Hello, everybody. I am pleased to announce the first beta release of repoze.what, the authorization framework for WSGI applications. For more information, you may visit the repoze.what website: http://static.repoze.org/whatdocs/
Changes:
========
* Removed dependencies on TurboGears and Pylons.
* Introduced a framework-independent function
(repoze.what.authorize.check_authorization) to check authorization
based on a predicate and the WSGI environment, along with the
repoze.what.authorize.NotAuthorizedError exception.
* Now repoze.what is 100% documented.
* Moved the predicates from repoze.what.authorize to
repoze.what.predicates. Nevertheless, they are imported in the former
to avoid breaking TurboGears 2 applications created when
tg.ext.repoze.who or tgext.authorization existed.
* Added the Not predicate.
* Now you can override the error message of the built-in predicates or set
your own message at instantiation time by passing the ``msg`` keywork
argument to the predicate. Example::
from repoze.what.predicates import is_user
my_predicate = is_user('carla', msg="Only Carla may come here")
As a result, if your custom predicate defines the constructor method
(``__init__``), then you're highly encouraged to call its parent with the
``msg`` keyword argument. Example::
from repoze.what.predicates import Predicate
class MyCoolPredicate(Predicate):
def __init__(self, **kwargs):
super(MyCoolPredicate, self).__init__(**kwargs)
* Moved the SQL plugin (repoze.what.plugins.sql) into a separate
package. Also moved repoze.what.plugins.quickstart into that package
because it's specific to the SQL plugin.
* Log messages are no longer sent to standard output if the ``WHO_LOG``
environment variable is defined, but with ``AUTH_LOG``.
* Now repoze.what uses logging internally to ease debugging.
Backwards-incompatible changes
------------------------------
* If you have custom predicates, you should update the ``eval_with_object``
method, which has been renamed to ``_eval_with_environ`` and only receives
one argument (the WSGI environment). This is, if your method's signature
looks like this::
eval_with_object(obj, errors)
Now it should look like this::
_eval_with_environ(environ)
Note that ``errors`` are no longer passed.
On the other hand, the ``error_message`` attribute of predicates has been
renamed to ``message`` because they are not only used to display errors
(see repoze.what.predicates).
* The repoze.what.authorize.require decorator has been removed because
it's specific to TurboGears. TurboGears 2 applications will find it at
tg.require.
Because this is the first beta release, there should not be more backwards
incompatible changes in the coming 1.X releases.
Cheers.
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
