Awesome docs, Gustavo. I really like the @require decorator for tg.
Wonder how easy it would be to create a security policy in bfg that
would perform the same way.
On Nov 26, 2008, at 2:54 PM, Gustavo Narea wrote:
> Hello, everybody.
> I am pleased to announce the first beta release of repoze.what, the
> authorization framework for WSGI applications. For more
> information, you may
> visit the repoze.what website:
> * Removed dependencies on TurboGears and Pylons.
> * Introduced a framework-independent function
> (repoze.what.authorize.check_authorization) to check authorization
> based on a predicate and the WSGI environment, along with the
> repoze.what.authorize.NotAuthorizedError exception.
> * Now repoze.what is 100% documented.
> * Moved the predicates from repoze.what.authorize to
> repoze.what.predicates. Nevertheless, they are imported in the
> to avoid breaking TurboGears 2 applications created when
> tg.ext.repoze.who or tgext.authorization existed.
> * Added the Not predicate.
> * Now you can override the error message of the built-in predicates
> or set
> your own message at instantiation time by passing the ``msg`` keywork
> argument to the predicate. Example::
> from repoze.what.predicates import is_user
> my_predicate = is_user('carla', msg="Only Carla may come here")
> As a result, if your custom predicate defines the constructor method
> (``__init__``), then you're highly encouraged to call its parent
> with the
> ``msg`` keyword argument. Example::
> from repoze.what.predicates import Predicate
> class MyCoolPredicate(Predicate):
> def __init__(self, **kwargs):
> super(MyCoolPredicate, self).__init__(**kwargs)
> * Moved the SQL plugin (repoze.what.plugins.sql) into a separate
> package. Also moved repoze.what.plugins.quickstart into that package
> because it's specific to the SQL plugin.
> * Log messages are no longer sent to standard output if the
> environment variable is defined, but with ``AUTH_LOG``.
> * Now repoze.what uses logging internally to ease debugging.
> Backwards-incompatible changes
> * If you have custom predicates, you should update the
> method, which has been renamed to ``_eval_with_environ`` and only
> one argument (the WSGI environment). This is, if your method's
> looks like this::
> eval_with_object(obj, errors)
> Now it should look like this::
> Note that ``errors`` are no longer passed.
> On the other hand, the ``error_message`` attribute of predicates
> has been
> renamed to ``message`` because they are not only used to display
> (see repoze.what.predicates).
> * The repoze.what.authorize.require decorator has been removed because
> it's specific to TurboGears. TurboGears 2 applications will find
> it at
> Because this is the first beta release, there should not be more
> incompatible changes in the coming 1.X releases.
> Gustavo Narea <http://gustavonarea.net/>.
> Get rid of unethical constraints! Get freedomware:
> Repoze-dev mailing list
Repoze-dev mailing list