| | |
| | | 1.7 (2016-05-19) |
| | | ================ |
| | | |
| | | - Fix a bug in the wiki2 tutorial where bcrypt is always expecting byte |
| | | strings. See https://github.com/Pylons/pyramid/pull/2576 |
| | | |
| | | - Simplify windows detection code and remove some duplicated data. |
| | | See https://github.com/Pylons/pyramid/pull/2585 and |
| | | https://github.com/Pylons/pyramid/pull/2586 |
| | | |
| | | 1.7b4 (2016-05-12) |
| | | ================== |
| | | |
| | | - Fixed the exception view tween to re-raise the original exception if |
| | | no exception view could be found to handle the exception. This better |
| | | allows tweens further up the chain to handle exceptions that were |
| | | left unhandled. Previously they would be converted into a |
| | | ``PredicateMismatch`` exception if predicates failed to allow the view to |
| | | handle the exception. |
| | | See https://github.com/Pylons/pyramid/pull/2567 |
| | | |
| | | - Exposed the ``pyramid.interfaces.IRequestFactory`` interface to mirror |
| | | the public ``pyramid.interfaces.IResponseFactory`` interface. |
| | | |
| | | 1.7b3 (2016-05-10) |
| | | ================== |
| | | |
| | | - Fix ``request.invoke_exception_view`` to raise an ``HTTPNotFound`` |
| | | exception if no view is matched. Previously ``None`` would be returned |
| | | if no views were matched and a ``PredicateMismatch`` would be raised if |
| | | a view "almost" matched (a view was found matching the context). |
| | | See https://github.com/Pylons/pyramid/pull/2564 |
| | | |
| | | - Add defaults for py.test configuration and coverage to all three scaffolds, |
| | | and update documentation accordingly. |
| | | See https://github.com/Pylons/pyramid/pull/2550 |
| | | |
| | | - Add ``linkcheck`` to ``Makefile`` for Sphinx. To check the documentation for |
| | | broken links, use the command ``make linkcheck |
| | | SPHINXBUILD=$VENV/bin/sphinx-build``. Also removed and fixed dozens of broken |
| | | external links. |
| | | |
| | | - Fix the internal runner for scaffold tests to ensure they work with pip |
| | | and py.test. |
| | | See https://github.com/Pylons/pyramid/pull/2565 |
| | | |
| | | 1.7b2 (2016-05-01) |
| | | ================== |
| | | |
| | | - Removed inclusion of pyramid_tm in development.ini for alchemy scaffold |
| | | See https://github.com/Pylons/pyramid/issues/2538 |
| | | |
| | | - A default permission set via ``config.set_default_permission`` will no |
| | | longer be enforced on an exception view. This has been the case for a while |
| | | with the default exception views (``config.add_notfound_view`` and |
| | | ``config.add_forbidden_view``), however for any other exception view a |
| | | developer had to remember to set ``permission=NO_PERMISSION_REQUIRED`` or |
| | | be surprised when things didn't work. It is still possible to force a |
| | | permission check on an exception view by setting the ``permission`` argument |
| | | manually to ``config.add_view``. This behavior is consistent with the new |
| | | CSRF features added in the 1.7 series. |
| | | See https://github.com/Pylons/pyramid/pull/2534 |
| | | |
| | | 1.7b1 (2016-04-25) |
| | | ================== |
| | | |
| | | - This release announces the beta period for 1.7. |
| | | |
| | | - Fix an issue where some files were being included in the alchemy scafffold |
| | | which had been removed from the 1.7 series. |
| | | See https://github.com/Pylons/pyramid/issues/2525 |
| | | |
| | | 1.7a2 (2016-04-19) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Automatic CSRF checks are now disabled by default on exception views. They |
| | | can be turned back on by setting the appropriate `require_csrf` option on |
| | | the view. |
| | | See https://github.com/Pylons/pyramid/pull/2517 |
| | | |
| | | - The automatic CSRF API was reworked to use a config directive for |
| | | setting the options. The ``pyramid.require_default_csrf`` setting is |
| | | no longer supported. Instead, a new ``config.set_default_csrf_options`` |
| | | directive has been introduced that allows the developer to specify |
| | | the default value for ``require_csrf`` as well as change the CSRF token, |
| | | header and safe request methods. The ``pyramid.csrf_trusted_origins`` |
| | | setting is still supported. |
| | | See https://github.com/Pylons/pyramid/pull/2518 |
| | | |
| | | Bug fixes |
| | | --------- |
| | | |
| | | - CSRF origin checks had a bug causing the checks to always fail. |
| | | See https://github.com/Pylons/pyramid/pull/2512 |
| | | |
| | | - Fix the test suite to pass on windows. |
| | | See https://github.com/Pylons/pyramid/pull/2520 |
| | | |
| | | 1.7a1 (2016-04-16) |
| | | ================== |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - Following the Pyramid deprecation period (1.4 -> 1.6), |
| | | AuthTktAuthenticationPolicy's default hashing algorithm is changing from md5 |
| | | to sha512. If you are using the authentication policy and need to continue |
| | | using md5, please explicitly set hashalg to 'md5'. |
| | | |
| | | This change does mean that any existing auth tickets (and associated cookies) |
| | | will no longer be valid, and users will no longer be logged in, and have to |
| | | login to their accounts again. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2496 |
| | | |
| | | - The ``check_csrf_token`` function no longer validates a csrf token in the |
| | | query string of a request. Only headers and request bodies are supported. |
| | | See https://github.com/Pylons/pyramid/pull/2500 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Added a new setting, ``pyramid.require_default_csrf`` which may be used |
| | | to turn on CSRF checks globally for every POST request in the application. |
| | | This should be considered a good default for websites built on Pyramid. |
| | | It is possible to opt-out of CSRF checks on a per-view basis by setting |
| | | ``require_csrf=False`` on those views. |
| | | See https://github.com/Pylons/pyramid/pull/2413 |
| | | |
| | | - Added a ``require_csrf`` view option which will enforce CSRF checks on any |
| | | request with an unsafe method as defined by RFC2616. If the CSRF check fails |
| | | a ``BadCSRFToken`` exception will be raised and may be caught by exception |
| | | views (the default response is a ``400 Bad Request``). This option should be |
| | | used in place of the deprecated ``check_csrf`` view predicate which would |
| | | normally result in unexpected ``404 Not Found`` response to the client |
| | | instead of a catchable exception. See |
| | | https://github.com/Pylons/pyramid/pull/2413 and |
| | | https://github.com/Pylons/pyramid/pull/2500 |
| | | |
| | | - Added an additional CSRF validation that checks the origin/referrer of a |
| | | request and makes sure it matches the current ``request.domain``. This |
| | | particular check is only active when accessing a site over HTTPS as otherwise |
| | | browsers don't always send the required information. If this additional CSRF |
| | | validation fails a ``BadCSRFOrigin`` exception will be raised and may be |
| | | caught by exception views (the default response is ``400 Bad Request``). |
| | | Additional allowed origins may be configured by setting |
| | | ``pyramid.csrf_trusted_origins`` to a list of domain names (with ports if on |
| | | a non standard port) to allow. Subdomains are not allowed unless the domain |
| | | name has been prefixed with a ``.``. See |
| | | https://github.com/Pylons/pyramid/pull/2501 |
| | | |
| | | - Added a new ``pyramid.session.check_csrf_origin`` API for validating the |
| | | origin or referrer headers against the request's domain. |
| | | See https://github.com/Pylons/pyramid/pull/2501 |
| | | |
| | | - Pyramid HTTPExceptions will now take into account the best match for the |
| | | clients Accept header, and depending on what is requested will return |
| | | text/html, application/json or text/plain. The default for */* is still |
| | | text/html, but if application/json is explicitly mentioned it will now |
| | | receive a valid JSON response. See |
| | | https://github.com/Pylons/pyramid/pull/2489 |
| | | |
| | | - A new event and interface (BeforeTraversal) has been introduced that will |
| | | notify listeners before traversal starts in the router. See |
| | | https://github.com/Pylons/pyramid/pull/2469 and |
| | | https://github.com/Pylons/pyramid/pull/1876 |
| | | |
| | | - Add a new "view deriver" concept to Pyramid to allow framework authors to |
| | | inject elements into the standard Pyramid view pipeline and affect all |
| | | views in an application. This is similar to a decorator except that it |
| | | has access to options passed to ``config.add_view`` and can affect other |
| | | stages of the pipeline such as the raw response from a view or prior to |
| | | security checks. See https://github.com/Pylons/pyramid/pull/2021 |
| | | |
| | | - Allow a leading ``=`` on the key of the request param predicate. |
| | | For example, '=abc=1' is equivalent down to |
| | | ``request.params['=abc'] == '1'``. |
| | | See https://github.com/Pylons/pyramid/pull/1370 |
| | | |
| | | - A new ``request.invoke_exception_view(...)`` method which can be used to |
| | | invoke an exception view and get back a response. This is useful for |
| | | rendering an exception view outside of the context of the excview tween |
| | | where you may need more control over the request. |
| | | See https://github.com/Pylons/pyramid/pull/2393 |
| | | |
| | | - Allow using variable substitutions like ``%(LOGGING_LOGGER_ROOT_LEVEL)s`` |
| | | for logging sections of the .ini file and populate these variables from |
| | | the ``pserve`` command line -- e.g.: |
| | | ``pserve development.ini LOGGING_LOGGER_ROOT_LEVEL=DEBUG`` |
| | | See https://github.com/Pylons/pyramid/pull/2399 |
| | | |
| | | Documentation Changes |
| | | --------------------- |
| | | |
| | | - A complete overhaul of the docs: |
| | | |
| | | - Use pip instead of easy_install. |
| | | - Become opinionated by preferring Python 3.4 or greater to simplify |
| | | installation of Python and its required packaging tools. |
| | | - Use venv for the tool, and virtual environment for the thing created, |
| | | instead of virtualenv. |
| | | - Use py.test and pytest-cov instead of nose and coverage. |
| | | - Further updates to the scaffolds as well as tutorials and their src files. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2468 |
| | | |
| | | - A complete overhaul of the ``alchemy`` scaffold as well as the |
| | | Wiki2 SQLAlchemy + URLDispatch tutorial to introduce more modern features |
| | | into the usage of SQLAlchemy with Pyramid and provide a better starting |
| | | point for new projects. |
| | | See https://github.com/Pylons/pyramid/pull/2024 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Fix ``pserve --browser`` to use the ``--server-name`` instead of the |
| | | app name when selecting a section to use. This was only working for people |
| | | who had server and app sections with the same name, for example |
| | | ``[app:main]`` and ``[server:main]``. |
| | | See https://github.com/Pylons/pyramid/pull/2292 |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The ``check_csrf`` view predicate has been deprecated. Use the |
| | | new ``require_csrf`` option or the ``pyramid.require_default_csrf`` setting |
| | | to ensure that the ``BadCSRFToken`` exception is raised. |
| | | See https://github.com/Pylons/pyramid/pull/2413 |
| | | |
| | | - Support for Python 3.3 will be removed in Pyramid 1.8. |
| | | https://github.com/Pylons/pyramid/issues/2477 |
| | | |
| | | - Python 2.6 is no longer supported by Pyramid. See |
| | | https://github.com/Pylons/pyramid/issues/2368 |
| | | |
| | | - Dropped Python 3.2 support. |
| | | See https://github.com/Pylons/pyramid/pull/2256 |
| | | |
| | | 1.6 (2016-01-03) |
| | | ================ |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - Continue removal of ``pserve`` daemon/process management features |
| | | by deprecating ``--user`` and ``--group`` options. |
| | | See https://github.com/Pylons/pyramid/pull/2190 |
| | | |
| | | 1.6b3 (2015-12-17) |
| | | ================== |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - Remove the ``cachebust`` option from ``config.add_static_view``. See |
| | | ``config.add_cache_buster`` for the new way to attach cache busters to |
| | | static assets. |
| | | See https://github.com/Pylons/pyramid/pull/2186 |
| | | |
| | | - Modify the ``pyramid.interfaces.ICacheBuster`` API to be a simple callable |
| | | instead of an object with ``match`` and ``pregenerate`` methods. Cache |
| | | busters are now focused solely on generation. Matching has been dropped. |
| | | |
| | | Note this affects usage of ``pyramid.static.QueryStringCacheBuster`` and |
| | | ``pyramid.static.ManifestCacheBuster``. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/2186 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Add a new ``config.add_cache_buster`` API for attaching cache busters to |
| | | static assets. See https://github.com/Pylons/pyramid/pull/2186 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Ensure that ``IAssetDescriptor.abspath`` always returns an absolute path. |
| | | There were cases depending on the process CWD that a relative path would |
| | | be returned. See https://github.com/Pylons/pyramid/issues/2188 |
| | | |
| | | 1.6b2 (2015-10-15) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Allow asset specifications to be supplied to |
| | | ``pyramid.static.ManifestCacheBuster`` instead of requiring a |
| | | filesystem path. |
| | | |
| | | 1.6b1 (2015-10-15) |
| | | ================== |
| | | |
| | | Backward Incompatibilities |
| | | -------------------------- |
| | | |
| | | - IPython and BPython support have been removed from pshell in the core. |
| | | To continue using them on Pyramid 1.6+ you must install the binding |
| | | packages explicitly:: |
| | | |
| | | $ pip install pyramid_ipython |
| | | |
| | | or |
| | | |
| | | $ pip install pyramid_bpython |
| | | |
| | | - Remove default cache busters introduced in 1.6a1 including |
| | | ``PathSegmentCacheBuster``, ``PathSegmentMd5CacheBuster``, and |
| | | ``QueryStringMd5CacheBuster``. |
| | | See https://github.com/Pylons/pyramid/pull/2116 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Additional shells for ``pshell`` can now be registered as entrypoints. See |
| | | https://github.com/Pylons/pyramid/pull/1891 and |
| | | https://github.com/Pylons/pyramid/pull/2012 |
| | | |
| | | - The variables injected into ``pshell`` are now displayed with their |
| | | docstrings instead of the default ``str(obj)`` when possible. |
| | | See https://github.com/Pylons/pyramid/pull/1929 |
| | | |
| | | - Add new ``pyramid.static.ManifestCacheBuster`` for use with external |
| | | asset pipelines as well as examples of common usages in the narrative. |
| | | See https://github.com/Pylons/pyramid/pull/2116 |
| | | |
| | | - Fix ``pserve --reload`` to not crash on syntax errors!!! |
| | | See https://github.com/Pylons/pyramid/pull/2125 |
| | | |
| | | - Fix an issue when user passes unparsed strings to ``pyramid.session.CookieSession`` |
| | | and ``pyramid.authentication.AuthTktCookieHelper`` for time related parameters |
| | | ``timeout``, ``reissue_time``, ``max_age`` that expect an integer value. |
| | | See https://github.com/Pylons/pyramid/pull/2050 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - ``pyramid.httpexceptions.HTTPException`` now defaults to |
| | | ``520 Unknown Error`` instead of ``None None`` to conform with changes in |
| | | WebOb 1.5. |
| | | See https://github.com/Pylons/pyramid/pull/1865 |
| | | |
| | | - ``pshell`` will now preserve the capitalization of variables in the |
| | | ``[pshell]`` section of the INI file. This makes exposing classes to the |
| | | shell a little more straightfoward. |
| | | See https://github.com/Pylons/pyramid/pull/1883 |
| | | |
| | | - Fixed usage of ``pserve --monitor-restart --daemon`` which would fail in |
| | | horrible ways. See https://github.com/Pylons/pyramid/pull/2118 |
| | | |
| | | - Explicitly prevent ``pserve --reload --daemon`` from being used. It's never |
| | | been supported but would work and fail in weird ways. |
| | | See https://github.com/Pylons/pyramid/pull/2119 |
| | | |
| | | - Fix an issue on Windows when running ``pserve --reload`` in which the |
| | | process failed to fork because it could not find the pserve script to |
| | | run. See https://github.com/Pylons/pyramid/pull/2138 |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - Deprecate ``pserve --monitor-restart`` in favor of user's using a real |
| | | process manager such as Systemd or Upstart as well as Python-based |
| | | solutions like Circus and Supervisor. |
| | | See https://github.com/Pylons/pyramid/pull/2120 |
| | | |
| | | 1.6a2 (2015-06-30) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Ensure that ``pyramid.httpexceptions.exception_response`` returns the |
| | | appropriate "concrete" class for ``400`` and ``500`` status codes. |
| | | See https://github.com/Pylons/pyramid/issues/1832 |
| | | |
| | | - Fix an infinite recursion bug introduced in 1.6a1 when |
| | | ``pyramid.view.render_view_to_response`` was called directly or indirectly. |
| | | See https://github.com/Pylons/pyramid/issues/1643 |
| | | |
| | | - Further fix the JSONP renderer by prefixing the returned content with |
| | | a comment. This should mitigate attacks from Flash (See CVE-2014-4671). |
| | | See https://github.com/Pylons/pyramid/pull/1649 |
| | | |
| | | - Allow periods and brackets (``[]``) in the JSONP callback. The original |
| | | fix was overly-restrictive and broke Angular. |
| | | See https://github.com/Pylons/pyramid/pull/1649 |
| | | |
| | | 1.6a1 (2015-04-15) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - pcreate will now ask for confirmation if invoked with |
| | | an argument for a project name that already exists or |
| | | is importable in the current environment. |
| | | See https://github.com/Pylons/pyramid/issues/1357 and |
| | | https://github.com/Pylons/pyramid/pull/1837 |
| | | |
| | | - Make it possible to subclass ``pyramid.request.Request`` and also use |
| | | ``pyramid.request.Request.add_request.method``. See |
| | | https://github.com/Pylons/pyramid/issues/1529 |
| | | |
| | | - The ``pyramid.config.Configurator`` has grown the ability to allow |
| | | actions to call other actions during a commit-cycle. This enables much more |
| | | logic to be placed into actions, such as the ability to invoke other actions |
| | | or group them for improved conflict detection. We have also exposed and |
| | | documented the config phases that Pyramid uses in order to further assist |
| | | in building conforming addons. |
| | | See https://github.com/Pylons/pyramid/pull/1513 |
| | | |
| | | - Add ``pyramid.request.apply_request_extensions`` function which can be |
| | | used in testing to apply any request extensions configured via |
| | | ``config.add_request_method``. Previously it was only possible to test |
| | | the extensions by going through Pyramid's router. |
| | | See https://github.com/Pylons/pyramid/pull/1581 |
| | | |
| | | - pcreate when run without a scaffold argument will now print information on |
| | | the missing flag, as well as a list of available scaffolds. |
| | | See https://github.com/Pylons/pyramid/pull/1566 and |
| | | https://github.com/Pylons/pyramid/issues/1297 |
| | | |
| | | - Added support / testing for 'pypy3' under Tox and Travis. |
| | | See https://github.com/Pylons/pyramid/pull/1469 |
| | | |
| | | - Automate code coverage metrics across py2 and py3 instead of just py2. |
| | | See https://github.com/Pylons/pyramid/pull/1471 |
| | | |
| | | - Cache busting for static resources has been added and is available via a new |
| | | argument to ``pyramid.config.Configurator.add_static_view``: ``cachebust``. |
| | | Core APIs are shipped for both cache busting via query strings and |
| | | path segments and may be extended to fit into custom asset pipelines. |
| | | See https://github.com/Pylons/pyramid/pull/1380 and |
| | | https://github.com/Pylons/pyramid/pull/1583 |
| | | |
| | | - Add ``pyramid.config.Configurator.root_package`` attribute and init |
| | | parameter to assist with includeable packages that wish to resolve |
| | | resources relative to the package in which the ``Configurator`` was created. |
| | | This is especially useful for addons that need to load asset specs from |
| | | settings, in which case it is may be natural for a developer to define |
| | | imports or assets relative to the top-level package. |
| | | See https://github.com/Pylons/pyramid/pull/1337 |
| | | |
| | | - Added line numbers to the log formatters in the scaffolds to assist with |
| | | debugging. See https://github.com/Pylons/pyramid/pull/1326 |
| | | |
| | | - Add new HTTP exception objects for status codes |
| | | ``428 Precondition Required``, ``429 Too Many Requests`` and |
| | | ``431 Request Header Fields Too Large`` in ``pyramid.httpexceptions``. |
| | | See https://github.com/Pylons/pyramid/pull/1372/files |
| | | |
| | | - The ``pshell`` script will now load a ``PYTHONSTARTUP`` file if one is |
| | | defined in the environment prior to launching the interpreter. |
| | | See https://github.com/Pylons/pyramid/pull/1448 |
| | | |
| | | - Make it simple to define notfound and forbidden views that wish to use |
| | | the default exception-response view but with altered predicates and other |
| | | configuration options. The ``view`` argument is now optional in |
| | | ``config.add_notfound_view`` and ``config.add_forbidden_view``.. |
| | | See https://github.com/Pylons/pyramid/issues/494 |
| | | |
| | | - Greatly improve the readability of the ``pcreate`` shell script output. |
| | | See https://github.com/Pylons/pyramid/pull/1453 |
| | | |
| | | - Improve robustness to timing attacks in the ``AuthTktCookieHelper`` and |
| | | the ``SignedCookieSessionFactory`` classes by using the stdlib's |
| | | ``hmac.compare_digest`` if it is available (such as Python 2.7.7+ and 3.3+). |
| | | See https://github.com/Pylons/pyramid/pull/1457 |
| | | |
| | | - Assets can now be overidden by an absolute path on the filesystem when using |
| | | the ``config.override_asset`` API. This makes it possible to fully support |
| | | serving up static content from a mutable directory while still being able |
| | | to use the ``request.static_url`` API and ``config.add_static_view``. |
| | | Previously it was not possible to use ``config.add_static_view`` with an |
| | | absolute path **and** generate urls to the content. This change replaces |
| | | the call, ``config.add_static_view('/abs/path', 'static')``, with |
| | | ``config.add_static_view('myapp:static', 'static')`` and |
| | | ``config.override_asset(to_override='myapp:static/', |
| | | override_with='/abs/path/')``. The ``myapp:static`` asset spec is completely |
| | | made up and does not need to exist - it is used for generating urls |
| | | via ``request.static_url('myapp:static/foo.png')``. |
| | | See https://github.com/Pylons/pyramid/issues/1252 |
| | | |
| | | - Added ``pyramid.config.Configurator.set_response_factory`` and the |
| | | ``response_factory`` keyword argument to the ``Configurator`` for defining |
| | | a factory that will return a custom ``Response`` class. |
| | | See https://github.com/Pylons/pyramid/pull/1499 |
| | | |
| | | - Allow an iterator to be returned from a renderer. Previously it was only |
| | | possible to return bytes or unicode. |
| | | See https://github.com/Pylons/pyramid/pull/1417 |
| | | |
| | | - ``pserve`` can now take a ``-b`` or ``--browser`` option to open the server |
| | | URL in a web browser. See https://github.com/Pylons/pyramid/pull/1533 |
| | | |
| | | - Overall improvments for the ``proutes`` command. Added ``--format`` and |
| | | ``--glob`` arguments to the command, introduced the ``method`` |
| | | column for displaying available request methods, and improved the ``view`` |
| | | output by showing the module instead of just ``__repr__``. |
| | | See https://github.com/Pylons/pyramid/pull/1488 |
| | | |
| | | - Support keyword-only arguments and function annotations in views in |
| | | Python 3. See https://github.com/Pylons/pyramid/pull/1556 |
| | | |
| | | - ``request.response`` will no longer be mutated when using the |
| | | ``pyramid.renderers.render_to_response()`` API. It is now necessary to |
| | | pass in a ``response=`` argument to ``render_to_response`` if you wish to |
| | | supply the renderer with a custom response object for it to use. If you |
| | | do not pass one then a response object will be created using the |
| | | application's ``IResponseFactory``. Almost all renderers |
| | | mutate the ``request.response`` response object (for example, the JSON |
| | | renderer sets ``request.response.content_type`` to ``application/json``). |
| | | However, when invoking ``render_to_response`` it is not expected that the |
| | | response object being returned would be the same one used later in the |
| | | request. The response object returned from ``render_to_response`` is now |
| | | explicitly different from ``request.response``. This does not change the |
| | | API of a renderer. See https://github.com/Pylons/pyramid/pull/1563 |
| | | |
| | | - The ``append_slash`` argument of ```Configurator().add_notfound_view()`` will |
| | | now accept anything that implements the ``IResponse`` interface and will use |
| | | that as the response class instead of the default ``HTTPFound``. See |
| | | https://github.com/Pylons/pyramid/pull/1610 |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - The JSONP renderer created JavaScript code in such a way that a callback |
| | | variable could be used to arbitrarily inject javascript into the response |
| | | object. https://github.com/Pylons/pyramid/pull/1627 |
| | | |
| | | - Work around an issue where ``pserve --reload`` would leave terminal echo |
| | | disabled if it reloaded during a pdb session. |
| | | See https://github.com/Pylons/pyramid/pull/1577, |
| | | https://github.com/Pylons/pyramid/pull/1592 |
| | | |
| | | - ``pyramid.wsgi.wsgiapp`` and ``pyramid.wsgi.wsgiapp2`` now raise |
| | | ``ValueError`` when accidentally passed ``None``. |
| | | See https://github.com/Pylons/pyramid/pull/1320 |
| | | |
| | | - Fix an issue whereby predicates would be resolved as maybe_dotted in the |
| | | introspectable but not when passed for registration. This would mean that |
| | | ``add_route_predicate`` for example can not take a string and turn it into |
| | | the actual callable function. |
| | | See https://github.com/Pylons/pyramid/pull/1306 |
| | | |
| | | - Fix ``pyramid.testing.setUp`` to return a ``Configurator`` with a proper |
| | | package. Previously it was not possible to do package-relative includes |
| | | using the returned ``Configurator`` during testing. There is now a |
| | | ``package`` argument that can override this behavior as well. |
| | | See https://github.com/Pylons/pyramid/pull/1322 |
| | | |
| | | - Fix an issue where a ``pyramid.response.FileResponse`` may apply a charset |
| | | where it does not belong. See https://github.com/Pylons/pyramid/pull/1251 |
| | | |
| | | - Work around a bug introduced in Python 2.7.7 on Windows where |
| | | ``mimetypes.guess_type`` returns Unicode rather than str for the content |
| | | type, unlike any previous version of Python. See |
| | | https://github.com/Pylons/pyramid/issues/1360 for more information. |
| | | |
| | | - ``pcreate`` now normalizes the package name by converting hyphens to |
| | | underscores. See https://github.com/Pylons/pyramid/pull/1376 |
| | | |
| | | - Fix an issue with the final response/finished callback being unable to |
| | | add another callback to the list. See |
| | | https://github.com/Pylons/pyramid/pull/1373 |
| | | |
| | | - Fix a failing unittest caused by differing mimetypes across various OSs. |
| | | See https://github.com/Pylons/pyramid/issues/1405 |
| | | |
| | | - Fix route generation for static view asset specifications having no path. |
| | | See https://github.com/Pylons/pyramid/pull/1377 |
| | | |
| | | - Allow the ``pyramid.renderers.JSONP`` renderer to work even if there is no |
| | | valid request object. In this case it will not wrap the object in a |
| | | callback and thus behave just like the ``pyramid.renderers.JSON`` renderer. |
| | | See https://github.com/Pylons/pyramid/pull/1561 |
| | | |
| | | - Prevent "parameters to load are deprecated" ``DeprecationWarning`` |
| | | from setuptools>=11.3. See https://github.com/Pylons/pyramid/pull/1541 |
| | | |
| | | - Avoiding sharing the ``IRenderer`` objects across threads when attached to |
| | | a view using the `renderer=` argument. These renderers were instantiated |
| | | at time of first render and shared between requests, causing potentially |
| | | subtle effects like `pyramid.reload_templates = true` failing to work |
| | | in `pyramid_mako`. See https://github.com/Pylons/pyramid/pull/1575 |
| | | and https://github.com/Pylons/pyramid/issues/1268 |
| | | |
| | | - Avoiding timing attacks against CSRF tokens. |
| | | See https://github.com/Pylons/pyramid/pull/1574 |
| | | |
| | | - ``request.finished_callbacks`` and ``request.response_callbacks`` now |
| | | default to an iterable instead of ``None``. It may be checked for a length |
| | | of 0. This was the behavior in 1.5. |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The ``pserve`` command's daemonization features have been deprecated. This |
| | | includes the ``[start,stop,restart,status]`` subcommands as well as the |
| | | ``--daemon``, ``--stop-server``, ``--pid-file``, and ``--status`` flags. |
| | | |
| | | Please use a real process manager in the future instead of relying on the |
| | | ``pserve`` to daemonize itself. Many options exist including your Operating |
| | | System's services such as Systemd or Upstart, as well as Python-based |
| | | solutions like Circus and Supervisor. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/1641 |
| | | |
| | | - Renamed the ``principal`` argument to ``pyramid.security.remember()`` to |
| | | ``userid`` in order to clarify its intended purpose. |
| | | See https://github.com/Pylons/pyramid/pull/1399 |
| | | |
| | | Docs |
| | | ---- |
| | | |
| | | - Moved the documentation for ``accept`` on ``Configurator.add_view`` to no |
| | | longer be part of the predicate list. See |
| | | https://github.com/Pylons/pyramid/issues/1391 for a bug report stating |
| | | ``not_`` was failing on ``accept``. Discussion with @mcdonc led to the |
| | | conclusion that it should not be documented as a predicate. |
| | | See https://github.com/Pylons/pyramid/pull/1487 for this PR |
| | | |
| | | - Removed logging configuration from Quick Tutorial ini files except for |
| | | scaffolding- and logging-related chapters to avoid needing to explain it too |
| | | early. |
| | | |
| | | - Clarify a previously-implied detail of the ``ISession.invalidate`` API |
| | | documentation. |
| | | |
| | | - Improve and clarify the documentation on what Pyramid defines as a |
| | | ``principal`` and a ``userid`` in its security APIs. |
| | | See https://github.com/Pylons/pyramid/pull/1399 |
| | | |
| | | - Add documentation of command line programs (``p*`` scripts). See |
| | | https://github.com/Pylons/pyramid/pull/2191 |
| | | |
| | | Scaffolds |
| | | --------- |
| | | |
| | | - Update scaffold generating machinery to return the version of pyramid and |
| | | pyramid docs for use in scaffolds. Updated starter, alchemy and zodb |
| | | templates to have links to correctly versioned documentation and reflect |
| | | which pyramid was used to generate the scaffold. |
| | | |
| | | - Removed non-ascii copyright symbol from templates, as this was |
| | | causing the scaffolds to fail for project generation. |
| | | |
| | | - You can now run the scaffolding func tests via ``tox py2-scaffolds`` and |
| | | ``tox py3-scaffolds``. |
| | | |
| | | |
| | | 1.5 (2014-04-08) |
| | | ================ |
| | | |
| | | - Python 3.4 compatibility. |
| | | |
| | | - Avoid crash in ``pserve --reload`` under Py3k, when iterating over possibly |
| | | mutated ``sys.modules``. |
| | | |
| | | - ``UnencryptedCookieSessionFactoryConfig`` failed if the secret contained |
| | | higher order characters. See https://github.com/Pylons/pyramid/issues/1246 |
| | | |
| | | - Fixed a bug in ``UnencryptedCookieSessionFactoryConfig`` and |
| | | ``SignedCookieSessionFactory`` where ``timeout=None`` would cause a new |
| | | session to always be created. Also in ``SignedCookieSessionFactory`` a |
| | | ``reissue_time=None`` would cause an exception when modifying the session. |
| | | See https://github.com/Pylons/pyramid/issues/1247 |
| | | |
| | | - Updated docs and scaffolds to keep in step with new 2.0 release of |
| | | ``Lingua``. This included removing all ``setup.cfg`` files from scaffolds |
| | | and documentation environments. |
| | | |
| | | 1.5b1 (2014-02-08) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - We no longer eagerly clear ``request.exception`` and ``request.exc_info`` in |
| | | the exception view tween. This makes it possible to inspect exception |
| | | information within a finished callback. See |
| | | https://github.com/Pylons/pyramid/issues/1223. |
| | | |
| | | 1.5a4 (2014-01-28) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Updated scaffolds with new theme, fixed documentation and sample project. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Depend on a newer version of WebOb so that we pull in some crucial bug-fixes |
| | | that were showstoppers for functionality in Pyramid. |
| | | |
| | | - Add a trailing semicolon to the JSONP response. This fixes JavaScript syntax |
| | | errors for old IE versions. See https://github.com/Pylons/pyramid/pull/1205 |
| | | |
| | | - Fix a memory leak when the configurator's ``set_request_property`` method was |
| | | used or when the configurator's ``add_request_method`` method was used with |
| | | the ``property=True`` attribute. See |
| | | https://github.com/Pylons/pyramid/issues/1212 . |
| | | |
| | | 1.5a3 (2013-12-10) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - An authorization API has been added as a method of the |
| | | request: ``request.has_permission``. |
| | | |
| | | ``request.has_permission`` is a method-based alternative to the |
| | | ``pyramid.security.has_permission`` API and works exactly the same. The |
| | | older API is now deprecated. |
| | | |
| | | - Property API attributes have been added to the request for easier access to |
| | | authentication data: ``request.authenticated_userid``, |
| | | ``request.unauthenticated_userid``, and ``request.effective_principals``. |
| | | |
| | | These are analogues, respectively, of |
| | | ``pyramid.security.authenticated_userid``, |
| | | ``pyramid.security.unauthenticated_userid``, and |
| | | ``pyramid.security.effective_principals``. They operate exactly the same, |
| | | except they are attributes of the request instead of functions accepting a |
| | | request. They are properties, so they cannot be assigned to. The older |
| | | function-based APIs are now deprecated. |
| | | |
| | | - Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be run |
| | | directly, allowing custom arguments to be sent to the python interpreter |
| | | at runtime. For example:: |
| | | |
| | | python -3 -m pyramid.scripts.pserve development.ini |
| | | |
| | | - Added a specific subclass of ``HTTPBadRequest`` named |
| | | ``pyramid.exceptions.BadCSRFToken`` which will now be raised in response |
| | | to failures in ``check_csrf_token``. |
| | | See https://github.com/Pylons/pyramid/pull/1149 |
| | | |
| | | - Added a new ``SignedCookieSessionFactory`` which is very similar to the |
| | | ``UnencryptedCookieSessionFactoryConfig`` but with a clearer focus on signing |
| | | content. The custom serializer arguments to this function should only focus |
| | | on serializing, unlike its predecessor which required the serializer to also |
| | | perform signing. See https://github.com/Pylons/pyramid/pull/1142 . Note |
| | | that cookies generated using ``SignedCookieSessionFactory`` are not |
| | | compatible with cookies generated using ``UnencryptedCookieSessionFactory``, |
| | | so existing user session data will be destroyed if you switch to it. |
| | | |
| | | - Added a new ``BaseCookieSessionFactory`` which acts as a generic cookie |
| | | factory that can be used by framework implementors to create their own |
| | | session implementations. It provides a reusable API which focuses strictly |
| | | on providing a dictionary-like object that properly handles renewals, |
| | | timeouts, and conformance with the ``ISession`` API. |
| | | See https://github.com/Pylons/pyramid/pull/1142 |
| | | |
| | | - The anchor argument to ``pyramid.request.Request.route_url`` and |
| | | ``pyramid.request.Request.resource_url`` and their derivatives will now be |
| | | escaped via URL quoting to ensure minimal conformance. See |
| | | https://github.com/Pylons/pyramid/pull/1183 |
| | | |
| | | - Allow sending of ``_query`` and ``_anchor`` options to |
| | | ``pyramid.request.Request.static_url`` when an external URL is being |
| | | generated. |
| | | See https://github.com/Pylons/pyramid/pull/1183 |
| | | |
| | | - You can now send a string as the ``_query`` argument to |
| | | ``pyramid.request.Request.route_url`` and |
| | | ``pyramid.request.Request.resource_url`` and their derivatives. When a |
| | | string is sent instead of a list or dictionary. it is URL-quoted however it |
| | | does not need to be in ``k=v`` form. This is useful if you want to be able |
| | | to use a different query string format than ``x-www-form-urlencoded``. See |
| | | https://github.com/Pylons/pyramid/pull/1183 |
| | | |
| | | - ``pyramid.testing.DummyRequest`` now has a ``domain`` attribute to match the |
| | | new WebOb 1.3 API. Its value is ``example.com``. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Fix the ``pcreate`` script so that when the target directory name ends with a |
| | | slash it does not produce a non-working project directory structure. |
| | | Previously saying ``pcreate -s starter /foo/bar/`` produced different output |
| | | than saying ``pcreate -s starter /foo/bar``. The former did not work |
| | | properly. |
| | | |
| | | - Fix the ``principals_allowed_by_permission`` method of |
| | | ``ACLAuthorizationPolicy`` so it anticipates a callable ``__acl__`` |
| | | on resources. Previously it did not try to call the ``__acl__`` |
| | | if it was callable. |
| | | |
| | | - The ``pviews`` script did not work when a url required custom request |
| | | methods in order to perform traversal. Custom methods and descriptors added |
| | | via ``pyramid.config.Configurator.add_request_method`` will now be present, |
| | | allowing traversal to continue. |
| | | See https://github.com/Pylons/pyramid/issues/1104 |
| | | |
| | | - Remove unused ``renderer`` argument from ``Configurator.add_route``. |
| | | |
| | | - Allow the ``BasicAuthenticationPolicy`` to work with non-ascii usernames |
| | | and passwords. The charset is not passed as part of the header and different |
| | | browsers alternate between UTF-8 and Latin-1, so the policy now attempts |
| | | to decode with UTF-8 first, and will fallback to Latin-1. |
| | | See https://github.com/Pylons/pyramid/pull/1170 |
| | | |
| | | - The ``@view_defaults`` now apply to notfound and forbidden views |
| | | that are defined as methods of a decorated class. |
| | | See https://github.com/Pylons/pyramid/issues/1173 |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Added a "Quick Tutorial" to go with the Quick Tour |
| | | |
| | | - Removed mention of ``pyramid_beaker`` from docs. Beaker is no longer |
| | | maintained. Point people at ``pyramid_redis_sessions`` instead. |
| | | |
| | | - Add documentation for ``pyramid.interfaces.IRendererFactory`` and |
| | | ``pyramid.interfaces.IRenderer``. |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - The key/values in the ``_query`` parameter of ``request.route_url`` and the |
| | | ``query`` parameter of ``request.resource_url`` (and their variants), used |
| | | to encode a value of ``None`` as the string ``'None'``, leaving the resulting |
| | | query string to be ``a=b&key=None``. The value is now dropped in this |
| | | situation, leaving a query string of ``a=b&key=``. |
| | | See https://github.com/Pylons/pyramid/issues/1119 |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - Deprecate the ``pyramid.interfaces.ITemplateRenderer`` interface. It was |
| | | ill-defined and became unused when Mako and Chameleon template bindings were |
| | | split into their own packages. |
| | | |
| | | - The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API has been |
| | | deprecated and is superseded by the |
| | | ``pyramid.session.SignedCookieSessionFactory``. Note that while the cookies |
| | | generated by the ``UnencryptedCookieSessionFactoryConfig`` |
| | | are compatible with cookies generated by old releases, cookies generated by |
| | | the SignedCookieSessionFactory are not. See |
| | | https://github.com/Pylons/pyramid/pull/1142 |
| | | |
| | | - The ``pyramid.security.has_permission`` API is now deprecated. Instead, use |
| | | the newly-added ``has_permission`` method of the request object. |
| | | |
| | | - The ``pyramid.security.effective_principals`` API is now deprecated. |
| | | Instead, use the newly-added ``effective_principals`` attribute of the |
| | | request object. |
| | | |
| | | - The ``pyramid.security.authenticated_userid`` API is now deprecated. |
| | | Instead, use the newly-added ``authenticated_userid`` attribute of the |
| | | request object. |
| | | |
| | | - The ``pyramid.security.unauthenticated_userid`` API is now deprecated. |
| | | Instead, use the newly-added ``unauthenticated_userid`` attribute of the |
| | | request object. |
| | | |
| | | Dependencies |
| | | ------------ |
| | | |
| | | - Pyramid now depends on WebOb>=1.3 (it uses ``webob.cookies.CookieProfile`` |
| | | from 1.3+). |
| | | |
| | | 1.5a2 (2013-09-22) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Users can now provide dotted Python names to as the ``factory`` argument |
| | | the Configurator methods named ``add_{view,route,subscriber}_predicate`` |
| | | (instead of passing the predicate factory directly, you can pass a |
| | | dotted name which refers to the factory). |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Fix an exception in ``pyramid.path.package_name`` when resolving the package |
| | | name for namespace packages that had no ``__file__`` attribute. |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - Pyramid no longer depends on or configures the Mako and Chameleon templating |
| | | system renderers by default. Disincluding these templating systems by |
| | | default means that the Pyramid core has fewer dependencies and can run on |
| | | future platforms without immediate concern for the compatibility of its |
| | | templating add-ons. It also makes maintenance slightly more effective, as |
| | | different people can maintain the templating system add-ons that they |
| | | understand and care about without needing commit access to the Pyramid core, |
| | | and it allows users who just don't want to see any packages they don't use |
| | | come along for the ride when they install Pyramid. |
| | | |
| | | This means that upon upgrading to Pyramid 1.5a2+, projects that use either |
| | | of these templating systems will see a traceback that ends something like |
| | | this when their application attempts to render a Chameleon or Mako template:: |
| | | |
| | | ValueError: No such renderer factory .pt |
| | | |
| | | Or:: |
| | | |
| | | ValueError: No such renderer factory .mako |
| | | |
| | | Or:: |
| | | |
| | | ValueError: No such renderer factory .mak |
| | | |
| | | Support for Mako templating has been moved into an add-on package named |
| | | ``pyramid_mako``, and support for Chameleon templating has been moved into |
| | | an add-on package named ``pyramid_chameleon``. These packages are drop-in |
| | | replacements for the old built-in support for these templating langauges. |
| | | All you have to do is install them and make them active in your configuration |
| | | to register renderer factories for ``.pt`` and/or ``.mako`` (or ``.mak``) to |
| | | make your application work again. |
| | | |
| | | To re-add support for Chameleon and/or Mako template renderers into your |
| | | existing projects, follow the below steps. |
| | | |
| | | If you depend on Mako templates: |
| | | |
| | | * Make sure the ``pyramid_mako`` package is installed. One way to do this |
| | | is by adding ``pyramid_mako`` to the ``install_requires`` section of your |
| | | package's ``setup.py`` file and afterwards rerunning ``setup.py develop``:: |
| | | |
| | | setup( |
| | | #... |
| | | install_requires=[ |
| | | 'pyramid_mako', # new dependency |
| | | 'pyramid', |
| | | #... |
| | | ], |
| | | ) |
| | | |
| | | * Within the portion of your application which instantiates a Pyramid |
| | | ``pyramid.config.Configurator`` (often the ``main()`` function in |
| | | your project's ``__init__.py`` file), tell Pyramid to include the |
| | | ``pyramid_mako`` includeme:: |
| | | |
| | | config = Configurator(.....) |
| | | config.include('pyramid_mako') |
| | | |
| | | If you depend on Chameleon templates: |
| | | |
| | | * Make sure the ``pyramid_chameleon`` package is installed. One way to do |
| | | this is by adding ``pyramid_chameleon`` to the ``install_requires`` section |
| | | of your package's ``setup.py`` file and afterwards rerunning |
| | | ``setup.py develop``:: |
| | | |
| | | setup( |
| | | #... |
| | | install_requires=[ |
| | | 'pyramid_chameleon', # new dependency |
| | | 'pyramid', |
| | | #... |
| | | ], |
| | | ) |
| | | |
| | | * Within the portion of your application which instantiates a Pyramid |
| | | ``~pyramid.config.Configurator`` (often the ``main()`` function in |
| | | your project's ``__init__.py`` file), tell Pyramid to include the |
| | | ``pyramid_chameleon`` includeme:: |
| | | |
| | | config = Configurator(.....) |
| | | config.include('pyramid_chameleon') |
| | | |
| | | Note that it's also fine to install these packages into *older* Pyramids for |
| | | forward compatibility purposes. Even if you don't upgrade to Pyramid 1.5 |
| | | immediately, performing the above steps in a Pyramid 1.4 installation is |
| | | perfectly fine, won't cause any difference, and will give you forward |
| | | compatibility when you eventually do upgrade to Pyramid 1.5. |
| | | |
| | | With the removal of Mako and Chameleon support from the core, some |
| | | unit tests that use the ``pyramid.renderers.render*`` methods may begin to |
| | | fail. If any of your unit tests are invoking either |
| | | ``pyramid.renderers.render()`` or ``pyramid.renderers.render_to_response()`` |
| | | with either Mako or Chameleon templates then the |
| | | ``pyramid.config.Configurator`` instance in effect during |
| | | the unit test should be also be updated to include the addons, as shown |
| | | above. For example:: |
| | | |
| | | class ATest(unittest.TestCase): |
| | | def setUp(self): |
| | | self.config = pyramid.testing.setUp() |
| | | self.config.include('pyramid_mako') |
| | | |
| | | def test_it(self): |
| | | result = pyramid.renderers.render('mypkg:templates/home.mako', {}) |
| | | |
| | | Or:: |
| | | |
| | | class ATest(unittest.TestCase): |
| | | def setUp(self): |
| | | self.config = pyramid.testing.setUp() |
| | | self.config.include('pyramid_chameleon') |
| | | |
| | | def test_it(self): |
| | | result = pyramid.renderers.render('mypkg:templates/home.pt', {}) |
| | | |
| | | - If you're using the Pyramid debug toolbar, when you upgrade Pyramid to |
| | | 1.5a2+, you'll also need to upgrade the ``pyramid_debugtoolbar`` package to |
| | | at least version 1.0.8, as older toolbar versions are not compatible with |
| | | Pyramid 1.5a2+ due to the removal of Mako support from the core. It's |
| | | fine to use this newer version of the toolbar code with older Pyramids too. |
| | | |
| | | - Removed the ``request.response_*`` varying attributes. These attributes |
| | | have been deprecated since Pyramid 1.1, and as per the deprecation policy, |
| | | have now been removed. |
| | | |
| | | - ``request.response`` will no longer be mutated when using the |
| | | ``pyramid.renderers.render()`` API. Almost all renderers mutate the |
| | | ``request.response`` response object (for example, the JSON renderer sets |
| | | ``request.response.content_type`` to ``application/json``), but this is |
| | | only necessary when the renderer is generating a response; it was a bug |
| | | when it was done as a side effect of calling ``pyramid.renderers.render()``. |
| | | |
| | | - Removed the ``bfg2pyramid`` fixer script. |
| | | |
| | | - The ``pyramid.events.NewResponse`` event is now sent **after** response |
| | | callbacks are executed. It previously executed before response callbacks |
| | | were executed. Rationale: it's more useful to be able to inspect the response |
| | | after response callbacks have done their jobs instead of before. |
| | | |
| | | - Removed the class named ``pyramid.view.static`` that had been deprecated |
| | | since Pyramid 1.1. Instead use ``pyramid.static.static_view`` with |
| | | ``use_subpath=True`` argument. |
| | | |
| | | - Removed the ``pyramid.view.is_response`` function that had been deprecated |
| | | since Pyramid 1.1. Use the ``pyramid.request.Request.is_response`` method |
| | | instead. |
| | | |
| | | - Removed the ability to pass the following arguments to |
| | | ``pyramid.config.Configurator.add_route``: ``view``, ``view_context``. |
| | | ``view_for``, ``view_permission``, ``view_renderer``, and ``view_attr``. |
| | | Using these arguments had been deprecated since Pyramid 1.1. Instead of |
| | | passing view-related arguments to ``add_route``, use a separate call to |
| | | ``pyramid.config.Configurator.add_view`` to associate a view with a route |
| | | using its ``route_name`` argument. Note that this impacts the |
| | | ``pyramid.config.Configurator.add_static_view`` function too, because it |
| | | delegates to ``add_route``. |
| | | |
| | | - Removed the ability to influence and query a ``pyramid.request.Request`` |
| | | object as if it were a dictionary. Previously it was possible to use methods |
| | | like ``__getitem__``, ``get``, ``items``, and other dictlike methods to |
| | | access values in the WSGI environment. This behavior had been deprecated |
| | | since Pyramid 1.1. Use methods of ``request.environ`` (a real dictionary) |
| | | instead. |
| | | |
| | | - Removed ancient backwards compatibily hack in |
| | | ``pyramid.traversal.DefaultRootFactory`` which populated the ``__dict__`` of |
| | | the factory with the matchdict values for compatibility with BFG 0.9. |
| | | |
| | | - The ``renderer_globals_factory`` argument to the |
| | | ``pyramid.config.Configurator` constructor and its ``setup_registry`` method |
| | | has been removed. The ``set_renderer_globals_factory`` method of |
| | | ``pyramid.config.Configurator`` has also been removed. The (internal) |
| | | ``pyramid.interfaces.IRendererGlobals`` interface was also removed. These |
| | | arguments, methods and interfaces had been deprecated since 1.1. Use a |
| | | ``BeforeRender`` event subscriber as documented in the "Hooks" chapter of the |
| | | Pyramid narrative documentation instead of providing renderer globals values |
| | | to the configurator. |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The ``pyramid.config.Configurator.set_request_property`` method now issues |
| | | a deprecation warning when used. It had been docs-deprecated in 1.4 |
| | | but did not issue a deprecation warning when used. |
| | | |
| | | 1.5a1 (2013-08-30) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - A new http exception subclass named ``pyramid.httpexceptions.HTTPSuccessful`` |
| | | was added. You can use this class as the ``context`` of an exception |
| | | view to catch all 200-series "exceptions" (e.g. "raise HTTPOk"). This |
| | | also allows you to catch *only* the ``HTTPOk`` exception itself; previously |
| | | this was impossible because a number of other exceptions |
| | | (such as ``HTTPNoContent``) inherited from ``HTTPOk``, but now they do not. |
| | | |
| | | - You can now generate "hybrid" urldispatch/traversal URLs more easily |
| | | by using the new ``route_name``, ``route_kw`` and ``route_remainder_name`` |
| | | arguments to ``request.resource_url`` and ``request.resource_path``. See |
| | | the new section of the "Combining Traversal and URL Dispatch" documentation |
| | | chapter entitled "Hybrid URL Generation". |
| | | |
| | | - It is now possible to escape double braces in Pyramid scaffolds (unescaped, |
| | | these represent replacement values). You can use ``\{\{a\}\}`` to |
| | | represent a "bare" ``{{a}}``. See |
| | | https://github.com/Pylons/pyramid/pull/862 |
| | | |
| | | - Add ``localizer`` and ``locale_name`` properties (reified) to the request. |
| | | See https://github.com/Pylons/pyramid/issues/508. Note that the |
| | | ``pyramid.i18n.get_localizer`` and ``pyramid.i18n.get_locale_name`` functions |
| | | now simply look up these properties on the request. |
| | | |
| | | - Add ``pdistreport`` script, which prints the Python version in use, the |
| | | Pyramid version in use, and the version number and location of all Python |
| | | distributions currently installed. |
| | | |
| | | - Add the ability to invert the result of any view, route, or subscriber |
| | | predicate using the ``not_`` class. For example:: |
| | | |
| | | from pyramid.config import not_ |
| | | |
| | | @view_config(route_name='myroute', request_method=not_('POST')) |
| | | def myview(request): ... |
| | | |
| | | The above example will ensure that the view is called if the request method |
| | | is not POST (at least if no other view is more specific). |
| | | |
| | | The ``pyramid.config.not_`` class can be used against any value that is |
| | | a predicate value passed in any of these contexts: |
| | | |
| | | - ``pyramid.config.Configurator.add_view`` |
| | | |
| | | - ``pyramid.config.Configurator.add_route`` |
| | | |
| | | - ``pyramid.config.Configurator.add_subscriber`` |
| | | |
| | | - ``pyramid.view.view_config`` |
| | | |
| | | - ``pyramid.events.subscriber`` |
| | | |
| | | - ``scripts/prequest.py``: add support for submitting ``PUT`` and ``PATCH`` |
| | | requests. See https://github.com/Pylons/pyramid/pull/1033. add support for |
| | | submitting ``OPTIONS`` and ``PROPFIND`` requests, and allow users to specify |
| | | basic authentication credentials in the request via a ``--login`` argument to |
| | | the script. See https://github.com/Pylons/pyramid/pull/1039. |
| | | |
| | | - ``ACLAuthorizationPolicy`` supports ``__acl__`` as a callable. This |
| | | removes the ambiguity between the potential ``AttributeError`` that would |
| | | be raised on the ``context`` when the property was not defined and the |
| | | ``AttributeError`` that could be raised from any user-defined code within |
| | | a dynamic property. It is recommended to define a dynamic ACL as a callable |
| | | to avoid this ambiguity. See https://github.com/Pylons/pyramid/issues/735. |
| | | |
| | | - Allow a protocol-relative URL (e.g. ``//example.com/images``) to be passed to |
| | | ``pyramid.config.Configurator.add_static_view``. This allows |
| | | externally-hosted static URLs to be generated based on the current protocol. |
| | | |
| | | - The ``AuthTktAuthenticationPolicy`` has two new options to configure its |
| | | domain usage: |
| | | |
| | | * ``parent_domain``: if set the authentication cookie is set on |
| | | the parent domain. This is useful if you have multiple sites sharing the |
| | | same domain. |
| | | * ``domain``: if provided the cookie is always set for this domain, bypassing |
| | | all usual logic. |
| | | |
| | | See https://github.com/Pylons/pyramid/pull/1028, |
| | | https://github.com/Pylons/pyramid/pull/1072 and |
| | | https://github.com/Pylons/pyramid/pull/1078. |
| | | |
| | | - The ``AuthTktAuthenticationPolicy`` now supports IPv6 addresses when using |
| | | the ``include_ip=True`` option. This is possibly incompatible with |
| | | alternative ``auth_tkt`` implementations, as the specification does not |
| | | define how to properly handle IPv6. See |
| | | https://github.com/Pylons/pyramid/issues/831. |
| | | |
| | | - Make it possible to use variable arguments via |
| | | ``pyramid.paster.get_appsettings``. This also allowed the generated |
| | | ``initialize_db`` script from the ``alchemy`` scaffold to grow support |
| | | for options in the form ``a=1 b=2`` so you can fill in |
| | | values in a parameterized ``.ini`` file, e.g. |
| | | ``initialize_myapp_db etc/development.ini a=1 b=2``. |
| | | See https://github.com/Pylons/pyramid/pull/911 |
| | | |
| | | - The ``request.session.check_csrf_token()`` method and the ``check_csrf`` view |
| | | predicate now take into account the value of the HTTP header named |
| | | ``X-CSRF-Token`` (as well as the ``csrf_token`` form parameter, which they |
| | | always did). The header is tried when the form parameter does not exist. |
| | | |
| | | - View lookup will now search for valid views based on the inheritance |
| | | hierarchy of the context. It tries to find views based on the most |
| | | specific context first, and upon predicate failure, will move up the |
| | | inheritance chain to test views found by the super-type of the context. |
| | | In the past, only the most specific type containing views would be checked |
| | | and if no matching view could be found then a PredicateMismatch would be |
| | | raised. Now predicate mismatches don't hide valid views registered on |
| | | super-types. Here's an example that now works:: |
| | | |
| | | class IResource(Interface): |
| | | |
| | | ... |
| | | |
| | | @view_config(context=IResource) |
| | | def get(context, request): |
| | | |
| | | ... |
| | | |
| | | @view_config(context=IResource, request_method='POST') |
| | | def post(context, request): |
| | | |
| | | ... |
| | | |
| | | @view_config(context=IResource, request_method='DELETE') |
| | | def delete(context, request): |
| | | |
| | | ... |
| | | |
| | | @implementer(IResource) |
| | | class MyResource: |
| | | |
| | | ... |
| | | |
| | | @view_config(context=MyResource, request_method='POST') |
| | | def override_post(context, request): |
| | | |
| | | ... |
| | | |
| | | Previously the override_post view registration would hide the get |
| | | and delete views in the context of MyResource -- leading to a |
| | | predicate mismatch error when trying to use GET or DELETE |
| | | methods. Now the views are found and no predicate mismatch is |
| | | raised. |
| | | See https://github.com/Pylons/pyramid/pull/786 and |
| | | https://github.com/Pylons/pyramid/pull/1004 and |
| | | https://github.com/Pylons/pyramid/pull/1046 |
| | | |
| | | - The ``pserve`` command now takes a ``-v`` (or ``--verbose``) flag and a |
| | | ``-q`` (or ``--quiet``) flag. Output from running ``pserve`` can be |
| | | controlled using these flags. ``-v`` can be specified multiple times to |
| | | increase verbosity. ``-q`` sets verbosity to ``0`` unconditionally. The |
| | | default verbosity level is ``1``. |
| | | |
| | | - The ``alchemy`` scaffold tests now provide better coverage. See |
| | | https://github.com/Pylons/pyramid/pull/1029 |
| | | |
| | | - The ``pyramid.config.Configurator.add_route`` method now supports being |
| | | called with an external URL as pattern. See |
| | | https://github.com/Pylons/pyramid/issues/611 and the documentation section |
| | | in the "URL Dispatch" chapter entitled "External Routes" for more information. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - It was not possible to use ``pyramid.httpexceptions.HTTPException`` as |
| | | the ``context`` of an exception view as very general catchall for |
| | | http-related exceptions when you wanted that exception view to override the |
| | | default exception view. See https://github.com/Pylons/pyramid/issues/985 |
| | | |
| | | - When the ``pyramid.reload_templates`` setting was true, and a Chameleon |
| | | template was reloaded, and the renderer specification named a macro |
| | | (e.g. ``foo#macroname.pt``), renderings of the template after the template |
| | | was reloaded due to a file change would produce the entire template body |
| | | instead of just a rendering of the macro. See |
| | | https://github.com/Pylons/pyramid/issues/1013. |
| | | |
| | | - Fix an obscure problem when combining a virtual root with a route with a |
| | | ``*traverse`` in its pattern. Now the traversal path generated in |
| | | such a configuration will be correct, instead of an element missing |
| | | a leading slash. |
| | | |
| | | - Fixed a Mako renderer bug returning a tuple with a previous defname value |
| | | in some circumstances. See https://github.com/Pylons/pyramid/issues/1037 |
| | | for more information. |
| | | |
| | | - Make the ``pyramid.config.assets.PackageOverrides`` object implement the API |
| | | for ``__loader__`` objects specified in PEP 302. Proxies to the |
| | | ``__loader__`` set by the importer, if present; otherwise, raises |
| | | ``NotImplementedError``. This makes Pyramid static view overrides work |
| | | properly under Python 3.3 (previously they would not). See |
| | | https://github.com/Pylons/pyramid/pull/1015 for more information. |
| | | |
| | | - ``mako_templating``: added defensive workaround for non-importability of |
| | | ``mako`` due to upstream ``markupsafe`` dropping Python 3.2 support. Mako |
| | | templating will no longer work under the combination of MarkupSafe 0.17 and |
| | | Python 3.2 (although the combination of MarkupSafe 0.17 and Python 3.3 or any |
| | | supported Python 2 version will work OK). |
| | | |
| | | - Spaces and dots may now be in mako renderer template paths. This was |
| | | broken when support for the new makodef syntax was added in 1.4a1. |
| | | See https://github.com/Pylons/pyramid/issues/950 |
| | | |
| | | - ``pyramid.debug_authorization=true`` will now correctly print out |
| | | ``Allowed`` for views registered with ``NO_PERMISSION_REQUIRED`` instead |
| | | of invoking the ``permits`` method of the authorization policy. |
| | | See https://github.com/Pylons/pyramid/issues/954 |
| | | |
| | | - Pyramid failed to install on some systems due to being packaged with |
| | | some test files containing higher order characters in their names. These |
| | | files have now been removed. See |
| | | https://github.com/Pylons/pyramid/issues/981 |
| | | |
| | | - ``pyramid.testing.DummyResource`` didn't define ``__bool__``, so code under |
| | | Python 3 would use ``__len__`` to find truthiness; this usually caused an |
| | | instance of DummyResource to be "falsy" instead of "truthy". See |
| | | https://github.com/Pylons/pyramid/pull/1032 |
| | | |
| | | - The ``alchemy`` scaffold would break when the database was MySQL during |
| | | tables creation. See https://github.com/Pylons/pyramid/pull/1049 |
| | | |
| | | - The ``current_route_url`` method now attaches the query string to the URL by |
| | | default. See |
| | | https://github.com/Pylons/pyramid/issues/1040 |
| | | |
| | | - Make ``pserve.cherrypy_server_runner`` Python 3 compatible. See |
| | | https://github.com/Pylons/pyramid/issues/718 |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - Modified the ``current_route_url`` method in pyramid.Request. The method |
| | | previously returned the URL without the query string by default, it now does |
| | | attach the query string unless it is overriden. |
| | | |
| | | - The ``route_url`` and ``route_path`` APIs no longer quote ``/`` |
| | | to ``%2F`` when a replacement value contains a ``/``. This was pointless, |
| | | as WSGI servers always unquote the slash anyway, and Pyramid never sees the |
| | | quoted value. |
| | | |
| | | - It is no longer possible to set a ``locale_name`` attribute of the request, |
| | | nor is it possible to set a ``localizer`` attribute of the request. These |
| | | are now "reified" properties that look up a locale name and localizer |
| | | respectively using the machinery described in the "Internationalization" |
| | | chapter of the documentation. |
| | | |
| | | - If you send an ``X-Vhm-Root`` header with a value that ends with a slash (or |
| | | any number of slashes), the trailing slash(es) will be removed before a URL |
| | | is generated when you use use ``request.resource_url`` or |
| | | ``request.resource_path``. Previously the virtual root path would not have |
| | | trailing slashes stripped, which would influence URL generation. |
| | | |
| | | - The ``pyramid.interfaces.IResourceURL`` interface has now grown two new |
| | | attributes: ``virtual_path_tuple`` and ``physical_path_tuple``. These should |
| | | be the tuple form of the resource's path (physical and virtual). |
| | | |
| | | 1.4 (2012-12-18) |
| | | ================ |
| | | |
| | | Docs |
| | | ---- |
| | | |
| | | - Fix functional tests in the ZODB tutorial |
| | | |
| | | 1.4b3 (2012-12-10) |
| | | ================== |
| | | |
| | | - Packaging release only, no code changes. 1.4b2 was a brownbag release due to |
| | | missing directories in the tarball. |
| | | |
| | | 1.4b2 (2012-12-10) |
| | | ================== |
| | | |
| | | Docs |
| | | ---- |
| | | |
| | | - Scaffolding is now PEP-8 compliant (at least for a brief shining moment). |
| | | |
| | | - Tutorial improvements. |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - Modified the ``_depth`` argument to ``pyramid.view.view_config`` to accept |
| | | a value relative to the invocation of ``view_config`` itself. Thus, when it |
| | | was previously expecting a value of ``1`` or greater, to reflect that |
| | | the caller of ``view_config`` is 1 stack frame away from ``venusian.attach``, |
| | | this implementation detail is now hidden. |
| | | |
| | | - Modified the ``_backframes`` argument to ``pyramid.util.action_method`` in a |
| | | similar way to the changes described to ``_depth`` above. This argument |
| | | remains undocumented, but might be used in the wild by some insane person. |
| | | |
| | | 1.4b1 (2012-11-21) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Small microspeed enhancement which anticipates that a |
| | | ``pyramid.response.Response`` object is likely to be returned from a view. |
| | | Some code is shortcut if the class of the object returned by a view is this |
| | | class. A similar microoptimization was done to |
| | | ``pyramid.request.Request.is_response``. |
| | | |
| | | - Make it possible to use variable arguments on ``p*`` commands (``pserve``, |
| | | ``pshell``, ``pviews``, etc) in the form ``a=1 b=2`` so you can fill in |
| | | values in parameterized ``.ini`` file, e.g. ``pshell etc/development.ini |
| | | http_port=8080``. See https://github.com/Pylons/pyramid/pull/714 |
| | | |
| | | - A somewhat advanced and obscure feature of Pyramid event handlers is their |
| | | ability to handle "multi-interface" notifications. These notifications have |
| | | traditionally presented multiple objects to the subscriber callable. For |
| | | instance, if an event was sent by code like this:: |
| | | |
| | | registry.notify(event, context) |
| | | |
| | | In the past, in order to catch such an event, you were obligated to write and |
| | | register an event subscriber that mentioned both the event and the context in |
| | | its argument list:: |
| | | |
| | | @subscriber([SomeEvent, SomeContextType]) |
| | | def asubscriber(event, context): |
| | | pass |
| | | |
| | | In many subscriber callables registered this way, it was common for the logic |
| | | in the subscriber callable to completely ignore the second and following |
| | | arguments (e.g. ``context`` in the above example might be ignored), because |
| | | they usually existed as attributes of the event anyway. You could usually |
| | | get the same value by doing ``event.context`` or similar. |
| | | |
| | | The fact that you needed to put an extra argument which you usually ignored |
| | | in the subscriber callable body was only a minor annoyance until we added |
| | | "subscriber predicates", used to narrow the set of circumstances under which |
| | | a subscriber will be executed, in a prior 1.4 alpha release. Once those were |
| | | added, the annoyance was escalated, because subscriber predicates needed to |
| | | accept the same argument list and arity as the subscriber callables that they |
| | | were configured against. So, for example, if you had these two subscriber |
| | | registrations in your code:: |
| | | |
| | | @subscriber([SomeEvent, SomeContextType]) |
| | | def asubscriber(event, context): |
| | | pass |
| | | |
| | | @subscriber(SomeOtherEvent) |
| | | def asubscriber(event): |
| | | pass |
| | | |
| | | And you wanted to use a subscriber predicate:: |
| | | |
| | | @subscriber([SomeEvent, SomeContextType], mypredicate=True) |
| | | def asubscriber1(event, context): |
| | | pass |
| | | |
| | | @subscriber(SomeOtherEvent, mypredicate=True) |
| | | def asubscriber2(event): |
| | | pass |
| | | |
| | | If an existing ``mypredicate`` subscriber predicate had been written in such |
| | | a way that it accepted only one argument in its ``__call__``, you could not |
| | | use it against a subscription which named more than one interface in its |
| | | subscriber interface list. Similarly, if you had written a subscriber |
| | | predicate that accepted two arguments, you couldn't use it against a |
| | | registration that named only a single interface type. |
| | | |
| | | For example, if you created this predicate:: |
| | | |
| | | class MyPredicate(object): |
| | | # portions elided... |
| | | def __call__(self, event): |
| | | return self.val == event.context.foo |
| | | |
| | | It would not work against a multi-interface-registered subscription, so in |
| | | the above example, when you attempted to use it against ``asubscriber1``, it |
| | | would fail at runtime with a TypeError, claiming something was attempting to |
| | | call it with too many arguments. |
| | | |
| | | To hack around this limitation, you were obligated to design the |
| | | ``mypredicate`` predicate to expect to receive in its ``__call__`` either a |
| | | single ``event`` argument (a SomeOtherEvent object) *or* a pair of arguments |
| | | (a SomeEvent object and a SomeContextType object), presumably by doing |
| | | something like this:: |
| | | |
| | | class MyPredicate(object): |
| | | # portions elided... |
| | | def __call__(self, event, context=None): |
| | | return self.val == event.context.foo |
| | | |
| | | This was confusing and bad. |
| | | |
| | | In order to allow people to ignore unused arguments to subscriber callables |
| | | and to normalize the relationship between event subscribers and subscriber |
| | | predicates, we now allow both subscribers and subscriber predicates to accept |
| | | only a single ``event`` argument even if they've been subscribed for |
| | | notifications that involve multiple interfaces. Subscribers and subscriber |
| | | predicates that accept only one argument will receive the first object passed |
| | | to ``notify``; this is typically (but not always) the event object. The |
| | | other objects involved in the subscription lookup will be discarded. You can |
| | | now write an event subscriber that accepts only ``event`` even if it |
| | | subscribes to multiple interfaces:: |
| | | |
| | | @subscriber([SomeEvent, SomeContextType]) |
| | | def asubscriber(event): |
| | | # this will work! |
| | | |
| | | This prevents you from needing to match the subscriber callable parameters to |
| | | the subscription type unnecessarily, especially when you don't make use of |
| | | any argument in your subscribers except for the event object itself. |
| | | |
| | | Note, however, that if the event object is not the first |
| | | object in the call to ``notify``, you'll run into trouble. For example, if |
| | | notify is called with the context argument first:: |
| | | |
| | | registry.notify(context, event) |
| | | |
| | | You won't be able to take advantage of the event-only feature. It will |
| | | "work", but the object received by your event handler won't be the event |
| | | object, it will be the context object, which won't be very useful:: |
| | | |
| | | @subscriber([SomeContextType, SomeEvent]) |
| | | def asubscriber(event): |
| | | # bzzt! you'll be getting the context here as ``event``, and it'll |
| | | # be useless |
| | | |
| | | Existing multiple-argument subscribers continue to work without issue, so you |
| | | should continue use those if your system notifies using multiple interfaces |
| | | and the first interface is not the event interface. For example:: |
| | | |
| | | @subscriber([SomeContextType, SomeEvent]) |
| | | def asubscriber(context, event): |
| | | # this will still work! |
| | | |
| | | The event-only feature makes it possible to use a subscriber predicate that |
| | | accepts only a request argument within both multiple-interface subscriber |
| | | registrations and single-interface subscriber registrations. You needn't |
| | | make slightly different variations of predicates depending on the |
| | | subscription type arguments. Instead, just write all your subscriber |
| | | predicates so they only accept ``event`` in their ``__call__`` and they'll be |
| | | useful across all registrations for subscriptions that use an event as their |
| | | first argument, even ones which accept more than just ``event``. |
| | | |
| | | However, the same caveat applies to predicates as to subscriber callables: if |
| | | you're subscribing to a multi-interface event, and the first interface is not |
| | | the event interface, the predicate won't work properly. In such a case, |
| | | you'll need to match the predicate ``__call__`` argument ordering and |
| | | composition to the ordering of the interfaces. For example, if the |
| | | registration for the subscription uses ``[SomeContext, SomeEvent]``, you'll |
| | | need to reflect that in the ordering of the parameters of the predicate's |
| | | ``__call__`` method:: |
| | | |
| | | def __call__(self, context, event): |
| | | return event.request.path.startswith(self.val) |
| | | |
| | | tl;dr: 1) When using multi-interface subscriptions, always use the event type |
| | | as the first subscription registration argument and 2) When 1 is true, use |
| | | only ``event`` in your subscriber and subscriber predicate parameter lists, |
| | | no matter how many interfaces the subscriber is notified with. This |
| | | combination will result in the maximum amount of reusability of subscriber |
| | | predicates and the least amount of thought on your part. Drink responsibly. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - A failure when trying to locate the attribute ``__text__`` on route and view |
| | | predicates existed when the ``debug_routematch`` setting was true or when the |
| | | ``pviews`` command was used. See https://github.com/Pylons/pyramid/pull/727 |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Sync up tutorial source files with the files that are rendered by the |
| | | scaffold that each uses. |
| | | |
| | | 1.4a4 (2012-11-14) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - ``pyramid.authentication.AuthTktAuthenticationPolicy`` has been updated to |
| | | support newer hashing algorithms such as ``sha512``. Existing applications |
| | | should consider updating if possible for improved security over the default |
| | | md5 hashing. |
| | | |
| | | - Added an ``effective_principals`` route and view predicate. |
| | | |
| | | - Do not allow the userid returned from the ``authenticated_userid`` or the |
| | | userid that is one of the list of principals returned by |
| | | ``effective_principals`` to be either of the strings ``system.Everyone`` or |
| | | ``system.Authenticated`` when any of the built-in authorization policies that |
| | | live in ``pyramid.authentication`` are in use. These two strings are |
| | | reserved for internal usage by Pyramid and they will not be accepted as valid |
| | | userids. |
| | | |
| | | - Slightly better debug logging from |
| | | ``pyramid.authentication.RepozeWho1AuthenticationPolicy``. |
| | | |
| | | - ``pyramid.security.view_execution_permitted`` used to return ``True`` if no |
| | | view could be found. It now raises a ``TypeError`` exception in that case, as |
| | | it doesn't make sense to assert that a nonexistent view is |
| | | execution-permitted. See https://github.com/Pylons/pyramid/issues/299. |
| | | |
| | | - Allow a ``_depth`` argument to ``pyramid.view.view_config``, which will |
| | | permit limited composition reuse of the decorator by other software that |
| | | wants to provide custom decorators that are much like view_config. |
| | | |
| | | - Allow an iterable of decorators to be passed to |
| | | ``pyramid.config.Configurator.add_view``. This allows views to be wrapped |
| | | by more than one decorator without requiring combining the decorators |
| | | yourself. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - In the past if a renderer returned ``None``, the body of the resulting |
| | | response would be set explicitly to the empty string. Instead, now, the body |
| | | is left unchanged, which allows the renderer to set a body itself by using |
| | | e.g. ``request.response.body = b'foo'``. The body set by the renderer will |
| | | be unmolested on the way out. See |
| | | https://github.com/Pylons/pyramid/issues/709 |
| | | |
| | | - In uncommon cases, the ``pyramid_excview_tween_factory`` might have |
| | | inadvertently raised a ``KeyError`` looking for ``request_iface`` as an |
| | | attribute of the request. It no longer fails in this case. See |
| | | https://github.com/Pylons/pyramid/issues/700 |
| | | |
| | | - Be more tolerant of potential error conditions in ``match_param`` and |
| | | ``physical_path`` predicate implementations; instead of raising an exception, |
| | | return False. |
| | | |
| | | - ``pyramid.view.render_view`` was not functioning properly under Python 3.x |
| | | due to a byte/unicode discrepancy. See |
| | | https://github.com/Pylons/pyramid/issues/721 |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning if |
| | | an application is using the policy without explicitly passing a ``hashalg`` |
| | | argument. This is because the default is "md5" which is considered |
| | | theoretically subject to collision attacks. If you really want "md5" then you |
| | | must specify it explicitly to get rid of the warning. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - All of the tutorials that use |
| | | ``pyramid.authentication.AuthTktAuthenticationPolicy`` now explicitly pass |
| | | ``sha512`` as a ``hashalg`` argument. |
| | | |
| | | |
| | | Internals |
| | | --------- |
| | | |
| | | - Move ``TopologicalSorter`` from ``pyramid.config.util`` to ``pyramid.util``, |
| | | move ``CyclicDependencyError`` from ``pyramid.config.util`` to |
| | | ``pyramid.exceptions``, rename ``Singleton`` to ``Sentinel`` and move from |
| | | ``pyramid.config.util`` to ``pyramid.util``; this is in an effort to |
| | | move that stuff that may be an API one day out of ``pyramid.config.util``, |
| | | because that package should never be imported from non-Pyramid code. |
| | | TopologicalSorter is still not an API, but may become one. |
| | | |
| | | - Get rid of shady monkeypatching of ``pyramid.request.Request`` and |
| | | ``pyramid.response.Response`` done within the ``__init__.py`` of Pyramid. |
| | | Webob no longer relies on this being done. Instead, the ResponseClass |
| | | attribute of the Pyramid Request class is assigned to the Pyramid response |
| | | class; that's enough to satisfy WebOb and behave as it did before with the |
| | | monkeypatching. |
| | | |
| | | 1.4a3 (2012-10-26) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - The match_param predicate's text method was fixed to sort its values. |
| | | Part of https://github.com/Pylons/pyramid/pull/705 |
| | | |
| | | - 1.4a ``pyramid.scripting.prepare`` behaved differently than 1.3 series |
| | | function of same name. In particular, if passed a request, it would not |
| | | set the ``registry`` attribute of the request like 1.3 did. A symptom |
| | | would be that passing a request to ``pyramid.paster.bootstrap`` (which uses |
| | | the function) that did not have a ``registry`` attribute could assume that |
| | | the registry would be attached to the request by Pyramid. This assumption |
| | | could be made in 1.3, but not in 1.4. The assumption can now be made in |
| | | 1.4 too (a registry is attached to a request passed to bootstrap or |
| | | prepare). |
| | | |
| | | - When registering a view configuration that named a Chameleon ZPT renderer |
| | | with a macro name in it (e.g. ``renderer='some/template#somemacro.pt``) as |
| | | well as a view configuration without a macro name in it that pointed to the |
| | | same template (e.g. ``renderer='some/template.pt'``), internal caching could |
| | | confuse the two, and your code might have rendered one instead of the |
| | | other. |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Allow multiple values to be specified to the ``request_param`` view/route |
| | | predicate as a sequence. Previously only a single string value was allowed. |
| | | See https://github.com/Pylons/pyramid/pull/705 |
| | | |
| | | - Comments with references to documentation sections placed in scaffold |
| | | ``.ini`` files. |
| | | |
| | | - Added an HTTP Basic authentication policy |
| | | at ``pyramid.authentication.BasicAuthAuthenticationPolicy``. |
| | | |
| | | - The Configurator ``testing_securitypolicy`` method now returns the policy |
| | | object it creates. |
| | | |
| | | - The Configurator ``testing_securitypolicy`` method accepts two new |
| | | arguments: ``remember_result`` and ``forget_result``. If supplied, these |
| | | values influence the result of the policy's ``remember`` and ``forget`` |
| | | methods, respectively. |
| | | |
| | | - The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a |
| | | ``forgotten`` value on the policy (the value ``True``) when its ``forget`` |
| | | method is called. |
| | | |
| | | - The DummySecurityPolicy created by ``testing_securitypolicy`` now sets a |
| | | ``remembered`` value on the policy, which is the value of the ``principal`` |
| | | argument it's called with when its ``remember`` method is called. |
| | | |
| | | - New ``physical_path`` view predicate. If specified, this value should be a |
| | | string or a tuple representing the physical traversal path of the context |
| | | found via traversal for this predicate to match as true. For example: |
| | | ``physical_path='/'`` or ``physical_path='/a/b/c'`` or ``physical_path=('', |
| | | 'a', 'b', 'c')``. This is not a path prefix match or a regex, it's a |
| | | whole-path match. It's useful when you want to always potentially show a |
| | | view when some object is traversed to, but you can't be sure about what kind |
| | | of object it will be, so you can't use the ``context`` predicate. The |
| | | individual path elements inbetween slash characters or in tuple elements |
| | | should be the Unicode representation of the name of the resource and should |
| | | not be encoded in any way. |
| | | |
| | | 1.4a2 (2012-09-27) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - When trying to determine Mako defnames and Chameleon macro names in asset |
| | | specifications, take into account that the filename may have a hyphen in |
| | | it. See https://github.com/Pylons/pyramid/pull/692 |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - A new ``pyramid.session.check_csrf_token`` convenience function was added. |
| | | |
| | | - A ``check_csrf`` view predicate was added. For example, you can now do |
| | | ``config.add_view(someview, check_csrf=True)``. When the predicate is |
| | | checked, if the ``csrf_token`` value in ``request.params`` matches the CSRF |
| | | token in the request's session, the view will be permitted to execute. |
| | | Otherwise, it will not be permitted to execute. |
| | | |
| | | - Add ``Base.metadata.bind = engine`` to alchemy template, so that tables |
| | | defined imperatively will work. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - update wiki2 SQLA tutorial with the changes required after inserting |
| | | ``Base.metadata.bind = engine`` into the alchemy scaffold. |
| | | |
| | | 1.4a1 (2012-09-16) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Forward port from 1.3 branch: When no authentication policy was configured, |
| | | a call to ``pyramid.security.effective_principals`` would unconditionally |
| | | return the empty list. This was incorrect, it should have unconditionally |
| | | returned ``[Everyone]``, and now does. |
| | | |
| | | - Explicit url dispatch regexes can now contain colons. |
| | | https://github.com/Pylons/pyramid/issues/629 |
| | | |
| | | - On at least one 64-bit Ubuntu system under Python 3.2, using the |
| | | ``view_config`` decorator caused a ``RuntimeError: dictionary changed size |
| | | during iteration`` exception. It no longer does. See |
| | | https://github.com/Pylons/pyramid/issues/635 for more information. |
| | | |
| | | - In Mako Templates lookup, check if the uri is already adjusted and bring |
| | | it back to an asset spec. Normally occurs with inherited templates or |
| | | included components. |
| | | https://github.com/Pylons/pyramid/issues/606 |
| | | https://github.com/Pylons/pyramid/issues/607 |
| | | |
| | | - In Mako Templates lookup, check for absolute uri (using mako directories) |
| | | when mixing up inheritance with asset specs. |
| | | https://github.com/Pylons/pyramid/issues/662 |
| | | |
| | | - HTTP Accept headers were not being normalized causing potentially |
| | | conflicting view registrations to go unnoticed. Two views that only |
| | | differ in the case ('text/html' vs. 'text/HTML') will now raise an error. |
| | | https://github.com/Pylons/pyramid/pull/620 |
| | | |
| | | - Forward-port from 1.3 branch: when registering multiple views with an |
| | | ``accept`` predicate in a Pyramid application runing under Python 3, you |
| | | might have received a ``TypeError: unorderable types: function() < |
| | | function()`` exception. |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Python 3.3 compatibility. |
| | | |
| | | - Configurator.add_directive now accepts arbitrary callables like partials or |
| | | objects implementing ``__call__`` which dont have ``__name__`` and |
| | | ``__doc__`` attributes. See https://github.com/Pylons/pyramid/issues/621 |
| | | and https://github.com/Pylons/pyramid/pull/647. |
| | | |
| | | - Third-party custom view, route, and subscriber predicates can now be added |
| | | for use by view authors via |
| | | ``pyramid.config.Configurator.add_view_predicate``, |
| | | ``pyramid.config.Configurator.add_route_predicate`` and |
| | | ``pyramid.config.Configurator.add_subscriber_predicate``. So, for example, |
| | | doing this:: |
| | | |
| | | config.add_view_predicate('abc', my.package.ABCPredicate) |
| | | |
| | | Might allow a view author to do this in an application that configured that |
| | | predicate:: |
| | | |
| | | @view_config(abc=1) |
| | | |
| | | Similar features exist for ``add_route``, and ``add_subscriber``. See |
| | | "Adding A Third Party View, Route, or Subscriber Predicate" in the Hooks |
| | | chapter for more information. |
| | | |
| | | Note that changes made to support the above feature now means that only |
| | | actions registered using the same "order" can conflict with one another. |
| | | It used to be the case that actions registered at different orders could |
| | | potentially conflict, but to my knowledge nothing ever depended on this |
| | | behavior (it was a bit silly). |
| | | |
| | | - Custom objects can be made easily JSON-serializable in Pyramid by defining |
| | | a ``__json__`` method on the object's class. This method should return |
| | | values natively serializable by ``json.dumps`` (such as ints, lists, |
| | | dictionaries, strings, and so forth). |
| | | |
| | | - The JSON renderer now allows for the definition of custom type adapters to |
| | | convert unknown objects to JSON serializations. |
| | | |
| | | - As of this release, the ``request_method`` predicate, when used, will also |
| | | imply that ``HEAD`` is implied when you use ``GET``. For example, using |
| | | ``@view_config(request_method='GET')`` is equivalent to using |
| | | ``@view_config(request_method=('GET', 'HEAD'))``. Using |
| | | ``@view_config(request_method=('GET', 'POST')`` is equivalent to using |
| | | ``@view_config(request_method=('GET', 'HEAD', 'POST')``. This is because |
| | | HEAD is a variant of GET that omits the body, and WebOb has special support |
| | | to return an empty body when a HEAD is used. |
| | | |
| | | - ``config.add_request_method`` has been introduced to support extending |
| | | request objects with arbitrary callables. This method expands on the |
| | | previous ``config.set_request_property`` by supporting methods as well as |
| | | properties. This method now causes less code to be executed at |
| | | request construction time than ``config.set_request_property`` in |
| | | version 1.3. |
| | | |
| | | - Don't add a ``?`` to URLs generated by ``request.resource_url`` if the |
| | | ``query`` argument is provided but empty. |
| | | |
| | | - Don't add a ``?`` to URLs generated by ``request.route_url`` if the |
| | | ``_query`` argument is provided but empty. |
| | | |
| | | - The static view machinery now raises (rather than returns) ``HTTPNotFound`` |
| | | and ``HTTPMovedPermanently`` exceptions, so these can be caught by the |
| | | Not Found View (and other exception views). |
| | | |
| | | - The Mako renderer now supports a def name in an asset spec. When the def |
| | | name is present in the asset spec, the system will render the template def |
| | | within the template and will return the result. An example asset spec is |
| | | ``package:path/to/template#defname.mako``. This will render the def named |
| | | ``defname`` inside the ``template.mako`` template instead of rendering the |
| | | entire template. The old way of returning a tuple in the form |
| | | ``('defname', {})`` from the view is supported for backward compatibility, |
| | | |
| | | - The Chameleon ZPT renderer now accepts a macro name in an asset spec. When |
| | | the macro name is present in the asset spec, the system will render the |
| | | macro listed as a ``define-macro`` and return the result instead of |
| | | rendering the entire template. An example asset spec: |
| | | ``package:path/to/template#macroname.pt``. This will render the macro |
| | | defined as ``macroname`` within the ``template.pt`` template instead of the |
| | | entire templae. |
| | | |
| | | - When there is a predicate mismatch exception (seen when no view matches for |
| | | a given request due to predicates not working), the exception now contains |
| | | a textual description of the predicate which didn't match. |
| | | |
| | | - An ``add_permission`` directive method was added to the Configurator. This |
| | | directive registers a free-standing permission introspectable into the |
| | | Pyramid introspection system. Frameworks built atop Pyramid can thus use |
| | | the ``permissions`` introspectable category data to build a |
| | | comprehensive list of permissions supported by a running system. Before |
| | | this method was added, permissions were already registered in this |
| | | introspectable category as a side effect of naming them in an ``add_view`` |
| | | call, this method just makes it possible to arrange for a permission to be |
| | | put into the ``permissions`` introspectable category without naming it |
| | | along with an associated view. Here's an example of usage of |
| | | ``add_permission``:: |
| | | |
| | | config = Configurator() |
| | | config.add_permission('view') |
| | | |
| | | - The ``UnencryptedCookieSessionFactoryConfig`` now accepts |
| | | ``signed_serialize`` and ``signed_deserialize`` hooks which may be used |
| | | to influence how the sessions are marshalled (by default this is done |
| | | with HMAC+pickle). |
| | | |
| | | - ``pyramid.testing.DummyRequest`` now supports methods supplied by the |
| | | ``pyramid.util.InstancePropertyMixin`` class such as ``set_property``. |
| | | |
| | | - Request properties and methods added via ``config.set_request_property`` or |
| | | ``config.add_request_method`` are now available to tweens. |
| | | |
| | | - Request properties and methods added via ``config.set_request_property`` or |
| | | ``config.add_request_method`` are now available in the request object |
| | | returned from ``pyramid.paster.bootstrap``. |
| | | |
| | | - ``request.context`` of environment request during ``bootstrap`` is now the |
| | | root object if a context isn't already set on a provided request. |
| | | |
| | | - The ``pyramid.decorator.reify`` function is now an API, and was added to |
| | | the API documentation. |
| | | |
| | | - Added the ``pyramid.testing.testConfig`` context manager, which can be used |
| | | to generate a configurator in a test, e.g. ``with testing.testConfig(...):``. |
| | | |
| | | - Users can now invoke a subrequest from within view code using a new |
| | | ``request.invoke_subrequest`` API. |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The ``pyramid.config.Configurator.set_request_property`` has been |
| | | documentation-deprecated. The method remains usable but the more |
| | | featureful ``pyramid.config.Configurator.add_request_method`` should be |
| | | used in its place (it has all of the same capabilities but can also extend |
| | | the request object with methods). |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - The Pyramid router no longer adds the values ``bfg.routes.route`` or |
| | | ``bfg.routes.matchdict`` to the request's WSGI environment dictionary. |
| | | These values were docs-deprecated in ``repoze.bfg`` 1.0 (effectively seven |
| | | minor releases ago). If your code depended on these values, use |
| | | request.matched_route and request.matchdict instead. |
| | | |
| | | - It is no longer possible to pass an environ dictionary directly to |
| | | ``pyramid.traversal.ResourceTreeTraverser.__call__`` (aka |
| | | ``ModelGraphTraverser.__call__``). Instead, you must pass a request |
| | | object. Passing an environment instead of a request has generated a |
| | | deprecation warning since Pyramid 1.1. |
| | | |
| | | - Pyramid will no longer work properly if you use the |
| | | ``webob.request.LegacyRequest`` as a request factory. Instances of the |
| | | LegacyRequest class have a ``request.path_info`` which return a string. |
| | | This Pyramid release assumes that ``request.path_info`` will |
| | | unconditionally be Unicode. |
| | | |
| | | - The functions from ``pyramid.chameleon_zpt`` and ``pyramid.chameleon_text`` |
| | | named ``get_renderer``, ``get_template``, ``render_template``, and |
| | | ``render_template_to_response`` have been removed. These have issued a |
| | | deprecation warning upon import since Pyramid 1.0. Use |
| | | ``pyramid.renderers.get_renderer()``, |
| | | ``pyramid.renderers.get_renderer().implementation()``, |
| | | ``pyramid.renderers.render()`` or ``pyramid.renderers.render_to_response`` |
| | | respectively instead of these functions. |
| | | |
| | | - The ``pyramid.configuration`` module was removed. It had been deprecated |
| | | since Pyramid 1.0 and printed a deprecation warning upon its use. Use |
| | | ``pyramid.config`` instead. |
| | | |
| | | - The ``pyramid.paster.PyramidTemplate`` API was removed. It had been |
| | | deprecated since Pyramid 1.1 and issued a warning on import. If your code |
| | | depended on this, adjust your code to import |
| | | ``pyramid.scaffolds.PyramidTemplate`` instead. |
| | | |
| | | - The ``pyramid.settings.get_settings()`` API was removed. It had been |
| | | printing a deprecation warning since Pyramid 1.0. If your code depended on |
| | | this API, use ``pyramid.threadlocal.get_current_registry().settings`` |
| | | instead or use the ``settings`` attribute of the registry available from |
| | | the request (``request.registry.settings``). |
| | | |
| | | - These APIs from the ``pyramid.testing`` module were removed. They have |
| | | been printing deprecation warnings since Pyramid 1.0: |
| | | |
| | | * ``registerDummySecurityPolicy``, use |
| | | ``pyramid.config.Configurator.testing_securitypolicy`` instead. |
| | | |
| | | * ``registerResources`` (aka ``registerModels``, use |
| | | ``pyramid.config.Configurator.testing_resources`` instead. |
| | | |
| | | * ``registerEventListener``, use |
| | | ``pyramid.config.Configurator.testing_add_subscriber`` instead. |
| | | |
| | | * ``registerTemplateRenderer`` (aka `registerDummyRenderer``), use |
| | | ``pyramid.config.Configurator.testing_add_template`` instead. |
| | | |
| | | * ``registerView``, use ``pyramid.config.Configurator.add_view`` instead. |
| | | |
| | | * ``registerUtility``, use |
| | | ``pyramid.config.Configurator.registry.registerUtility`` instead. |
| | | |
| | | * ``registerAdapter``, use |
| | | ``pyramid.config.Configurator.registry.registerAdapter`` instead. |
| | | |
| | | * ``registerSubscriber``, use |
| | | ``pyramid.config.Configurator.add_subscriber`` instead. |
| | | |
| | | * ``registerRoute``, use |
| | | ``pyramid.config.Configurator.add_route`` instead. |
| | | |
| | | * ``registerSettings``, use |
| | | ``pyramid.config.Configurator.add_settings`` instead. |
| | | |
| | | - In Pyramid 1.3 and previous, the ``__call__`` method of a Response object |
| | | was invoked before any finished callbacks were executed. As of this |
| | | release, the ``__call__`` method of a Response object is invoked *after* |
| | | finished callbacks are executed. This is in support of the |
| | | ``request.invoke_subrequest`` feature. |
| | | |
| | | - The 200-series exception responses named ``HTTPCreated``, ``HTTPAccepted``, |
| | | ``HTTPNonAuthoritativeInformation``, ``HTTPNoContent``, ``HTTPResetContent``, |
| | | and ``HTTPPartialContent`` in ``pyramid.httpexceptions`` no longer inherit |
| | | from ``HTTPOk``. Instead they inherit from a new base class named |
| | | ``HTTPSuccessful``. This will have no effect on you unless you've registered |
| | | an exception view for ``HTTPOk`` and expect that exception view to |
| | | catch all the aforementioned exceptions. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Added an "Upgrading Pyramid" chapter to the narrative documentation. It |
| | | describes how to cope with deprecations and removals of Pyramid APIs and |
| | | how to show Pyramid-generated deprecation warnings while running tests and |
| | | while running a server. |
| | | |
| | | - Added a "Invoking a Subrequest" chapter to the documentation. It describes |
| | | how to use the new ``request.invoke_subrequest`` API. |
| | | |
| | | Dependencies |
| | | ------------ |
| | | |
| | | - Pyramid now requires WebOb 1.2b3+ (the prior Pyramid release only relied on |
| | | 1.2dev+). This is to ensure that we obtain a version of WebOb that returns |
| | | ``request.path_info`` as text. |
| | | |
| | | 1.3 (2012-03-21) |
| | | ================ |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - When ``pyramid.wsgi.wsgiapp2`` calls the downstream WSGI app, the app's |
| | | environ will no longer have (deprecated and potentially misleading) |
| | | ``bfg.routes.matchdict`` or ``bfg.routes.route`` keys in it. A symptom of |
| | | this bug would be a ``wsgiapp2``-wrapped Pyramid app finding the wrong view |
| | | because it mistakenly detects that a route was matched when, in fact, it |
| | | was not. |
| | | |
| | | - The fix for issue https://github.com/Pylons/pyramid/issues/461 (which made |
| | | it possible for instance methods to be used as view callables) introduced a |
| | | backwards incompatibility when methods that declared only a request |
| | | argument were used. See https://github.com/Pylons/pyramid/issues/503 |
| | | |
| | | 1.3b3 (2012-03-17) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - ``config.add_view(<aninstancemethod>)`` raised AttributeError involving |
| | | ``__text__``. See https://github.com/Pylons/pyramid/issues/461 |
| | | |
| | | - Remove references to do-nothing ``pyramid.debug_templates`` setting in all |
| | | Pyramid-provided ``.ini`` files. This setting previously told Chameleon to |
| | | render better exceptions; now Chameleon always renders nice exceptions |
| | | regardless of the value of this setting. |
| | | |
| | | Scaffolds |
| | | --------- |
| | | |
| | | - The ``alchemy`` scaffold now shows an informative error message in the |
| | | browser if the person creating the project forgets to run the |
| | | initialization script. |
| | | |
| | | - The ``alchemy`` scaffold initialization script is now called |
| | | ``initialize_<projectname>_db`` instead of ``populate_<projectname>``. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Wiki tutorials improved due to collaboration at PyCon US 2012 sprints. |
| | | |
| | | 1.3b2 (2012-03-02) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - The method ``pyramid.request.Request.partial_application_url`` is no longer |
| | | in the API docs. It was meant to be a private method; its publication in |
| | | the documentation as an API method was a mistake, and it has been renamed |
| | | to something private. |
| | | |
| | | - When a static view was registered using an absolute filesystem path on |
| | | Windows, the ``request.static_url`` function did not work to generate URLs |
| | | to its resources. Symptom: "No static URL definition matching |
| | | c:\\foo\\bar\\baz". |
| | | |
| | | - Make all tests pass on Windows XP. |
| | | |
| | | - Bug in ACL authentication checking on Python 3: the ``permits`` and |
| | | ``principals_allowed_by_permission`` method of |
| | | ``pyramid.authorization.ACLAuthenticationPolicy`` could return an |
| | | inappropriate ``True`` value when a permission on an ACL was a string |
| | | rather than a sequence, and then only if the ACL permission string was a |
| | | substring of the ``permission`` value passed to the function. |
| | | |
| | | This bug effects no Pyramid deployment under Python 2; it is a bug that |
| | | exists only in deployments running on Python 3. It has existed since |
| | | Pyramid 1.3a1. |
| | | |
| | | This bug was due to the presence of an ``__iter__`` attribute on strings |
| | | under Python 3 which is not present under strings in Python 2. |
| | | |
| | | 1.3b1 (2012-02-26) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - ``pyramid.config.Configurator.with_package`` didn't work if the |
| | | Configurator was an old-style ``pyramid.configuration.Configurator`` |
| | | instance. |
| | | |
| | | - Pyramid authorization policies did not show up in the introspector. |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - All references to the ``tmpl_context`` request variable were removed from |
| | | the docs. Its existence in Pyramid is confusing for people who were never |
| | | Pylons users. It was added as a porting convenience for Pylons users in |
| | | Pyramid 1.0, but it never caught on because the Pyramid rendering system is |
| | | a lot different than Pylons' was, and alternate ways exist to do what it |
| | | was designed to offer in Pylons. It will continue to exist "forever" but |
| | | it will not be recommended or mentioned in the docs. |
| | | |
| | | 1.3a9 (2012-02-22) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Add an ``introspection`` boolean to the Configurator constructor. If this |
| | | is ``True``, actions registered using the Configurator will be registered |
| | | with the introspector. If it is ``False``, they won't. The default is |
| | | ``True``. Setting it to ``False`` during action processing will prevent |
| | | introspection for any following registration statements, and setting it to |
| | | ``True`` will start them up again. This addition is to service a |
| | | requirement that the debug toolbar's own views and methods not show up in |
| | | the introspector. |
| | | |
| | | - New API: ``pyramid.config.Configurator.add_notfound_view``. This is a |
| | | wrapper for ``pyramid.Config.configurator.add_view`` which provides easy |
| | | append_slash support and does the right thing about permissions. It should |
| | | be preferred over calling ``add_view`` directly with |
| | | ``context=HTTPNotFound`` as was previously recommended. |
| | | |
| | | - New API: ``pyramid.view.notfound_view_config``. This is a decorator |
| | | constructor like ``pyramid.view.view_config`` that calls |
| | | ``pyramid.config.Configurator.add_notfound_view`` when scanned. It should |
| | | be preferred over using ``pyramid.view.view_config`` with |
| | | ``context=HTTPNotFound`` as was previously recommended. |
| | | |
| | | - New API: ``pyramid.config.Configurator.add_forbidden_view``. This is a |
| | | wrapper for ``pyramid.Config.configurator.add_view`` which does the right |
| | | thing about permissions. It should be preferred over calling ``add_view`` |
| | | directly with ``context=HTTPForbidden`` as was previously recommended. |
| | | |
| | | - New API: ``pyramid.view.forbidden_view_config``. This is a decorator |
| | | constructor like ``pyramid.view.view_config`` that calls |
| | | ``pyramid.config.Configurator.add_forbidden_view`` when scanned. It should |
| | | be preferred over using ``pyramid.view.view_config`` with |
| | | ``context=HTTPForbidden`` as was previously recommended. |
| | | |
| | | - New APIs: ``pyramid.response.FileResponse`` and |
| | | ``pyramid.response.FileIter``, for usage in views that must serve files |
| | | "manually". |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - Remove ``pyramid.config.Configurator.with_context`` class method. It was |
| | | never an API, it is only used by ``pyramid_zcml`` and its functionality has |
| | | been moved to that package's latest release. This means that you'll need |
| | | to use the 0.9.2 or later release of ``pyramid_zcml`` with this release of |
| | | Pyramid. |
| | | |
| | | - The ``introspector`` argument to the ``pyramid.config.Configurator`` |
| | | constructor API has been removed. It has been replaced by the boolean |
| | | ``introspection`` flag. |
| | | |
| | | - The ``pyramid.registry.noop_introspector`` API object has been removed. |
| | | |
| | | - The older deprecated ``set_notfound_view`` Configurator method is now an |
| | | alias for the new ``add_notfound_view`` Configurator method. Likewise, the |
| | | older deprecated ``set_forbidden_view`` is now an alias for the new |
| | | ``add_forbidden_view``. This has the following impact: the ``context`` sent |
| | | to views with a ``(context, request)`` call signature registered via the |
| | | ``set_notfound_view`` or ``set_forbidden_view`` will now be an exception |
| | | object instead of the actual resource context found. Use |
| | | ``request.context`` to get the actual resource context. It's also |
| | | recommended to disuse ``set_notfound_view`` in favor of |
| | | ``add_notfound_view``, and disuse ``set_forbidden_view`` in favor of |
| | | ``add_forbidden_view`` despite the aliasing. |
| | | |
| | | Deprecations |
| | | ------------ |
| | | |
| | | - The API documentation for ``pyramid.view.append_slash_notfound_view`` and |
| | | ``pyramid.view.AppendSlashNotFoundViewFactory`` was removed. These names |
| | | still exist and are still importable, but they are no longer APIs. Use |
| | | ``pyramid.config.Configurator.add_notfound_view(append_slash=True)`` or |
| | | ``pyramid.view.notfound_view_config(append_slash=True)`` to get the same |
| | | behavior. |
| | | |
| | | - The ``set_forbidden_view`` and ``set_notfound_view`` methods of the |
| | | Configurator were removed from the documentation. They have been |
| | | deprecated since Pyramid 1.1. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - The static file response object used by ``config.add_static_view`` opened |
| | | the static file twice, when it only needed to open it once. |
| | | |
| | | - The AppendSlashNotFoundViewFactory used request.path to match routes. This |
| | | was wrong because request.path contains the script name, and this would |
| | | cause it to fail in circumstances where the script name was not empty. It |
| | | should have used request.path_info, and now does. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Updated the "Creating a Not Found View" section of the "Hooks" chapter, |
| | | replacing explanations of registering a view using ``add_view`` or |
| | | ``view_config`` with ones using ``add_notfound_view`` or |
| | | ``notfound_view_config``. |
| | | |
| | | - Updated the "Creating a Not Forbidden View" section of the "Hooks" chapter, |
| | | replacing explanations of registering a view using ``add_view`` or |
| | | ``view_config`` with ones using ``add_forbidden_view`` or |
| | | ``forbidden_view_config``. |
| | | |
| | | - Updated the "Redirecting to Slash-Appended Routes" section of the "URL |
| | | Dispatch" chapter, replacing explanations of registering a view using |
| | | ``add_view`` or ``view_config`` with ones using ``add_notfound_view`` or |
| | | ``notfound_view_config`` |
| | | |
| | | - Updated all tutorials to use ``pyramid.view.forbidden_view_config`` rather |
| | | than ``pyramid.view.view_config`` with an HTTPForbidden context. |
| | | |
| | | 1.3a8 (2012-02-19) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - The ``scan`` method of a ``Configurator`` can be passed an ``ignore`` |
| | | argument, which can be a string, a callable, or a list consisting of |
| | | strings and/or callables. This feature allows submodules, subpackages, and |
| | | global objects from being scanned. See |
| | | http://readthedocs.org/docs/venusian/en/latest/#ignore-scan-argument for |
| | | more information about how to use the ``ignore`` argument to ``scan``. |
| | | |
| | | - Better error messages when a view callable returns a value that cannot be |
| | | converted to a response (for example, when a view callable returns a |
| | | dictionary without a renderer defined, or doesn't return any value at all). |
| | | The error message now contains information about the view callable itself |
| | | as well as the result of calling it. |
| | | |
| | | - Better error message when a .pyc-only module is ``config.include`` -ed. |
| | | This is not permitted due to error reporting requirements, and a better |
| | | error message is shown when it is attempted. Previously it would fail with |
| | | something like "AttributeError: 'NoneType' object has no attribute |
| | | 'rfind'". |
| | | |
| | | - Add ``pyramid.config.Configurator.add_traverser`` API method. See the |
| | | Hooks narrative documentation section entitled "Changing the Traverser" for |
| | | more information. This is not a new feature, it just provides an API for |
| | | adding a traverser without needing to use the ZCA API. |
| | | |
| | | - Add ``pyramid.config.Configurator.add_resource_url_adapter`` API method. |
| | | See the Hooks narrative documentation section entitled "Changing How |
| | | pyramid.request.Request.resource_url Generates a URL" for more information. |
| | | This is not a new feature, it just provides an API for adding a resource |
| | | url adapter without needing to use the ZCA API. |
| | | |
| | | - The system value ``req`` is now supplied to renderers as an alias for |
| | | ``request``. This means that you can now, for example, in a template, do |
| | | ``req.route_url(...)`` instead of ``request.route_url(...)``. This is |
| | | purely a change to reduce the amount of typing required to use request |
| | | methods and attributes from within templates. The value ``request`` is |
| | | still available too, this is just an alternative. |
| | | |
| | | - A new interface was added: ``pyramid.interfaces.IResourceURL``. An adapter |
| | | implementing its interface can be used to override resource URL generation |
| | | when ``request.resource_url`` is called. This interface replaces the |
| | | now-deprecated ``pyramid.interfaces.IContextURL`` interface. |
| | | |
| | | - The dictionary passed to a resource's ``__resource_url__`` method (see |
| | | "Overriding Resource URL Generation" in the "Resources" chapter) now |
| | | contains an ``app_url`` key, representing the application URL generated |
| | | during ``request.resource_url``. It represents a potentially customized |
| | | URL prefix, containing potentially custom scheme, host and port information |
| | | passed by the user to ``request.resource_url``. It should be used instead |
| | | of ``request.application_url`` where necessary. |
| | | |
| | | - The ``request.resource_url`` API now accepts these arguments: ``app_url``, |
| | | ``scheme``, ``host``, and ``port``. The app_url argument can be used to |
| | | replace the URL prefix wholesale during url generation. The ``scheme``, |
| | | ``host``, and ``port`` arguments can be used to replace the respective |
| | | default values of ``request.application_url`` partially. |
| | | |
| | | - A new API named ``request.resource_path`` now exists. It works like |
| | | ``request.resource_url`` but produces a relative URL rather than an |
| | | absolute one. |
| | | |
| | | - The ``request.route_url`` API now accepts these arguments: ``_app_url``, |
| | | ``_scheme``, ``_host``, and ``_port``. The ``_app_url`` argument can be |
| | | used to replace the URL prefix wholesale during url generation. The |
| | | ``_scheme``, ``_host``, and ``_port`` arguments can be used to replace the |
| | | respective default values of ``request.application_url`` partially. |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - The ``pyramid.interfaces.IContextURL`` interface has been deprecated. |
| | | People have been instructed to use this to register a resource url adapter |
| | | in the "Hooks" chapter to use to influence ``request.resource_url`` URL |
| | | generation for resources found via custom traversers since Pyramid 1.0. |
| | | |
| | | The interface still exists and registering such an adapter still works, but |
| | | this interface will be removed from the software after a few major Pyramid |
| | | releases. You should replace it with an equivalent |
| | | ``pyramid.interfaces.IResourceURL`` adapter, registered using the new |
| | | ``pyramid.config.Configurator.add_resource_url_adapter`` API. A |
| | | deprecation warning is now emitted when a |
| | | ``pyramid.interfaces.IContextURL`` adapter is found when |
| | | ``request.resource_url`` is called. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Don't create a ``session`` instance in SQLA Wiki tutorial, use raw |
| | | ``DBSession`` instead (this is more common in real SQLA apps). |
| | | |
| | | Scaffolding |
| | | ----------- |
| | | |
| | | - Put ``pyramid.includes`` targets within ini files in scaffolds on separate |
| | | lines in order to be able to tell people to comment out only the |
| | | ``pyramid_debugtoolbar`` line when they want to disable the toolbar. |
| | | |
| | | Dependencies |
| | | ------------ |
| | | |
| | | - Depend on ``venusian`` >= 1.0a3 to provide scan ``ignore`` support. |
| | | |
| | | Internal |
| | | -------- |
| | | |
| | | - Create a "MakoRendererFactoryHelper" that provides customizable settings |
| | | key prefixes. Allows settings prefixes other than "mako." to be used to |
| | | create different factories that don't use the global mako settings. This |
| | | will be useful for the debug toolbar, which can currently be sabotaged by |
| | | someone using custom mako configuration settings. |
| | | |
| | | 1.3a7 (2012-02-07) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - More informative error message when a ``config.include`` cannot find an |
| | | ``includeme``. See https://github.com/Pylons/pyramid/pull/392. |
| | | |
| | | - Internal: catch unhashable discriminators early (raise an error instead of |
| | | allowing them to find their way into resolveConflicts). |
| | | |
| | | - The `match_param` view predicate now accepts a string or a tuple. |
| | | This replaces the broken behavior of accepting a dict. See |
| | | https://github.com/Pylons/pyramid/issues/425 for more information. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - The process will now restart when ``pserve`` is used with the ``--reload`` |
| | | flag when the ``development.ini`` file (or any other .ini file in use) is |
| | | changed. See https://github.com/Pylons/pyramid/issues/377 and |
| | | https://github.com/Pylons/pyramid/pull/411 |
| | | |
| | | - The ``prequest`` script would fail when used against URLs which did not |
| | | return HTML or text. See https://github.com/Pylons/pyramid/issues/381 |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - The `match_param` view predicate no longer accepts a dict. This will |
| | | have no negative affect because the implementation was broken for |
| | | dict-based arguments. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Add a traversal hello world example to the narrative docs. |
| | | |
| | | 1.3a6 (2012-01-20) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - New API: ``pyramid.config.Configurator.set_request_property``. Add lazy |
| | | property descriptors to a request without changing the request factory. |
| | | This method provides conflict detection and is the suggested way to add |
| | | properties to a request. |
| | | |
| | | - Responses generated by Pyramid's ``static_view`` now use |
| | | a ``wsgi.file_wrapper`` (see |
| | | http://www.python.org/dev/peps/pep-0333/#optional-platform-specific-file-handling) |
| | | when one is provided by the web server. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Views registered with an ``accept`` could not be overridden correctly with |
| | | a different view that had the same predicate arguments. See |
| | | https://github.com/Pylons/pyramid/pull/404 for more information. |
| | | |
| | | - When using a dotted name for a ``view`` argument to |
| | | ``Configurator.add_view`` that pointed to a class with a ``view_defaults`` |
| | | decorator, the view defaults would not be applied. See |
| | | https://github.com/Pylons/pyramid/issues/396 . |
| | | |
| | | - Static URL paths were URL-quoted twice. See |
| | | https://github.com/Pylons/pyramid/issues/407 . |
| | | |
| | | 1.3a5 (2012-01-09) |
| | | ================== |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - The ``pyramid.view.view_defaults`` decorator did not work properly when |
| | | more than one view relied on the defaults being different for configuration |
| | | conflict resolution. See https://github.com/Pylons/pyramid/issues/394. |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - The ``path_info`` route and view predicates now match against |
| | | ``request.upath_info`` (Unicode) rather than ``request.path_info`` |
| | | (indeterminate value based on Python 3 vs. Python 2). This has to be done |
| | | to normalize matching on Python 2 and Python 3. |
| | | |
| | | 1.3a4 (2012-01-05) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - New API: ``pyramid.request.Request.set_property``. Add lazy property |
| | | descriptors to a request without changing the request factory. New |
| | | properties may be reified, effectively caching the value for the lifetime |
| | | of the instance. Common use-cases for this would be to get a database |
| | | connection for the request or identify the current user. |
| | | |
| | | - Use the ``waitress`` WSGI server instead of ``wsgiref`` in scaffolding. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - The documentation of ``pyramid.events.subscriber`` indicated that using it |
| | | as a decorator with no arguments like this:: |
| | | |
| | | @subscriber() |
| | | def somefunc(event): |
| | | pass |
| | | |
| | | Would register ``somefunc`` to receive all events sent via the registry, |
| | | but this was untrue. Instead, it would receive no events at all. This has |
| | | now been fixed and the code matches the documentation. See also |
| | | https://github.com/Pylons/pyramid/issues/386 |
| | | |
| | | - Literal portions of route patterns were not URL-quoted when ``route_url`` |
| | | or ``route_path`` was used to generate a URL or path. |
| | | |
| | | - The result of ``route_path`` or ``route_url`` might have been ``unicode`` |
| | | or ``str`` depending on the input. It is now guaranteed to always be |
| | | ``str``. |
| | | |
| | | - URL matching when the pattern contained non-ASCII characters in literal |
| | | parts was indeterminate. Now the pattern supplied to ``add_route`` is |
| | | assumed to be either: a ``unicode`` value, or a ``str`` value that contains |
| | | only ASCII characters. If you now want to match the path info from a URL |
| | | that contains high order characters, you can pass the Unicode |
| | | representation of the decoded path portion in the pattern. |
| | | |
| | | - When using a ``traverse=`` route predicate, traversal would fail with a |
| | | URLDecodeError if there were any high-order characters in the traversal |
| | | pattern or in the matched dynamic segments. |
| | | |
| | | - Using a dynamic segment named ``traverse`` in a route pattern like this:: |
| | | |
| | | config.add_route('trav_route', 'traversal/{traverse:.*}') |
| | | |
| | | Would cause a ``UnicodeDecodeError`` when the route was matched and the |
| | | matched portion of the URL contained any high-order characters. See |
| | | https://github.com/Pylons/pyramid/issues/385 . |
| | | |
| | | - When using a ``*traverse`` stararg in a route pattern, a URL that matched |
| | | that possessed a ``@@`` in its name (signifying a view name) would be |
| | | inappropriately quoted by the traversal machinery during traversal, |
| | | resulting in the view not being found properly. See |
| | | https://github.com/Pylons/pyramid/issues/382 and |
| | | https://github.com/Pylons/pyramid/issues/375 . |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - String values passed to ``route_url`` or ``route_path`` that are meant to |
| | | replace "remainder" matches will now be URL-quoted except for embedded |
| | | slashes. For example:: |
| | | |
| | | config.add_route('remain', '/foo*remainder') |
| | | request.route_path('remain', remainder='abc / def') |
| | | # -> '/foo/abc%20/%20def' |
| | | |
| | | Previously string values passed as remainder replacements were tacked on |
| | | untouched, without any URL-quoting. But this doesn't really work logically |
| | | if the value passed is Unicode (raw unicode cannot be placed in a URL or in |
| | | a path) and it is inconsistent with the rest of the URL generation |
| | | machinery if the value is a string (it won't be quoted unless by the |
| | | caller). |
| | | |
| | | Some folks will have been relying on the older behavior to tack on query |
| | | string elements and anchor portions of the URL; sorry, you'll need to |
| | | change your code to use the ``_query`` and/or ``_anchor`` arguments to |
| | | ``route_path`` or ``route_url`` to do this now. |
| | | |
| | | - If you pass a bytestring that contains non-ASCII characters to |
| | | ``add_route`` as a pattern, it will now fail at startup time. Use Unicode |
| | | instead. |
| | | |
| | | 1.3a3 (2011-12-21) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Added a ``prequest`` script (along the lines of ``paster request``). It is |
| | | documented in the "Command-Line Pyramid" chapter in the section entitled |
| | | "Invoking a Request". |
| | | |
| | | - Add undocumented ``__discriminator__`` API to derived view callables. |
| | | e.g. ``adapters.lookup(...).__discriminator__(context, request)``. It will |
| | | be used by superdynamic systems that require the discriminator to be used |
| | | for introspection after manual view lookup. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Normalized exit values and ``-h`` output for all ``p*`` scripts |
| | | (``pviews``, ``proutes``, etc). |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Added a section named "Making Your Script into a Console Script" in the |
| | | "Command-Line Pyramid" chapter. |
| | | |
| | | - Removed the "Running Pyramid on Google App Engine" tutorial from the main |
| | | docs. It survives on in the Cookbook |
| | | (http://docs.pylonsproject.org/projects/pyramid_cookbook/en/latest/deployment/gae.html). |
| | | Rationale: it provides the correct info for the Python 2.5 version of GAE |
| | | only, and this version of Pyramid does not support Python 2.5. |
| | | |
| | | 1.3a2 (2011-12-14) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - New API: ``pyramid.view.view_defaults``. If you use a class as a view, you |
| | | can use the new ``view_defaults`` class decorator on the class to provide |
| | | defaults to the view configuration information used by every |
| | | ``@view_config`` decorator that decorates a method of that class. It also |
| | | works against view configurations involving a class made imperatively. |
| | | |
| | | - Added a backwards compatibility knob to ``pcreate`` to emulate ``paster |
| | | create`` handling for the ``--list-templates`` option. |
| | | |
| | | - Changed scaffolding machinery around a bit to make it easier for people who |
| | | want to have extension scaffolds that can work across Pyramid 1.0.X, 1.1.X, |
| | | 1.2.X and 1.3.X. See the new "Creating Pyramid Scaffolds" chapter in the |
| | | narrative documentation for more info. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - Added documentation to "View Configuration" narrative documentation chapter |
| | | about ``view_defaults`` class decorator. |
| | | |
| | | - Added API docs for ``view_defaults`` class decorator. |
| | | |
| | | - Added an API docs chapter for ``pyramid.scaffolds``. |
| | | |
| | | - Added a narrative docs chapter named "Creating Pyramid Scaffolds". |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - The ``template_renderer`` method of ``pyramid.scaffolds.PyramidScaffold`` |
| | | was renamed to ``render_template``. If you were overriding it, you're a |
| | | bad person, because it wasn't an API before now. But we're nice so we're |
| | | letting you know. |
| | | |
| | | 1.3a1 (2011-12-09) |
| | | ================== |
| | | |
| | | Features |
| | | -------- |
| | | |
| | | - Python 3.2 compatibility. |
| | | |
| | | - New ``pyramid.compat`` module and API documentation which provides Python |
| | | 2/3 straddling support for Pyramid add-ons and development environments. |
| | | |
| | | - A ``mako.directories`` setting is no longer required to use Mako templates |
| | | Rationale: Mako template renderers can be specified using an absolute asset |
| | | spec. An entire application can be written with such asset specs, |
| | | requiring no ordered lookup path. |
| | | |
| | | - ``bpython`` interpreter compatibility in ``pshell``. See the "Command-Line |
| | | Pyramid" narrative docs chapter for more information. |
| | | |
| | | - Added ``get_appsettings`` API function to the ``pyramid.paster`` module. |
| | | This function returns the settings defined within an ``[app:...]`` section |
| | | in a PasteDeploy ini file. |
| | | |
| | | - Added ``setup_logging`` API function to the ``pyramid.paster`` module. |
| | | This function sets up Python logging according to the logging configuration |
| | | in a PasteDeploy ini file. |
| | | |
| | | - Configuration conflict reporting is reported in a more understandable way |
| | | ("Line 11 in file..." vs. a repr of a tuple of similar info). |
| | | |
| | | - A configuration introspection system was added; see the narrative |
| | | documentation chapter entitled "Pyramid Configuration Introspection" for |
| | | more information. New APIs: ``pyramid.registry.Introspectable``, |
| | | ``pyramid.config.Configurator.introspector``, |
| | | ``pyramid.config.Configurator.introspectable``, |
| | | ``pyramid.registry.Registry.introspector``. |
| | | |
| | | - Allow extra keyword arguments to be passed to the |
| | | ``pyramid.config.Configurator.action`` method. |
| | | |
| | | - New APIs: ``pyramid.path.AssetResolver`` and |
| | | ``pyramid.path.DottedNameResolver``. The former can be used to resolve |
| | | asset specifications, the latter can be used to resolve dotted names to |
| | | modules or packages. |
| | | |
| | | Bug Fixes |
| | | --------- |
| | | |
| | | - Make test suite pass on 32-bit systems; closes #286. closes #306. |
| | | See also https://github.com/Pylons/pyramid/issues/286 |
| | | |
| | | - The ``pyramid.view.view_config`` decorator did not accept a ``match_params`` |
| | | predicate argument. See https://github.com/Pylons/pyramid/pull/308 |
| | | |
| | | - The AuthTktCookieHelper could potentially generate Unicode headers |
| | | inappropriately when the ``tokens`` argument to remember was used. See |
| | | https://github.com/Pylons/pyramid/pull/314. |
| | | |
| | | - The AuthTktAuthenticationPolicy did not use a timing-attack-aware string |
| | | comparator. See https://github.com/Pylons/pyramid/pull/320 for more info. |
| | | |
| | | - The DummySession in ``pyramid.testing`` now generates a new CSRF token if |
| | | one doesn't yet exist. |
| | | |
| | | - ``request.static_url`` now generates URL-quoted URLs when fed a ``path`` |
| | | argument which contains characters that are unsuitable for URLs. See |
| | | https://github.com/Pylons/pyramid/issues/349 for more info. |
| | | |
| | | - Prevent a scaffold rendering from being named ``site`` (conflicts with |
| | | Python internal site.py). |
| | | |
| | | - Support for using instances as targets of the ``pyramid.wsgi.wsgiapp`` and |
| | | ``pryramid.wsgi.wsgiapp2`` functions. |
| | | See https://github.com/Pylons/pyramid/pull/370 for more info. |
| | | |
| | | Backwards Incompatibilities |
| | | --------------------------- |
| | | |
| | | - Pyramid no longer runs on Python 2.5 (which includes the most recent |
| | | release of Jython and the Python 2.5 version of GAE as of this writing). |
| | | |
| | | - The ``paster`` command is no longer the documented way to create projects, |
| | | start the server, or run debugging commands. To create projects from |
| | | scaffolds, ``paster create`` is replaced by the ``pcreate`` console script. |
| | | To serve up a project, ``paster serve`` is replaced by the ``pserve`` |
| | | console script. New console scripts named ``pshell``, ``pviews``, |
| | | ``proutes``, and ``ptweens`` do what their ``paster <commandname>`` |
| | | equivalents used to do. Rationale: the Paste and PasteScript packages do |
| | | not run under Python 3. |
| | | |
| | | - The default WSGI server run as the result of ``pserve`` from newly rendered |
| | | scaffolding is now the ``wsgiref`` WSGI server instead of the |
| | | ``paste.httpserver`` server. Rationale: Rationale: the Paste and |
| | | PasteScript packages do not run under Python 3. |
| | | |
| | | - The ``pshell`` command (see "paster pshell") no longer accepts a |
| | | ``--disable-ipython`` command-line argument. Instead, it accepts a ``-p`` |
| | | or ``--python-shell`` argument, which can be any of the values ``python``, |
| | | ``ipython`` or ``bpython``. |
| | | |
| | | - Removed the ``pyramid.renderers.renderer_from_name`` function. It has been |
| | | deprecated since Pyramid 1.0, and was never an API. |
| | | |
| | | - To use ZCML with versions of Pyramid >= 1.3, you will need ``pyramid_zcml`` |
| | | version >= 0.8 and ``zope.configuration`` version >= 3.8.0. The |
| | | ``pyramid_zcml`` package version 0.8 is backwards compatible all the way to |
| | | Pyramid 1.0, so you won't be warned if you have older versions installed |
| | | and upgrade Pyramid "in-place"; it may simply break instead. |
| | | |
| | | Dependencies |
| | | ------------ |
| | | |
| | | - Pyramid no longer depends on the ``zope.component`` package, except as a |
| | | testing dependency. |
| | | |
| | | - Pyramid now depends on a zope.interface>=3.8.0, WebOb>=1.2dev, |
| | | repoze.lru>=0.4, zope.deprecation>=3.5.0, translationstring>=0.4 (for |
| | | Python 3 compatibility purposes). It also, as a testing dependency, |
| | | depends on WebTest>=1.3.1 for the same reason. |
| | | |
| | | - Pyramid no longer depends on the Paste or PasteScript packages. |
| | | |
| | | Documentation |
| | | ------------- |
| | | |
| | | - The SQLAlchemy Wiki tutorial has been updated. It now uses |
| | | ``@view_config`` decorators and an explicit database population script. |
| | | |
| | | - Minor updates to the ZODB Wiki tutorial. |
| | | |
| | | - A narrative documentation chapter named "Extending Pyramid Configuration" |
| | | was added; it describes how to add a new directive, and how use the |
| | | ``pyramid.config.Configurator.action`` method within custom directives. It |
| | | also describes how to add introspectable objects. |
| | | |
| | | - A narrative documentation chapter named "Pyramid Configuration |
| | | Introspection" was added. It describes how to query the introspection |
| | | system. |
| | | |
| | | Scaffolds |
| | | --------- |
| | | |
| | | - Rendered scaffolds have now been changed to be more relocatable (fewer |
| | | mentions of the package name within files in the package). |
| | | |
| | | - The ``routesalchemy`` scaffold has been renamed ``alchemy``, replacing the |
| | | older (traversal-based) ``alchemy`` scaffold (which has been retired). |
| | | |
| | | - The ``starter`` scaffold now uses URL dispatch by default. |
| | | |
| | | 1.2 (2011-09-12) |
| | | ================ |
| | | |
| | |
| | | package at all; configuration in the ``production.ini`` file which used to |
| | | require its ``error_catcher`` middleware has been removed. Configuring |
| | | error catching / email sending is now the domain of the ``pyramid_exclog`` |
| | | package (see https://docs.pylonsproject.org/projects/pyramid_exclog/dev/). |
| | | package (see http://docs.pylonsproject.org/projects/pyramid_exclog/en/latest/). |
| | | |
| | | Bug Fixes |
| | | --------- |
| | |
| | | |
| | | - Moved "Using ZODB With ZEO" and "Using repoze.catalog Within Pyramid" |
| | | tutorials out of core documentation and into the Pyramid Tutorials site |
| | | (http://docs.pylonsproject.org/projects/pyramid_tutorials/dev/). |
| | | (http://docs.pylonsproject.org/projects/pyramid_tutorials/en/latest/). |
| | | |
| | | - Changed "Cleaning up After a Request" section in the URL Dispatch chapter |
| | | to use ``request.add_finished_callback`` instead of jamming an object with |
| | |
| | | |
| | | - Add ``wild_domain`` argument to AuthTktAuthenticationPolicy, which defaults |
| | | to ``True``. If it is set to ``False``, the feature of the policy which |
| | | sets a cookie with a wilcard domain will be turned off. |
| | | sets a cookie with a wildcard domain will be turned off. |
| | | |
| | | - Add a ``MANIFEST.in`` file to each paster template. See |
| | | https://github.com/Pylons/pyramid/issues#issue/95 |
| | |
| | | Pyramid core. Handlers are now a feature of the ``pyramid_handlers`` |
| | | package, which can be downloaded from PyPI. Documentation for the package |
| | | should be available via |
| | | http://pylonsproject.org/projects/pyramid_handlers/dev/, which describes how |
| | | http://docs.pylonsproject.org/projects/pyramid_handlers/en/latest/, |
| | | which describes how |
| | | to add a configuration statement to your ``main`` block to reobtain this |
| | | method. You will also need to add an ``install_requires`` dependency upon |
| | | ``pyramid_handlers`` to your ``setup.py`` file. |
| | |
| | | Pyramid core. Loading ZCML is now a feature of the ``pyramid_zcml`` |
| | | package, which can be downloaded from PyPI. Documentation for the package |
| | | should be available via |
| | | http://pylonsproject.org/projects/pyramid_zcml/dev/, which describes how |
| | | http://docs.pylonsproject.org/projects/pyramid_zcml/en/latest/, |
| | | which describes how |
| | | to add a configuration statement to your ``main`` block to reobtain this |
| | | method. You will also need to add an ``install_requires`` dependency upon |
| | | ``pyramid_zcml`` to your ``setup.py`` file. |