Hello, everybody. I am pleased to announce the first beta release of repoze.what, the authorization framework for WSGI applications which is well integrated into TurboGears 2.
This is the replacement for tg.ext.repoze.who and tgext.authorization as of
TurboGears 1.9.7b2 (in the SVN trunk at present). To use it you have to update
your version of TurboGears to the latest trunk or wait for the beta that is
going to be released very soon.
Changes:
========
* Removed dependencies on TurboGears and Pylons.
* Introduced a framework-independent function
(repoze.what.authorize.check_authorization) to check authorization
based on a predicate and the WSGI environment, along with the
repoze.what.authorize.NotAuthorizedError exception.
* Now repoze.what is 100% documented.
* Moved the predicates from repoze.what.authorize to
repoze.what.predicates. Nevertheless, they are imported in the former
to avoid breaking TurboGears 2 applications created when
tg.ext.repoze.who or tgext.authorization existed.
* Added the Not predicate.
* Now you can override the error message of the built-in predicates or set
your own message at instantiation time by passing the ``msg`` keywork
argument to the predicate. Example::
from repoze.what.predicates import is_user
my_predicate = is_user('carla', msg="Only Carla may come here")
As a result, if your custom predicate defines the constructor method
(``__init__``), then you're highly encouraged to call its parent with the
``msg`` keyword argument. Example::
from repoze.what.predicates import Predicate
class MyCoolPredicate(Predicate):
def __init__(self, **kwargs):
super(MyCoolPredicate, self).__init__(**kwargs)
* Moved the SQL plugin (repoze.what.plugins.sql) into a separate
package. Also moved repoze.what.plugins.quickstart into that package
because it's specific to the SQL plugin.
* Log messages are no longer sent to standard output if the ``WHO_LOG``
environment variable is defined, but with ``AUTH_LOG``.
* Now repoze.what uses logging internally to ease debugging.
Backwards-incompatible changes
------------------------------
* If you have custom predicates, you should update the ``eval_with_object``
method, which has been renamed to ``_eval_with_environ`` and only receives
one argument (the WSGI environment). This is, if your method's signature
looks like this::
eval_with_object(obj, errors)
Now it should look like this::
_eval_with_environ(environ)
Note that ``errors`` are no longer passed.
On the other hand, the ``error_message`` attribute of predicates has been
renamed to ``message`` because they are not only used to display errors
(see repoze.what.predicates).
* The repoze.what.authorize.require decorator has been removed because
it's specific to TurboGears. TurboGears 2 applications will find it at
tg.require.
Because this is the first beta release, there should not be more backwards
incompatible changes in the coming 1.X releases.
For more information, you may visit the repoze.what website:
http://static.repoze.org/whatdocs/
Cheers.
--
Gustavo Narea <http://gustavonarea.net/>.
Get rid of unethical constraints! Get freedomware:
http://www.getgnulinux.org/
signature.asc
Description: This is a digitally signed message part.
