Hello, everybody.

I am pleased to announce the first beta release of repoze.what, the 
authorization framework for WSGI applications. For more information, you may 
visit the repoze.what website:


* Removed dependencies on TurboGears and Pylons.
* Introduced a framework-independent function 
  (repoze.what.authorize.check_authorization) to check authorization 
  based on a predicate and the WSGI environment, along with the
  repoze.what.authorize.NotAuthorizedError exception.
* Now repoze.what is 100% documented.
* Moved the predicates from repoze.what.authorize to
  repoze.what.predicates. Nevertheless, they are imported in the former
  to avoid breaking TurboGears 2 applications created when 
  tg.ext.repoze.who or tgext.authorization existed.
* Added the Not predicate.
* Now you can override the error message of the built-in predicates or set
 your own message at instantiation time by passing the ``msg`` keywork
 argument to the predicate. Example::
      from repoze.what.predicates import is_user
      my_predicate = is_user('carla', msg="Only Carla may come here")
  As a result, if your custom predicate defines the constructor method
  (``__init__``), then you're highly encouraged to call its parent with the
  ``msg`` keyword argument. Example::
      from repoze.what.predicates import Predicate
      class MyCoolPredicate(Predicate):
          def __init__(self, **kwargs):
              super(MyCoolPredicate, self).__init__(**kwargs)
* Moved the SQL plugin (repoze.what.plugins.sql) into a separate
  package. Also moved repoze.what.plugins.quickstart into that package
  because it's specific to the SQL plugin.
* Log messages are no longer sent to standard output if the ``WHO_LOG``
  environment variable is defined, but with ``AUTH_LOG``.
* Now repoze.what uses logging internally to ease debugging.

Backwards-incompatible changes

* If you have custom predicates, you should update the ``eval_with_object`` 
  method, which has been renamed to ``_eval_with_environ`` and only receives
  one argument (the WSGI environment). This is, if your method's signature
  looks like this::

      eval_with_object(obj, errors)

  Now it should look like this::
  Note that ``errors`` are no longer passed.
  On the other hand, the ``error_message`` attribute of predicates has been
  renamed to ``message`` because they are not only used to display errors
  (see repoze.what.predicates).
* The repoze.what.authorize.require decorator has been removed because 
  it's specific to TurboGears. TurboGears 2 applications will find it at

Because this is the first beta release, there should not be more backwards
incompatible changes in the coming 1.X releases.

Gustavo Narea <http://gustavonarea.net/>.

Get rid of unethical constraints! Get freedomware:

Attachment: signature.asc
Description: This is a digitally signed message part.

Repoze-dev mailing list

Reply via email to