this usually caused an |
9c2424
|
69 |
instance of DummyResource to be "falsy" instead of "truthy". See |
CM |
70 |
https://github.com/Pylons/pyramid/pull/1032 |
b54f6d
|
71 |
|
e63bda
|
72 |
1.4.2 (2013-05-21) |
CM |
73 |
================== |
|
74 |
|
|
75 |
Bug Fixes |
|
76 |
--------- |
bdc928
|
77 |
|
bcecb6
|
78 |
- ``mako_templating``: added defensive workaround for non-importability of |
CM |
79 |
``mako`` due to upstream ``markupsafe`` dropping Python 3.2 support. Mako |
|
80 |
templating will no longer work under the combination of MarkupSafe 0.17 and |
|
81 |
Python 3.2 (although the combination of MarkupSafe 0.17 and Python 3.3 or any |
|
82 |
supported Python 2 version will work OK). |
bdc928
|
83 |
|
8ebdc0
|
84 |
- Make the ``pyramid.config.assets.PackageOverrides`` object implement the API |
TS |
85 |
for ``__loader__`` objects specified in PEP 302. Proxies to the |
|
86 |
``__loader__`` set by the importer, if present; otherwise, raises |
|
87 |
``NotImplementedError``. This makes Pyramid static view overrides work |
|
88 |
properly under Python 3.3 (previously they would not). See |
|
89 |
https://github.com/Pylons/pyramid/pull/1015 for more information. |
|
90 |
|
17d80b
|
91 |
1.4.1 (2013-04-23) |
39695d
|
92 |
================== |
MM |
93 |
|
|
94 |
Bug Fixes |
|
95 |
--------- |
|
96 |
|
|
97 |
- Spaces and dots may now be in mako renderer template paths. This was |
|
98 |
broken when support for the new makodef syntax was added in 1.4a1. |
|
99 |
See https://github.com/Pylons/pyramid/issues/950 |
|
100 |
|
f89644
|
101 |
- ``pyramid.debug_authorization=true`` will now correctly print out |
MM |
102 |
``Allowed`` for views registered with ``NO_PERMISSION_REQUIRED`` instead |
|
103 |
of invoking the ``permits`` method of the authorization policy. |
|
104 |
See https://github.com/Pylons/pyramid/issues/954 |
|
105 |
|
0f1f51
|
106 |
- Pyramid failed to install on some systems due to being packaged with |
MM |
107 |
some test files containing higher order characters in their names. These |
|
108 |
files have now been removed. See |
|
109 |
https://github.com/Pylons/pyramid/issues/981 |
|
110 |
|
96ab9f
|
111 |
1.4 (2012-12-18) |
CM |
112 |
================ |
758fa2
|
113 |
|
CM |
114 |
Docs |
|
115 |
---- |
|
116 |
|
|
117 |
- Fix functional tests in the ZODB tutorial |
|
118 |
|
e609e1
|
119 |
1.4b3 (2012-12-10) |
CM |
120 |
================== |
|
121 |
|
|
122 |
- Packaging release only, no code changes. 1.4b2 was a brownbag release due to |
|
123 |
missing directories in the tarball. |
|
124 |
|
a7e0e6
|
125 |
1.4b2 (2012-12-10) |
CM |
126 |
================== |
|
127 |
|
|
128 |
Docs |
|
129 |
---- |
|
130 |
|
|
131 |
- Scaffolding is now PEP-8 compliant (at least for a brief shining moment). |
|
132 |
|
|
133 |
- Tutorial improvements. |
ed1419
|
134 |
|
MM |
135 |
Backwards Incompatibilities |
|
136 |
--------------------------- |
|
137 |
|
|
138 |
- Modified the ``_depth`` argument to ``pyramid.view.view_config`` to accept |
|
139 |
a value relative to the invocation of ``view_config`` itself. Thus, when it |
|
140 |
was previously expecting a value of ``1`` or greater, to reflect that |
|
141 |
the caller of ``view_config`` is 1 stack frame away from ``venusian.attach``, |
|
142 |
this implementation detail is now hidden. |
|
143 |
|
a078e1
|
144 |
- Modified the ``_backframes`` argument to ``pyramid.util.action_method`` in a |
CM |
145 |
similar way to the changes described to ``_depth`` above. This argument |
|
146 |
remains undocumented, but might be used in the wild by some insane person. |
|
147 |
|
1608b2
|
148 |
1.4b1 (2012-11-21) |
CM |
149 |
================== |
0ccdc2
|
150 |
|
71cd93
|
151 |
Features |
CM |
152 |
-------- |
|
153 |
|
|
154 |
- Small microspeed enhancement which anticipates that a |
|
155 |
``pyramid.response.Response`` object is likely to be returned from a view. |
|
156 |
Some code is shortcut if the class of the object returned by a view is this |
|
157 |
class. A similar microoptimization was done to |
|
158 |
``pyramid.request.Request.is_response``. |
|
159 |
|
9132f6
|
160 |
- Make it possible to use variable arguments on ``p*`` commands (``pserve``, |
CM |
161 |
``pshell``, ``pviews``, etc) in the form ``a=1 b=2`` so you can fill in |
|
162 |
values in parameterized ``.ini`` file, e.g. ``pshell etc/development.ini |
6ba0fc
|
163 |
http_port=8080``. See https://github.com/Pylons/pyramid/pull/714 |
9132f6
|
164 |
|
f700d3
|
165 |
- A somewhat advanced and obscure feature of Pyramid event handlers is their |
CM |
166 |
ability to handle "multi-interface" notifications. These notifications have |
|
167 |
traditionally presented multiple objects to the subscriber callable. For |
|
168 |
instance, if an event was sent by code like this:: |
28fc3d
|
169 |
|
CM |
170 |
registry.notify(event, context) |
|
171 |
|
|
172 |
In the past, in order to catch such an event, you were obligated to write and |
|
173 |
register an event subscriber that mentioned both the event and the context in |
|
174 |
its argument list:: |
|
175 |
|
|
176 |
@subscriber([SomeEvent, SomeContextType]) |
f700d3
|
177 |
def asubscriber(event, context): |
28fc3d
|
178 |
pass |
CM |
179 |
|
f700d3
|
180 |
In many subscriber callables registered this way, it was common for the logic |
CM |
181 |
in the subscriber callable to completely ignore the second and following |
|
182 |
arguments (e.g. ``context`` in the above example might be ignored), because |
|
183 |
they usually existed as attributes of the event anyway. You could usually |
a3810e
|
184 |
get the same value by doing ``event.context`` or similar. |
f700d3
|
185 |
|
CM |
186 |
The fact that you needed to put an extra argument which you usually ignored |
|
187 |
in the subscriber callable body was only a minor annoyance until we added |
a3810e
|
188 |
"subscriber predicates", used to narrow the set of circumstances under which |
CM |
189 |
a subscriber will be executed, in a prior 1.4 alpha release. Once those were |
|
190 |
added, the annoyance was escalated, because subscriber predicates needed to |
|
191 |
accept the same argument list and arity as the subscriber callables that they |
|
192 |
were configured against. So, for example, if you had these two subscriber |
|
193 |
registrations in your code:: |
28fc3d
|
194 |
|
CM |
195 |
@subscriber([SomeEvent, SomeContextType]) |
f700d3
|
196 |
def asubscriber(event, context): |
CM |
197 |
pass |
|
198 |
|
|
199 |
@subscriber(SomeOtherEvent) |
|
200 |
def asubscriber(event): |
|
201 |
pass |
ae6135
|
202 |
|
f700d3
|
203 |
And you wanted to use a subscriber predicate:: |
CM |
204 |
|
|
205 |
@subscriber([SomeEvent, SomeContextType], mypredicate=True) |
a3810e
|
206 |
def asubscriber1(event, context): |
f700d3
|
207 |
pass |
CM |
208 |
|
|
209 |
@subscriber(SomeOtherEvent, mypredicate=True) |
a3810e
|
210 |
def asubscriber2(event): |
f700d3
|
211 |
pass |
CM |
212 |
|
a3810e
|
213 |
If an existing ``mypredicate`` subscriber predicate had been written in such |
CM |
214 |
a way that it accepted only one argument in its ``__call__``, you could not |
|
215 |
use it against a subscription which named more than one interface in its |
|
216 |
subscriber interface list. Similarly, if you had written a subscriber |
|
217 |
predicate that accepted two arguments, you couldn't use it against a |
|
218 |
registration that named only a single interface type. |
|
219 |
|
|
220 |
For example, if you created this predicate:: |
f700d3
|
221 |
|
CM |
222 |
class MyPredicate(object): |
|
223 |
# portions elided... |
|
224 |
def __call__(self, event): |
|
225 |
return self.val == event.context.foo |
|
226 |
|
a3810e
|
227 |
It would not work against a multi-interface-registered subscription, so in |
CM |
228 |
the above example, when you attempted to use it against ``asubscriber1``, it |
|
229 |
would fail at runtime with a TypeError, claiming something was attempting to |
|
230 |
call it with too many arguments. |
f700d3
|
231 |
|
a3810e
|
232 |
To hack around this limitation, you were obligated to design the |
CM |
233 |
``mypredicate`` predicate to expect to receive in its ``__call__`` either a |
|
234 |
single ``event`` argument (a SomeOtherEvent object) *or* a pair of arguments |
|
235 |
(a SomeEvent object and a SomeContextType object), presumably by doing |
|
236 |
something like this:: |
f700d3
|
237 |
|
CM |
238 |
class MyPredicate(object): |
|
239 |
# portions elided... |
|
240 |
def __call__(self, event, context=None): |
|
241 |
return self.val == event.context.foo |
|
242 |
|
|
243 |
This was confusing and bad. |
|
244 |
|
|
245 |
In order to allow people to ignore unused arguments to subscriber callables |
|
246 |
and to normalize the relationship between event subscribers and subscriber |
|
247 |
predicates, we now allow both subscribers and subscriber predicates to accept |
|
248 |
only a single ``event`` argument even if they've been subscribed for |
|
249 |
notifications that involve multiple interfaces. Subscribers and subscriber |
|
250 |
predicates that accept only one argument will receive the first object passed |
|
251 |
to ``notify``; this is typically (but not always) the event object. The |
|
252 |
other objects involved in the subscription lookup will be discarded. You can |
|
253 |
now write an event subscriber that accepts only ``event`` even if it |
|
254 |
subscribes to multiple interfaces:: |
|
255 |
|
|
256 |
@subscriber([SomeEvent, SomeContextType]) |
|
257 |
def asubscriber(event): |
28fc3d
|
258 |
# this will work! |
CM |
259 |
|
f700d3
|
260 |
This prevents you from needing to match the subscriber callable parameters to |
CM |
261 |
the subscription type unnecessarily, especially when you don't make use of |
|
262 |
any argument in your subscribers except for the event object itself. |
|
263 |
|
|
264 |
Note, however, that if the event object is not the first |
|
265 |
object in the call to ``notify``, you'll run into trouble. For example, if |
|
266 |
notify is called with the context argument first:: |
28fc3d
|
267 |
|
CM |
268 |
registry.notify(context, event) |
|
269 |
|
f700d3
|
270 |
You won't be able to take advantage of the event-only feature. It will |
CM |
271 |
"work", but the object received by your event handler won't be the event |
|
272 |
object, it will be the context object, which won't be very useful:: |
28fc3d
|
273 |
|
CM |
274 |
@subscriber([SomeContextType, SomeEvent]) |
f700d3
|
275 |
def asubscriber(event): |
ae6135
|
276 |
# bzzt! you'll be getting the context here as ``event``, and it'll |
28fc3d
|
277 |
# be useless |
CM |
278 |
|
|
279 |
Existing multiple-argument subscribers continue to work without issue, so you |
|
280 |
should continue use those if your system notifies using multiple interfaces |
|
281 |
and the first interface is not the event interface. For example:: |
|
282 |
|
|
283 |
@subscriber([SomeContextType, SomeEvent]) |
f700d3
|
284 |
def asubscriber(context, event): |
28fc3d
|
285 |
# this will still work! |
CM |
286 |
|
|
287 |
The event-only feature makes it possible to use a subscriber predicate that |
|
288 |
accepts only a request argument within both multiple-interface subscriber |
f700d3
|
289 |
registrations and single-interface subscriber registrations. You needn't |
CM |
290 |
make slightly different variations of predicates depending on the |
|
291 |
subscription type arguments. Instead, just write all your subscriber |
|
292 |
predicates so they only accept ``event`` in their ``__call__`` and they'll be |
|
293 |
useful across all registrations for subscriptions that use an event as their |
|
294 |
first argument, even ones which accept more than just ``event``. |
28fc3d
|
295 |
|
f700d3
|
296 |
However, the same caveat applies to predicates as to subscriber callables: if |
CM |
297 |
you're subscribing to a multi-interface event, and the first interface is not |
|
298 |
the event interface, the predicate won't work properly. In such a case, |
|
299 |
you'll need to match the predicate ``__call__`` argument ordering and |
|
300 |
composition to the ordering of the interfaces. For example, if the |
|
301 |
registration for the subscription uses ``[SomeContext, SomeEvent]``, you'll |
|
302 |
need to reflect that in the ordering of the parameters of the predicate's |
|
303 |
``__call__`` method:: |
28fc3d
|
304 |
|
CM |
305 |
def __call__(self, context, event): |
|
306 |
return event.request.path.startswith(self.val) |
|
307 |
|
f700d3
|
308 |
tl;dr: 1) When using multi-interface subscriptions, always use the event type |
CM |
309 |
as the first subscription registration argument and 2) When 1 is true, use |
|
310 |
only ``event`` in your subscriber and subscriber predicate parameter lists, |
|
311 |
no matter how many interfaces the subscriber is notified with. This |
|
312 |
combination will result in the maximum amount of reusability of subscriber |
|
313 |
predicates and the least amount of thought on your part. Drink responsibly. |
28fc3d
|
314 |
|
0ccdc2
|
315 |
Bug Fixes |
CM |
316 |
--------- |
|
317 |
|
|
318 |
- A failure when trying to locate the attribute ``__text__`` on route and view |
|
319 |
predicates existed when the ``debug_routematch`` setting was true or when the |
|
320 |
``pviews`` command was used. See https://github.com/Pylons/pyramid/pull/727 |
|
321 |
|
b5e444
|
322 |
Documentation |
CM |
323 |
------------- |
|
324 |
|
|
325 |
- Sync up tutorial source files with the files that are rendered by the |
|
326 |
scaffold that each uses. |
|
327 |
|
948068
|
328 |
1.4a4 (2012-11-14) |
CM |
329 |
================== |
c7337b
|
330 |
|
CM |
331 |
Features |
|
332 |
-------- |
|
333 |
|
19b820
|
334 |
- ``pyramid.authentication.AuthTktAuthenticationPolicy`` has been updated to |
MM |
335 |
support newer hashing algorithms such as ``sha512``. Existing applications |
39ef68
|
336 |
should consider updating if possible for improved security over the default |
CM |
337 |
md5 hashing. |
19b820
|
338 |
|
c7337b
|
339 |
- Added an ``effective_principals`` route and view predicate. |
CM |
340 |
|
07c9ee
|
341 |
- Do not allow the userid returned from the ``authenticated_userid`` or the |
CM |
342 |
userid that is one of the list of principals returned by |
|
343 |
``effective_principals`` to be either of the strings ``system.Everyone`` or |
|
344 |
``system.Authenticated`` when any of the built-in authorization policies that |
|
345 |
live in ``pyramid.authentication`` are in use. These two strings are |
|
346 |
reserved for internal usage by Pyramid and they will not be accepted as valid |
|
347 |
userids. |
|
348 |
|
ca4656
|
349 |
- Slightly better debug logging from |
MM |
350 |
``pyramid.authentication.RepozeWho1AuthenticationPolicy``. |
47146e
|
351 |
|
39ef68
|
352 |
- ``pyramid.security.view_execution_permitted`` used to return ``True`` if no |
926fb6
|
353 |
view could be found. It now raises a ``TypeError`` exception in that case, as |
CM |
354 |
it doesn't make sense to assert that a nonexistent view is |
|
355 |
execution-permitted. See https://github.com/Pylons/pyramid/issues/299. |
cb745b
|
356 |
|
a8d71c
|
357 |
- Allow a ``_depth`` argument to ``pyramid.view.view_config``, which will |
CM |
358 |
permit limited composition reuse of the decorator by other software that |
|
359 |
wants to provide custom decorators that are much like view_config. |
|
360 |
|
170124
|
361 |
- Allow an iterable of decorators to be passed to |
MM |
362 |
``pyramid.config.Configurator.add_view``. This allows views to be wrapped |
|
363 |
by more than one decorator without requiring combining the decorators |
|
364 |
yourself. |
|
365 |
|
a007a4
|
366 |
Bug Fixes |
CM |
367 |
--------- |
|
368 |
|
|
369 |
- In the past if a renderer returned ``None``, the body of the resulting |
|
370 |
response would be set explicitly to the empty string. Instead, now, the body |
|
371 |
is left unchanged, which allows the renderer to set a body itself by using |
|
372 |
e.g. ``request.response.body = b'foo'``. The body set by the renderer will |
|
373 |
be unmolested on the way out. See |
|
374 |
https://github.com/Pylons/pyramid/issues/709 |
|
375 |
|
34d4cd
|
376 |
- In uncommon cases, the ``pyramid_excview_tween_factory`` might have |
CM |
377 |
inadvertently raised a ``KeyError`` looking for ``request_iface`` as an |
|
378 |
attribute of the request. It no longer fails in this case. See |
|
379 |
https://github.com/Pylons/pyramid/issues/700 |
048754
|
380 |
|
267dbd
|
381 |
- Be more tolerant of potential error conditions in ``match_param`` and |
CM |
382 |
``physical_path`` predicate implementations; instead of raising an exception, |
|
383 |
return False. |
|
384 |
|
39ef68
|
385 |
- ``pyramid.view.render_view`` was not functioning properly under Python 3.x |
CM |
386 |
due to a byte/unicode discrepancy. See |
f89cfc
|
387 |
http://github.com/Pylons/pyramid/issues/721 |
MM |
388 |
|
ca3df8
|
389 |
Deprecations |
MM |
390 |
------------ |
|
391 |
|
39ef68
|
392 |
- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning if |
CM |
393 |
an application is using the policy without explicitly passing a ``hashalg`` |
|
394 |
argument. This is because the default is "md5" which is considered |
|
395 |
theoretically subject to collision attacks. If you really want "md5" then you |
|
396 |
must specify it explicitly to get rid of the warning. |
|
397 |
|
|
398 |
Documentation |
|
399 |
------------- |
|
400 |
|
|
401 |
- All of the tutorials that use |
|
402 |
``pyramid.authentication.AuthTktAuthenticationPolicy`` now explicitly pass |
|
403 |
``sha512`` as a ``hashalg`` argument. |
|
404 |
|
ca3df8
|
405 |
|
66fe1d
|
406 |
Internals |
CM |
407 |
--------- |
|
408 |
|
|
409 |
- Move ``TopologicalSorter`` from ``pyramid.config.util`` to ``pyramid.util``, |
|
410 |
move ``CyclicDependencyError`` from ``pyramid.config.util`` to |
|
411 |
``pyramid.exceptions``, rename ``Singleton`` to ``Sentinel`` and move from |
ca4656
|
412 |
``pyramid.config.util`` to ``pyramid.util``; this is in an effort to |
048754
|
413 |
move that stuff that may be an API one day out of ``pyramid.config.util``, |
66fe1d
|
414 |
because that package should never be imported from non-Pyramid code. |
CM |
415 |
TopologicalSorter is still not an API, but may become one. |
|
416 |
|
39ef68
|
417 |
- Get rid of shady monkeypatching of ``pyramid.request.Request`` and |
CM |
418 |
``pyramid.response.Response`` done within the ``__init__.py`` of Pyramid. |
|
419 |
Webob no longer relies on this being done. Instead, the ResponseClass |
|
420 |
attribute of the Pyramid Request class is assigned to the Pyramid response |
|
421 |
class; that's enough to satisfy WebOb and behave as it did before with the |
|
422 |
monkeypatching. |
|
423 |
|
4a6cca
|
424 |
1.4a3 (2012-10-26) |
CM |
425 |
================== |
d6fb00
|
426 |
|
CM |
427 |
Bug Fixes |
|
428 |
--------- |
|
429 |
|
06a904
|
430 |
- The match_param predicate's text method was fixed to sort its values. |
CM |
431 |
Part of https://github.com/Pylons/pyramid/pull/705 |
|
432 |
|
d6fb00
|
433 |
- 1.4a ``pyramid.scripting.prepare`` behaved differently than 1.3 series |
CM |
434 |
function of same name. In particular, if passed a request, it would not |
|
435 |
set the ``registry`` attribute of the request like 1.3 did. A symptom |
|
436 |
would be that passing a request to ``pyramid.paster.bootstrap`` (which uses |
|
437 |
the function) that did not have a ``registry`` attribute could assume that |
|
438 |
the registry would be attached to the request by Pyramid. This assumption |
|
439 |
could be made in 1.3, but not in 1.4. The assumption can now be made in |
|
440 |
1.4 too (a registry is attached to a request passed to bootstrap or |
|
441 |
prepare). |
|
442 |
|
66d277
|
443 |
- When registering a view configuration that named a Chameleon ZPT renderer |
CM |
444 |
with a macro name in it (e.g. ``renderer='some/template#somemacro.pt``) as |
043ccd
|
445 |
well as a view configuration without a macro name in it that pointed to the |
9937a4
|
446 |
same template (e.g. ``renderer='some/template.pt'``), internal caching could |
66d277
|
447 |
confuse the two, and your code might have rendered one instead of the |
CM |
448 |
other. |
|
449 |
|
1273d5
|
450 |
Features |
CM |
451 |
-------- |
|
452 |
|
c25a8f
|
453 |
- Allow multiple values to be specified to the ``request_param`` view/route |
CM |
454 |
predicate as a sequence. Previously only a single string value was allowed. |
|
455 |
See https://github.com/Pylons/pyramid/pull/705 |
|
456 |
|
|
457 |
- Comments with references to documentation sections placed in scaffold |
|
458 |
``.ini`` files. |
|
459 |
|
|
460 |
- Added an HTTP Basic authentication policy |
|
461 |
at ``pyramid.authentication.BasicAuthAuthenticationPolicy``. |
|
462 |
|
1273d5
|
463 |
- The Configurator ``testing_securitypolicy`` method now returns the policy |
CM |
464 |
object it creates. |
|
465 |
|
|
466 |
- The Configurator ``testing_securitypolicy`` method accepts two new |
|
467 |
arguments: ``remember_result`` and ``forget_result``. If supplied, these |
|
468 |
values influence the result of the policy's ``remember`` and ``forget`` |
|
469 |
methods, respectively. |
|
470 |
|
|
471 |
- The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a |
|
472 |
``forgotten`` value on the policy (the value ``True``) when its ``forget`` |
|
473 |
method is called. |
|
474 |
|
|
475 |
- The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a |
|
476 |
``remembered`` value on the policy, which is the value of the ``principal`` |
|
477 |
argument it's called with when its ``remember`` method is called. |
|
478 |
|
c25a8f
|
479 |
- New ``physical_path`` view predicate. If specified, this value should be a |
CM |
480 |
string or a tuple representing the physical traversal path of the context |
|
481 |
found via traversal for this predicate to match as true. For example: |
|
482 |
``physical_path='/'`` or ``physical_path='/a/b/c'`` or ``physical_path=('', |
|
483 |
'a', 'b', 'c')``. This is not a path prefix match or a regex, it's a |
|
484 |
whole-path match. It's useful when you want to always potentially show a |
|
485 |
view when some object is traversed to, but you can't be sure about what kind |
|
486 |
of object it will be, so you can't use the ``context`` predicate. The |
|
487 |
individual path elements inbetween slash characters or in tuple elements |
|
488 |
should be the Unicode representation of the name of the resource and should |
|
489 |
not be encoded in any way. |
|
490 |
|
072cbf
|
491 |
1.4a2 (2012-09-27) |
CM |
492 |
================== |
68c25d
|
493 |
|
d27bc7
|
494 |
Bug Fixes |
CM |
495 |
--------- |
|
496 |
|
4388d3
|
497 |
- When trying to determine Mako defnames and Chameleon macro names in asset |
CM |
498 |
specifications, take into account that the filename may have a hyphen in |
|
499 |
it. See https://github.com/Pylons/pyramid/pull/692 |
d27bc7
|
500 |
|
68c25d
|
501 |
Features |
CM |
502 |
-------- |
|
503 |
|
|
504 |
- A new ``pyramid.session.check_csrf_token`` convenience function was added. |
|
505 |
|
80cd0b
|
506 |
- A ``check_csrf`` view predicate was added. For example, you can now do |
CM |
507 |
``config.add_view(someview, check_csrf=True)``. When the predicate is |
|
508 |
checked, if the ``csrf_token`` value in ``request.params`` matches the CSRF |
|
509 |
token in the request's session, the view will be permitted to execute. |
|
510 |
Otherwise, it will not be permitted to execute. |
68c25d
|
511 |
|
098599
|
512 |
- Add ``Base.metadata.bind = engine`` to alchemy template, so that tables |
CM |
513 |
defined imperatively will work. |
|
514 |
|
|
515 |
Documentation |
|
516 |
------------- |
|
517 |
|
|
518 |
- update wiki2 SQLA tutorial with the changes required after inserting |
|
519 |
``Base.metadata.bind = engine`` into the alchemy scaffold. |
|
520 |
|
ce1e86
|
521 |
1.4a1 (2012-09-16) |
CM |
522 |
================== |
f6bd88
|
523 |
|
a39dd2
|
524 |
Bug Fixes |
CM |
525 |
--------- |
|
526 |
|
1794b4
|
527 |
- Forward port from 1.3 branch: When no authentication policy was configured, |
CM |
528 |
a call to ``pyramid.security.effective_principals`` would unconditionally |
|
529 |
return the empty list. This was incorrect, it should have unconditionally |
|
530 |
returned ``[Everyone]``, and now does. |
8782de
|
531 |
|
3074e7
|
532 |
- Explicit url dispatch regexes can now contain colons. |
CM |
533 |
https://github.com/Pylons/pyramid/issues/629 |
|
534 |
|
e65251
|
535 |
- On at least one 64-bit Ubuntu system under Python 3.2, using the |
CM |
536 |
``view_config`` decorator caused a ``RuntimeError: dictionary changed size |
|
537 |
during iteration`` exception. It no longer does. See |
|
538 |
https://github.com/Pylons/pyramid/issues/635 for more information. |
|
539 |
|
8b2675
|
540 |
- In Mako Templates lookup, check if the uri is already adjusted and bring |
BL |
541 |
it back to an asset spec. Normally occurs with inherited templates or |
|
542 |
included components. |
|
543 |
https://github.com/Pylons/pyramid/issues/606 |
|
544 |
https://github.com/Pylons/pyramid/issues/607 |
|
545 |
|
ae6135
|
546 |
- In Mako Templates lookup, check for absolute uri (using mako directories) |
7853bc
|
547 |
when mixing up inheritance with asset specs. |
BL |
548 |
https://github.com/Pylons/pyramid/issues/662 |
|
549 |
|
75a8ff
|
550 |
- HTTP Accept headers were not being normalized causing potentially |
MM |
551 |
conflicting view registrations to go unnoticed. Two views that only |
|
552 |
differ in the case ('text/html' vs. 'text/HTML') will now raise an error. |
|
553 |
https://github.com/Pylons/pyramid/pull/620 |
|
554 |
|
a9289d
|
555 |
- Forward-port from 1.3 branch: when registering multiple views with an |
CM |
556 |
``accept`` predicate in a Pyramid application runing under Python 3, you |
|
557 |
might have received a ``TypeError: unorderable types: function() < |
|
558 |
function()`` exception. |
|
559 |
|
de797c
|
560 |
Features |
CM |
561 |
-------- |
a39dd2
|
562 |
|
d24659
|
563 |
- Configurator.add_directive now accepts arbitrary callables like partials or |
CM |
564 |
objects implementing ``__call__`` which dont have ``__name__`` and |
|
565 |
``__doc__`` attributes. See https://github.com/Pylons/pyramid/issues/621 |
|
566 |
and https://github.com/Pylons/pyramid/pull/647. |
|
567 |
|
95f766
|
568 |
- Third-party custom view, route, and subscriber predicates can now be added |
CM |
569 |
for use by view authors via |
|
570 |
``pyramid.config.Configurator.add_view_predicate``, |
|
571 |
``pyramid.config.Configurator.add_route_predicate`` and |
|
572 |
``pyramid.config.Configurator.add_subscriber_predicate``. So, for example, |
0196b2
|
573 |
doing this:: |
CM |
574 |
|
|
575 |
config.add_view_predicate('abc', my.package.ABCPredicate) |
|
576 |
|
|
577 |
Might allow a view author to do this in an application that configured that |
|
578 |
predicate:: |
|
579 |
|
|
580 |
@view_config(abc=1) |
|
581 |
|
95f766
|
582 |
Similar features exist for ``add_route``, and ``add_subscriber``. See |
CM |
583 |
"Adding A Third Party View, Route, or Subscriber Predicate" in the Hooks |
|
584 |
chapter for more information. |
0196b2
|
585 |
|
735abf
|
586 |
Note that changes made to support the above feature now means that only |
CM |
587 |
actions registered using the same "order" can conflict with one another. |
|
588 |
It used to be the case that actions registered at different orders could |
|
589 |
potentially conflict, but to my knowledge nothing ever depended on this |
|
590 |
behavior (it was a bit silly). |
|
591 |
|
de797c
|
592 |
- Custom objects can be made easily JSON-serializable in Pyramid by defining |
CM |
593 |
a ``__json__`` method on the object's class. This method should return |
|
594 |
values natively serializable by ``json.dumps`` (such as ints, lists, |
|
595 |
dictionaries, strings, and so forth). |
077fa3
|
596 |
|
e012aa
|
597 |
- The JSON renderer now allows for the definition of custom type adapters to |
CM |
598 |
convert unknown objects to JSON serializations. |
|
599 |
|
360f25
|
600 |
- As of this release, the ``request_method`` predicate, when used, will also |
CM |
601 |
imply that ``HEAD`` is implied when you use ``GET``. For example, using |
|
602 |
``@view_config(request_method='GET')`` is equivalent to using |
561a44
|
603 |
``@view_config(request_method=('GET', 'HEAD'))``. Using |
360f25
|
604 |
``@view_config(request_method=('GET', 'POST')`` is equivalent to using |
CM |
605 |
``@view_config(request_method=('GET', 'HEAD', 'POST')``. This is because |
|
606 |
HEAD is a variant of GET that omits the body, and WebOb has special support |
|
607 |
to return an empty body when a HEAD is used. |
15c40a
|
608 |
|
023c88
|
609 |
- ``config.add_request_method`` has been introduced to support extending |
2c2534
|
610 |
request objects with arbitrary callables. This method expands on the |
MM |
611 |
previous ``config.set_request_property`` by supporting methods as well as |
|
612 |
properties. This method now causes less code to be executed at |
|
613 |
request construction time than ``config.set_request_property`` in |
|
614 |
version 1.3. |
fcb209
|
615 |
|
2c2534
|
616 |
- Don't add a ``?`` to URLs generated by ``request.resource_url`` if the |
fcb209
|
617 |
``query`` argument is provided but empty. |
CM |
618 |
|
2c2534
|
619 |
- Don't add a ``?`` to URLs generated by ``request.route_url`` if the |
fcb209
|
620 |
``_query`` argument is provided but empty. |
988035
|
621 |
|
CM |
622 |
- The static view machinery now raises (rather than returns) ``HTTPNotFound`` |
|
623 |
and ``HTTPMovedPermanently`` exceptions, so these can be caught by the |
|
624 |
NotFound view (and other exception views). |
ea009a
|
625 |
|
54d3e3
|
626 |
- The Mako renderer now supports a def name in an asset spec. When the def |
8b55a6
|
627 |
name is present in the asset spec, the system will render the template def |
CM |
628 |
within the template and will return the result. An example asset spec is |
|
629 |
``package:path/to/template#defname.mako``. This will render the def named |
54d3e3
|
630 |
``defname`` inside the ``template.mako`` template instead of rendering the |
CM |
631 |
entire template. The old way of returning a tuple in the form |
|
632 |
``('defname', {})`` from the view is supported for backward compatibility, |
8b55a6
|
633 |
|
CM |
634 |
- The Chameleon ZPT renderer now accepts a macro name in an asset spec. When |
|
635 |
the macro name is present in the asset spec, the system will render the |
|
636 |
macro listed as a ``define-macro`` and return the result instead of |
|
637 |
rendering the entire template. An example asset spec: |
|
638 |
``package:path/to/template#macroname.pt``. This will render the macro |
|
639 |
defined as ``macroname`` within the ``template.pt`` template instead of the |
|
640 |
entire templae. |
61a57e
|
641 |
|
CM |
642 |
- When there is a predicate mismatch exception (seen when no view matches for |
|
643 |
a given request due to predicates not working), the exception now contains |
|
644 |
a textual description of the predicate which didn't match. |
6b180c
|
645 |
|
CM |
646 |
- An ``add_permission`` directive method was added to the Configurator. This |
|
647 |
directive registers a free-standing permission introspectable into the |
|
648 |
Pyramid introspection system. Frameworks built atop Pyramid can thus use |
08c221
|
649 |
the ``permissions`` introspectable category data to build a |
6b180c
|
650 |
comprehensive list of permissions supported by a running system. Before |
CM |
651 |
this method was added, permissions were already registered in this |
|
652 |
introspectable category as a side effect of naming them in an ``add_view`` |
|
653 |
call, this method just makes it possible to arrange for a permission to be |
|
654 |
put into the ``permissions`` introspectable category without naming it |
|
655 |
along with an associated view. Here's an example of usage of |
|
656 |
``add_permission``:: |
|
657 |
|
|
658 |
config = Configurator() |
|
659 |
config.add_permission('view') |
2c2534
|
660 |
|
45b6e1
|
661 |
- The ``UnencryptedCookieSessionFactoryConfig`` now accepts |
MM |
662 |
``signed_serialize`` and ``signed_deserialize`` hooks which may be used |
|
663 |
to influence how the sessions are marshalled (by default this is done |
|
664 |
with HMAC+pickle). |
|
665 |
|
28dba0
|
666 |
- ``pyramid.testing.DummyRequest`` now supports methods supplied by the |
CM |
667 |
``pyramid.util.InstancePropertyMixin`` class such as ``set_property``. |
735987
|
668 |
|
CM |
669 |
- Request properties and methods added via ``config.set_request_property`` or |
|
670 |
``config.add_request_method`` are now available to tweens. |
|
671 |
|
|
672 |
- Request properties and methods added via ``config.set_request_property`` or |
|
673 |
``config.add_request_method`` are now available in the request object |
|
674 |
returned from ``pyramid.paster.bootstrap``. |
|
675 |
|
dc8b49
|
676 |
- ``request.context`` of environment request during ``bootstrap`` is now the |
CM |
677 |
root object if a context isn't already set on a provided request. |
|
678 |
|
07cb8f
|
679 |
- The ``pyramid.decorator.reify`` function is now an API, and was added to |
CM |
680 |
the API documentation. |
|
681 |
|
97150c
|
682 |
- Added the ``pyramid.testing.testConfig`` context manager, which can be used |
CM |
683 |
to generate a configurator in a test, e.g. ``with testing.testConfig(...):``. |
|
684 |
|
64452e
|
685 |
- Users can now invoke a subrequest from within view code using a new |
CM |
686 |
``request.invoke_subrequest`` API. |
37d2c2
|
687 |
|
2c2534
|
688 |
Deprecations |
MM |
689 |
------------ |
|
690 |
|
9cdb28
|
691 |
- The ``pyramid.config.Configurator.set_request_property`` has been |
CM |
692 |
documentation-deprecated. The method remains usable but the more |
023c88
|
693 |
featureful ``pyramid.config.Configurator.add_request_method`` should be |
9cdb28
|
694 |
used in its place (it has all of the same capabilities but can also extend |
CM |
695 |
the request object with methods). |
ebcdc7
|
696 |
|
CM |
697 |
Backwards Incompatibilities |
|
698 |
--------------------------- |
|
699 |
|
25d3dd
|
700 |
- The Pyramid router no longer adds the values ``bfg.routes.route`` or |
ebcdc7
|
701 |
``bfg.routes.matchdict`` to the request's WSGI environment dictionary. |
CM |
702 |
These values were docs-deprecated in ``repoze.bfg`` 1.0 (effectively seven |
|
703 |
minor releases ago). If your code depended on these values, use |
|
704 |
request.matched_route and request.matchdict instead. |
|
705 |
|
|
706 |
- It is no longer possible to pass an environ dictionary directly to |
|
707 |
``pyramid.traversal.ResourceTreeTraverser.__call__`` (aka |
|
708 |
``ModelGraphTraverser.__call__``). Instead, you must pass a request |
|
709 |
object. Passing an environment instead of a request has generated a |
|
710 |
deprecation warning since Pyramid 1.1. |
|
711 |
|
|
712 |
- Pyramid will no longer work properly if you use the |
|
713 |
``webob.request.LegacyRequest`` as a request factory. Instances of the |
|
714 |
LegacyRequest class have a ``request.path_info`` which return a string. |
|
715 |
This Pyramid release assumes that ``request.path_info`` will |
|
716 |
unconditionally be Unicode. |
|
717 |
|
3d4272
|
718 |
- The functions from ``pyramid.chameleon_zpt`` and ``pyramid.chameleon_text`` |
CM |
719 |
named ``get_renderer``, ``get_template``, ``render_template``, and |
|
720 |
``render_template_to_response`` have been removed. These have issued a |
|
721 |
deprecation warning upon import since Pyramid 1.0. Use |
|
722 |
``pyramid.renderers.get_renderer()``, |
|
723 |
``pyramid.renderers.get_renderer().implementation()``, |
|
724 |
``pyramid.renderers.render()`` or ``pyramid.renderers.render_to_response`` |
|
725 |
respectively instead of these functions. |
|
726 |
|
94a6f3
|
727 |
- The ``pyramid.configuration`` module was removed. It had been deprecated |
CM |
728 |
since Pyramid 1.0 and printed a deprecation warning upon its use. Use |
|
729 |
``pyramid.config`` instead. |
|
730 |
|
b274d0
|
731 |
- The ``pyramid.paster.PyramidTemplate`` API was removed. It had been |
CM |
732 |
deprecated since Pyramid 1.1 and issued a warning on import. If your code |
|
733 |
depended on this, adjust your code to import |
|
734 |
``pyramid.scaffolds.PyramidTemplate`` instead. |
|
735 |
|
ef2e51
|
736 |
- The ``pyramid.settings.get_settings()`` API was removed. It had been |
CM |
737 |
printing a deprecation warning since Pyramid 1.0. If your code depended on |
|
738 |
this API, use ``pyramid.threadlocal.get_current_registry().settings`` |
|
739 |
instead or use the ``settings`` attribute of the registry available from |
|
740 |
the request (``request.registry.settings``). |
|
741 |
|
69e0aa
|
742 |
- These APIs from the ``pyramid.testing`` module were removed. They have |
CM |
743 |
been printing deprecation warnings since Pyramid 1.0: |
|
744 |
|
|
745 |
* ``registerDummySecurityPolicy``, use |
|
746 |
``pyramid.config.Configurator.testing_securitypolicy`` instead. |
|
747 |
|
|
748 |
* ``registerResources`` (aka ``registerModels``, use |
|
749 |
``pyramid.config.Configurator.testing_resources`` instead. |
|
750 |
|
|
751 |
* ``registerEventListener``, use |
|
752 |
``pyramid.config.Configurator.testing_add_subscriber`` instead. |
|
753 |
|
|
754 |
* ``registerTemplateRenderer`` (aka `registerDummyRenderer``), use |
|
755 |
``pyramid.config.Configurator.testing_add_template`` instead. |
|
756 |
|
|
757 |
* ``registerView``, use ``pyramid.config.Configurator.add_view`` instead. |
|
758 |
|
|
759 |
* ``registerUtility``, use |
|
760 |
``pyramid.config.Configurator.registry.registerUtility`` instead. |
|
761 |
|
|
762 |
* ``registerAdapter``, use |
|
763 |
``pyramid.config.Configurator.registry.registerAdapter`` instead. |
|
764 |
|
ae6135
|
765 |
* ``registerSubscriber``, use |
69e0aa
|
766 |
``pyramid.config.Configurator.add_subscriber`` instead. |
CM |
767 |
|
ae6135
|
768 |
* ``registerRoute``, use |
69e0aa
|
769 |
``pyramid.config.Configurator.add_route`` instead. |
CM |
770 |
|
ae6135
|
771 |
* ``registerSettings``, use |
69e0aa
|
772 |
``pyramid.config.Configurator.add_settings`` instead. |
CM |
773 |
|
64452e
|
774 |
- In Pyramid 1.3 and previous, the ``__call__`` method of a Response object |
CM |
775 |
was invoked before any finished callbacks were executed. As of this |
|
776 |
release, the ``__call__`` method of a Response object is invoked *after* |
|
777 |
finished callbacks are executed. This is in support of the |
|
778 |
``request.invoke_subrequest`` feature. |
|
779 |
|
b72ba1
|
780 |
Documentation |
CM |
781 |
------------- |
|
782 |
|
|
783 |
- Added an "Upgrading Pyramid" chapter to the narrative documentation. It |
07cb8f
|
784 |
describes how to cope with deprecations and removals of Pyramid APIs and |
CM |
785 |
how to show Pyramid-generated deprecation warnings while running tests and |
|
786 |
while running a server. |
b72ba1
|
787 |
|
37d2c2
|
788 |
- Added a "Invoking a Subrequest" chapter to the documentation. It describes |
64452e
|
789 |
how to use the new ``request.invoke_subrequest`` API. |
37d2c2
|
790 |
|
ebcdc7
|
791 |
Dependencies |
CM |
792 |
------------ |
|
793 |
|
|
794 |
- Pyramid now requires WebOb 1.2b3+ (the prior Pyramid release only relied on |
|
795 |
1.2dev+). This is to ensure that we obtain a version of WebOb that returns |
|
796 |
``request.path_info`` as text. |
|
797 |
|