Awesome docs, Gustavo. I really like the @require decorator for tg. Wonder how easy it would be to create a security policy in bfg that would perform the same way.
Regards, David On Nov 26, 2008, at 2:54 PM, Gustavo Narea wrote: > Hello, everybody. > > I am pleased to announce the first beta release of repoze.what, the > authorization framework for WSGI applications. For more > information, you may > visit the repoze.what website: > http://static.repoze.org/whatdocs/ > > Changes: > ======== > > * Removed dependencies on TurboGears and Pylons. > * Introduced a framework-independent function > (repoze.what.authorize.check_authorization) to check authorization > based on a predicate and the WSGI environment, along with the > repoze.what.authorize.NotAuthorizedError exception. > * Now repoze.what is 100% documented. > * Moved the predicates from repoze.what.authorize to > repoze.what.predicates. Nevertheless, they are imported in the > former > to avoid breaking TurboGears 2 applications created when > tg.ext.repoze.who or tgext.authorization existed. > * Added the Not predicate. > * Now you can override the error message of the built-in predicates > or set > your own message at instantiation time by passing the ``msg`` keywork > argument to the predicate. Example:: > > from repoze.what.predicates import is_user > > my_predicate = is_user('carla', msg="Only Carla may come here") > > As a result, if your custom predicate defines the constructor method > (``__init__``), then you're highly encouraged to call its parent > with the > ``msg`` keyword argument. Example:: > > from repoze.what.predicates import Predicate > > class MyCoolPredicate(Predicate): > def __init__(self, **kwargs): > super(MyCoolPredicate, self).__init__(**kwargs) > > * Moved the SQL plugin (repoze.what.plugins.sql) into a separate > package. Also moved repoze.what.plugins.quickstart into that package > because it's specific to the SQL plugin. > * Log messages are no longer sent to standard output if the > ``WHO_LOG`` > environment variable is defined, but with ``AUTH_LOG``. > * Now repoze.what uses logging internally to ease debugging. > > > Backwards-incompatible changes > ------------------------------ > > * If you have custom predicates, you should update the > ``eval_with_object`` > method, which has been renamed to ``_eval_with_environ`` and only > receives > one argument (the WSGI environment). This is, if your method's > signature > looks like this:: > > eval_with_object(obj, errors) > > Now it should look like this:: > > _eval_with_environ(environ) > > Note that ``errors`` are no longer passed. > > On the other hand, the ``error_message`` attribute of predicates > has been > renamed to ``message`` because they are not only used to display > errors > (see repoze.what.predicates). > * The repoze.what.authorize.require decorator has been removed because > it's specific to TurboGears. TurboGears 2 applications will find > it at > tg.require. > > Because this is the first beta release, there should not be more > backwards > incompatible changes in the coming 1.X releases. > > Cheers. > -- > Gustavo Narea <http://gustavonarea.net/>. > > Get rid of unethical constraints! Get freedomware: > http://www.getgnulinux.org/ > > _______________________________________________ > Repoze-dev mailing list > Repoze-dev@lists.repoze.org > http://lists.repoze.org/listinfo/repoze-dev _______________________________________________ Repoze-dev mailing list Repoze-dev@lists.repoze.org http://lists.repoze.org/listinfo/repoze-dev
