Pyramid 1.5a3 has been released. Here's what happened since the last
release in the 1.5 series (1.5a2):
Features
--------
- An authorization API has been added as a method of the request:
``request.has_permission``.
``request.has_permission`` is a method-based alternative to the
``pyramid.security.has_permission`` API and works exactly the
same. The older API is now deprecated.
- Property API attributes have been added to the request for easier
access to authentication data: ``request.authenticated_userid``,
``request.unauthenticated_userid``, and
``request.effective_principals``.
These are analogues, respectively, of
``pyramid.security.authenticated_userid``,
``pyramid.security.unauthenticated_userid``, and
``pyramid.security.effective_principals``. They operate exactly
the same, except they are attributes of the request instead of
functions accepting a request. They are properties, so they
cannot be assigned to. The older function-based APIs are now
deprecated.
- Pyramid's console scripts (``pserve``, ``pviews``, etc) can now be
run directly, allowing custom arguments to be sent to the python
interpreter at runtime. For example::
python -3 -m pyramid.scripts.pserve development.ini
- Added a specific subclass of ``HTTPBadRequest`` named
``pyramid.exceptions.BadCSRFToken`` which will now be raised in
response to failures in ``check_csrf_token``. See
https://github.com/Pylons/pyramid/pull/1149
- Added a new ``SignedCookieSessionFactory`` which is very similar
to the ``UnencryptedCookieSessionFactoryConfig`` but with a
clearer focus on signing content. The custom serializer arguments
to this function should only focus on serializing, unlike its
predecessor which required the serializer to also perform signing.
See https://github.com/Pylons/pyramid/pull/1142 . Note that
cookies generated using ``SignedCookieSessionFactory`` are not
compatible with cookies generated using
``UnencryptedCookieSessionFactory``, so existing user session data
will be destroyed if you switch to it.
- Added a new ``BaseCookieSessionFactory`` which acts as a generic
cookie factory that can be used by framework implementors to
create their own session implementations. It provides a reusable
API which focuses strictly on providing a dictionary-like object
that properly handles renewals, timeouts, and conformance with the
``ISession`` API. See https://github.com/Pylons/pyramid/pull/1142
- The anchor argument to ``pyramid.request.Request.route_url`` and
``pyramid.request.Request.resource_url`` and their derivatives
will now be escaped via URL quoting to ensure minimal conformance.
See https://github.com/Pylons/pyramid/pull/1183
- Allow sending of ``_query`` and ``_anchor`` options to
``pyramid.request.Request.static_url`` when an external URL is
being generated. See https://github.com/Pylons/pyramid/pull/1183
- You can now send a string as the ``_query`` argument to
``pyramid.request.Request.route_url`` and
``pyramid.request.Request.resource_url`` and their derivatives.
When a string is sent instead of a list or dictionary. it is
URL-quoted however it does not need to be in ``k=v`` form. This
is useful if you want to be able to use a different query string
format than ``x-www-form-urlencoded``. See
https://github.com/Pylons/pyramid/pull/1183
- ``pyramid.testing.DummyRequest`` now has a ``domain`` attribute to
match the new WebOb 1.3 API. Its value is ``example.com``.
Bug Fixes
---------
- Fix the ``pcreate`` script so that when the target directory name
ends with a slash it does not produce a non-working project
directory structure. Previously saying ``pcreate -s starter
/foo/bar/`` produced different output than saying ``pcreate -s
starter /foo/bar``. The former did not work properly.
- Fix the ``principals_allowed_by_permission`` method of
``ACLAuthorizationPolicy`` so it anticipates a callable
``__acl__`` on resources. Previously it did not try to call the
``__acl__`` if it was callable.
- The ``pviews`` script did not work when a url required custom
request methods in order to perform traversal. Custom methods and
descriptors added via
``pyramid.config.Configurator.add_request_method`` will now be
present, allowing traversal to continue. See
https://github.com/Pylons/pyramid/issues/1104
- Remove unused ``renderer`` argument from
``Configurator.add_route``.
- Allow the ``BasicAuthenticationPolicy`` to work with non-ascii
usernames and passwords. The charset is not passed as part of the
header and different browsers alternate between UTF-8 and Latin-1,
so the policy now attempts to decode with UTF-8 first, and will
fallback to Latin-1. See
https://github.com/Pylons/pyramid/pull/1170
- The ``@view_defaults`` now apply to notfound and forbidden views
that are defined as methods of a decorated class. See
https://github.com/Pylons/pyramid/issues/1173
Documentation
-------------
- Added a "Quick Tutorial" to go with the Quick Tour
- Removed mention of ``pyramid_beaker`` from docs. Beaker is no
longer maintained. Point people at ``pyramid_redis_sessions``
instead.
- Add documentation for ``pyramid.interfaces.IRendererFactory`` and
``pyramid.interfaces.IRenderer``.
Backwards Incompatibilities
---------------------------
- The key/values in the ``_query`` parameter of
``request.route_url`` and the ``query`` parameter of
``request.resource_url`` (and their variants), used to encode a
value of ``None`` as the string ``'None'``, leaving the resulting
query string to be ``a=b&key=None``. The value is now dropped in
this situation, leaving a query string of ``a=b&key=``. See
https://github.com/Pylons/pyramid/issues/1119
Deprecations
------------
- Deprecate the ``pyramid.interfaces.ITemplateRenderer``
interface. It was ill-defined and became unused when Mako and
Chameleon template bindings were split into their own packages.
- The ``pyramid.session.UnencryptedCookieSessionFactoryConfig`` API
has been deprecated and is superseded by the
``pyramid.session.SignedCookieSessionFactory``. Note that while
the cookies generated by the
``UnencryptedCookieSessionFactoryConfig`` are compatible with
cookies generated by old releases, cookies generated by the
SignedCookieSessionFactory are not. See
https://github.com/Pylons/pyramid/pull/1142
- The ``pyramid.security.has_permission`` API is now deprecated.
Instead, use the newly-added ``has_permission`` method of the
request object.
- The ``pyramid.security.effective_principals`` API is now
deprecated. Instead, use the newly-added ``effective_principals``
attribute of the request object.
- The ``pyramid.security.authenticated_userid`` API is now
deprecated. Instead, use the newly-added ``authenticated_userid``
attribute of the request object.
- The ``pyramid.security.unauthenticated_userid`` API is now
deprecated. Instead, use the newly-added
``unauthenticated_userid`` attribute of the request object.
Dependencies
------------
- Pyramid now depends on WebOb>=1.3 (it uses
``webob.cookies.CookieProfile`` from 1.3+).
A detailed "What's New in Pyramid 1.5" document is available at
http://docs.pylonsproject.org/projects/pyramid/en/master/whatsnew-1.5.html
The documentation for the release is available at
http://docs.pylonsproject.org/projects/pyramid/en/1.5-branch/ .
You can install it via PyPI:
easy_install Pyramid==1.5a3
Enjoy, and please report any issues you find to the issue tracker at
https://github.com/Pylons/pyramid/issues
Thanks!
- C
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/groups/opt_out.