Hello, David.
On Saturday November 29, 2008 19:49:09 David Pratt wrote:
Awesome docs, Gustavo.
Thanks! :)
I really like the @require decorator for tg.
Wonder how easy it would be to create a security policy in bfg that
would perform the same way.
I have no idea, to be honest -- I have not used repoze.bfg yet. Perhaps
somebody else on this list will point you in the right direction.
Cheers!
- Gustavo.
Regards,
David
On Nov 26, 2008, at 2:54 PM, Gustavo Narea wrote:
Hello, everybody.
I am pleased to announce the first beta release of repoze.what, the
authorization framework for WSGI applications. For more
information, you may
visit the repoze.what website:
http://static.repoze.org/whatdocs/
Changes:
* Removed dependencies on TurboGears and Pylons.
* Introduced a framework-independent function
(repoze.what.authorize.check_authorization) to check authorization
based on a predicate and the WSGI environment, along with the
repoze.what.authorize.NotAuthorizedError exception.
* Now repoze.what is 100% documented.
* Moved the predicates from repoze.what.authorize to
repoze.what.predicates. Nevertheless, they are imported in the
former
to avoid breaking TurboGears 2 applications created when
tg.ext.repoze.who or tgext.authorization existed.
* Added the Not predicate.
* Now you can override the error message of the built-in predicates
or set
your own message at instantiation time by passing the ``msg`` keywork
argument to the predicate. Example::
from repoze.what.predicates import is_user
my_predicate = is_user('carla', msg=Only Carla may come here)
As a result, if your custom predicate defines the constructor method
(``__init__``), then you're highly encouraged to call its parent
with the
``msg`` keyword argument. Example::
from repoze.what.predicates import Predicate
class MyCoolPredicate(Predicate):
def __init__(self, **kwargs):
super(MyCoolPredicate, self).__init__(**kwargs)
* Moved the SQL plugin (repoze.what.plugins.sql) into a separate
package. Also moved repoze.what.plugins.quickstart into that package
because it's specific to the SQL plugin.
* Log messages are no longer sent to standard output if the
``WHO_LOG``
environment variable is defined, but with ``AUTH_LOG``.
* Now repoze.what uses logging internally to ease debugging.
Backwards-incompatible changes
--
* If you have custom predicates, you should update the
``eval_with_object``
method, which has been renamed to ``_eval_with_environ`` and only
receives
one argument (the WSGI environment). This is, if your method's
signature
looks like this::
eval_with_object(obj, errors)
Now it should look like this::
_eval_with_environ(environ)
Note that ``errors`` are no longer passed.
On the other hand, the ``error_message`` attribute of predicates
has been
renamed to ``message`` because they are not only used to display
errors
(see repoze.what.predicates).
* The repoze.what.authorize.require decorator has been removed because
it's specific to TurboGears. TurboGears 2 applications will find
it at
tg.require.
Because this is the first beta release, there should not be more
backwards
incompatible changes in the coming 1.X releases.
Cheers.
--
Gustavo Narea http://gustavonarea.net/.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev
--
Gustavo Narea http://gustavonarea.net/.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
___
Repoze-dev mailing list
Repoze-dev@lists.repoze.org
http://lists.repoze.org/listinfo/repoze-dev