repoze.bfg 1.3b2 has been released.
It can be installed via:
easy_install -i http://dist.repoze.org/bfg/dev/simple repoze.bfg
Or via PyPI.
The docs at http://docs.repoze.org/bfg/1.3 have been updated.
This is the second beta release of BFG 1.3. It contains one bugfix and
(unfortunately) one minor backwards incompatibility. The changelog
- The ``repoze.bfg.security.view_execution_permitted`` API could
return the wrong boolean result due to a bug in the configurator,
leading to inappropriate view execution by persons without
permission when it was imported and used directly. Thanks to Shane
Hathaway for a bug report and a patch.
- Previously, the sentinel to register a view as explicitly "no
permission required" (most useful when a default permission is in
effect) was to register it explicitly with the value ``None`` as an
argument to the ``permission`` parameter of the
``repoze.bfg.configuration.Configurator.add_view``. Using ``None``
as a sentinel meaning "no permission required" in that location,
however, was incompatible with the expectations of both the ``view``
ZCML directive and the ``bfg_view`` decorator, which both passed
``None`` explicitly to ``add_view``, overriding any default
permission. The symptom was that any "default permission"
configured appeared to not work if either ZCML or the ``bfg_view``
directive was used to register a view (although using ``add_view``
directly did work). The ``None`` value as a sentinel could also not
be spelled using ZCML.
Now, the sentinel meaning "no permission required" is the string
``__no_permission_required__``, which satisfies the expectation of
the ``view`` ZCML directive and the ``bfg_view`` decorator, and,
since it's a string, it can be spelled in both Python and within
Thanks to Wichert Akkerman for the bug report.
Repoze-dev mailing list