repoze.bfg 1.0a1 has been released.  This release concentrated on normalizing 
the difference between "traversal-based" and "URL-dispatch" based apps.  If 
you're using an application based on URL dispatch, your app should still work 
fine *unless* you've create a custom "context factory" (you probably haven't). 
See the below changelog for more information.

I've made the "current" index ( point 
at a directory containing the 1.0a1 release.  This means that version 0.9.1 is 
no longer the "current" release, even though it's not an alpha.  Alpha releases 
don't usually make it to the "current" index, but we're going to make the 1.0 
series (1.0a, then 1.0b) "current" until we get to 1.0, as there won't be any 
more features added; only bugfixes will occur.  In other words, 1.0a1 is a 
"release candidate", and in the unlikely event we don't find any bugs in it, it 
will become 1.0.

I've also updated the docs rendering at .

We should be able release 1.0 final very soon.  Releases in the 1.X series will 
guarantee compatibility with older 1.X releases.  Development on the 1.X series 
will be very conservative.  The bit that still needs the most work before we 
cut a 1.0 final is to sanity-check the tutorials, particularly the "BFG URL 
Dispatch + SQLAlchemy Tutorial" 
(  It would also be 
good if folks who are using older releases would upgrade to 1.0a1 (e.g. 
"easy_install -U -i repoze.bfg") and 
make sure their apps still work as they expect.

Many thanks to Carlos de la Guardia, Reed O'Brien, and Tres Seaver for helping 
with various documentation, design and implementation bits of this release.

Here's the 1.0a1 changelog (delta from 0.9.1).

1.0a1 (2009-06-22)


- A new ZCML directive was added named ``notfound``.  This ZCML
   directive can be used to name a view that should be invoked when the
   request can't otherwise be resolved to a view callable.  For example::


- A new ZCML directive was added named ``forbidden``.  This ZCML
   directive can be used to name a view that should be invoked when a
   view callable for a request is found, but cannot be invoked due to
   an authorization failure.  For example::


- Allow views to be *optionally* defined as callables that accept only
   a request object, instead of both a context and a request (which
   still works, and always will).  The following types work as views in
   this style:

   - functions that accept a single argument ``request``, e.g.::

       def aview(request):

   - new and old-style classes that have an ``__init__`` method that
     accepts ``self, request``, e.g.::

       def View(object):
           __init__(self, request):

   - Arbitrary callables that have a ``__call__`` method that accepts
     ``self, request``, e.g.::

       def AView(object):
           def __call__(self, request):
       view = AView()

   This likely should have been the calling convention all along, as
   the request has ``context`` as an attribute already, and with views
   called as a result of URL dispatch, having the context in the
   arguments is not very useful.  C'est la vie.

- Cache the absolute path in the caller's package globals within
   ``repoze.bfg.path`` to get rid of repeated (expensive) calls to

- Add ``reissue_time`` and ``timeout`` parameters to
   constructor.  If these are passed, cookies will be reset every so
   often (cadged from the same change to repoze.who lately).

- The matchdict related to the matching of a Routes route is available
   on the request as the ``matchdict`` attribute:
   ``request.matchdict``.  If no route matched, this attribute will be

- Make 404 responses slightly cheaper by showing
   ``environ["PATH_INFO"]`` on the notfound result page rather than the
   fullly computed URL.

- Move LRU cache implementation into a separate package

- The concepts of traversal and URL dispatch have been unified.  It is
   now possible to use the same sort of factory as both a traversal
   "root factory" and what used to be referred to as a urldispatch
   "context factory".

- When the root factory argument (as a first argument) passed to
   ``repoze.bfg.router.make_app`` is ``None``, a *default* root factory
   is used.  This is in support of using routes as "root finders"; it
   supplants the idea that there is a default

- The `view`` ZCML statement and the ``repoze.bfg.view.bfg_view``
   decorator now accept an extra argument: ``route_name``.  If a
   ``route_name`` is specified, it must match the name of a previously
   defined ``route`` statement.  When it is specified, the view will
   only be called when that route matches during a request.

- It is now possible to perfom traversal *after* a route has matched.
   Use the pattern ``*traverse`` in a ``<route>`` ``path`` attribute
   within ZCML, and the path remainder which it matches will be used as
   a traversal path.

- When any route defined matches, the WSGI environment will now
   contain a key ``bfg.routes.route`` (the Route object which matched),
   and a key ``bfg.routes.matchdict`` (the result of calling route.match).


- Utility registrations against
   ``repoze.bfg.interfaces.INotFoundView`` and
   ``repoze.bfg.interfaces.IForbiddenView`` are now deprecated.  Use
   the ``notfound`` and ``forbidden`` ZCML directives instead (see the
   "Hooks" chapter for more information).  Such registrations will
   continue to work, but the notfound and forbidden directives do
   "extra work" to ensure that the callable named by the directive can
   be called by the router even if it's a class or
   request-argument-only view.


- The ``IRoutesContext``, ``IRoutesContextFactory``, and
   ``IContextNotFound`` interfaces were removed from
   ``repoze.bfg.interfaces``.  These were never APIs.

- The ``repoze.bfg.urldispatch.RoutesContextNotFound``,
   ``repoze.bfg.urldispatch.RoutesModelTraverser`` and
   ``repoze.bfg.urldispatch.RoutesContextURL`` classes were removed.
   These were also never APIs.

Backwards Incompatibilities

- Moved the ``repoze.bfg.push`` module, which implemented the ``pushpage``
   decorator, into a separate distribution, ``repoze.bfg.pushpage``.
   Applications which used this decorator should continue to work after
   adding that distribution to their installation requirements.

- Changing the default request factory via an IRequestFactory utility
   registration (as used to be documented in the "Hooks" chapter's
   "Changing the request factory" section) is no longer supported.  The
   dance to manufacture a request is complicated as a result of
   unifying traversal and url dispatch, making it highly unlikely for
   anyone to be able to override it properly.  For those who just want
   to decorate or modify a request, use a NewRequestEvent subscriber
   (see the Events chapter in the documentation).

- The ``repoze.bfg.IRequestFactory`` interface was removed.  See the
   bullet above for why.

- Routes "context factories" (spelled as the factory argument to a
   route statement in ZCML) must now expect the WSGI environ as a
   single argument rather than a set of keyword arguments.  They can
   obtain the match dictionary by asking for
   environ['bfg.routes.matchdict'].  This is the same set of keywords
   that used to be passed to urldispatch "context factories" in BFG 0.9
   and below.

- Using the `...@zope.component.adapter`` decorator on a bfg view
   function no longer works.  Use the `...@repoze.bfg.view.bfg_view``
   decorator instead to mark a function (or a class) as a view.

- The name under which the matching route object is found in the
   environ was changed from ``bfg.route`` to ``bfg.routes.route``.

- Finding the root is now done *before* manufacturing a request object
   (and sending a new request event) within the router (it used to be
   performed afterwards).

- Adding ``*path_info`` to a route no longer changes the PATH_INFO for
   a request that matches using URL dispatch.  This feature was only
   there to service the ``repoze.bfg.wsgi.wsgiapp2`` decorator and it
   did it wrong; use ``*subpath`` instead now.

- The values of ``subpath``, ``traversed``, and ``virtual_root_path``
   attached to the request object are always now tuples instead of
   lists (performance).

Bug Fixes

- The ``bfg_alchemy`` Paster template named "" in its
   pipeline rather than "repoze.tm2", causing the startup to fail.

- Move BBB logic for registering an
   IAuthenticationPolicy/IForbiddenView/INotFoundView based on older
   concepts from the router module's ``make_app`` function into the
   ``repoze.bfg.zcml.zcml_configure`` callable, to service
   compatibility with scripts that use "zope.configuration.xmlconfig"
   (replace with ``repoze.bfg.zml.zcml_configure`` as necessary to get
   BBB logic)


- Add interface docs related to how to create authentication policies
   and authorization policies to the "Security" narrative chapter.

- Added a (fairly sad) "Combining Traversal and URL Dispatch" chapter
   to the narrative documentation.  This explains the usage of
   ``*traverse`` and ``*subpath`` in routes URL patters.

- A "router" chapter explaining the request/response lifecycle at a
   high level was added.

- Replaced all mentions and explanations of a routes "context factory"
   with equivalent explanations of a "root factory" (context factories
   have been disused).

- Updated Routes bfgwiki2 tutorial to reflect the fact that context
   factories are now no longer used.

Repoze-dev mailing list

Reply via email to