Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Changes between Version 80 and Version 81 of 2.0/changelog


Ignore:
Timestamp:
10/03/09 09:49:14 (10 years ago)
Author:
Chris Arndt
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • 2.0/changelog

    v80 v81  
    1 = Change Log = 
    2  
    3 == 2.1a1: (**October 2, 2009**) == 
    4  
    5   * Refactor of Dispatch Code. 
    6   * TurboJson Requirement dropped. 
    7   * ToscaWidgets2 support added. 
    8  
    9 == 2.0.1: (**June 21, 2009**) == 
    10  
    11 === Features === 
    12  
    13  * ToscaWidgets made optional 
    14  * @expose(content_type="foo/var") now works #2280 thanks ondrejj (Docs are still outdated) 
    15  
    16 === Fixes === 
    17  
    18  * SECURITY FIX: RestController and CrudRestController where not respecting allow_only. r6584 and r6587 (jorge.vargas,mramm) 
    19  * Fixed WSGI compatibility bug #2294 from Alex Morega at pycon sprints. 
    20  * Fixed Jinja2 renderer (#2310) thanks mbailey! 
    21  * Small test suite incompatibility on windows #2301 (chrisz) 
    22  * Fixed the very annoying login messages from i8n r6586 (everyone reported this :p)  
    23  
    24 === Backwards Incompatible Changes === 
    25   
    26  * Reverted fix for #2241 the workaround should be at tgext.wsgiapps's HGController. If you add needed this fix you will need to fix it on your side. 
    27  
    28 === Known Issues === 
    29   
    30  * None 
    31  
    32 == 2.0rc1: (**March 3, 2009**) == 
    33  
    34 === Features === 
    35  
    36  * None 
    37  
    38 === Fixes === 
    39  
    40  * The authorization failure reason was being hardcoded when the Controller.allow_only attribute was used and the user was anonymous ([6520]) 
    41  * Fixes to the special __before__ and  __after__ methods that are called before and after a controller's request is completed.  
    42    
    43  
    44 === Backwards Incompatible Changes === 
    45   
    46  * None. 
    47  
    48 === Known Issues === 
    49   
    50  * None 
    51  
    52 == 2.0b7: (**March 4, 2009**) == 
    53  
    54 === Features === 
    55  
    56  * Now quickstarted applications with auth* enabled have a complete set of tests for protected areas and authentication, using repoze.who-testutil (#2198). 
    57  * Unitesting with SQLAlchemy enable is now possible 
    58  
    59 === Fixes === 
    60  
    61  * .allow_only was broken in the !RootController (#2254) 
    62  * Controller Wide authorization now works as expected in all cases (even when you forget to call super's __init__)   
    63  * Now quickstarted applications are PEP-8 and PEP-257 compliant (#2223) 
    64  * Controller tests in the quickstart were not isolated, and did not have sample data from setup_app 
    65  * !TestModel in quickstarted applications was be moved to {app}.tests.models (#2249). 
    66  * repoze.what implements a workaround for a bug in Python < 2.6 whereby non-ASCII messages couldn't be logged (#2250) 
    67  * Controller tests are now isolated (#2244) 
    68    
    69  
    70 === Backwards Incompatible Changes === 
    71   
    72  * None. 
    73  
    74 === Known Issues === 
    75   
    76  * being rejected from the Catwalk admin controllers caused you to loose your current login credentials. (#2262) 
    77  
    78 == 2.0b6: (**Febuary 25, 2009**) == 
    79  
    80 Beta 6 moves some dependencies into the Quickstarted project, so users who don't need them can edit them out.   However, this means that you must {{{python setup.py develop}}}  your quickstarted app.  
    81  
    82 === Features === 
    83  
    84  * New default ModelTest class for unitesting #2200, quickstarted project uses it documentation pending but it's super easy to use :)  
    85  * Installing TurboGears now requires less dependencies thanks to #2176 
    86  * TurboGears is now pip compatible but still not the default #2169 
    87  * The repoze.what integration is now provided by the new [http://code.gustavonarea.net/repoze.what-pylons/ repoze.what-pylons] package. 
    88  * the webhelpers defined in lib/helpers are now only added to the template as helpers not as h.   Previously Mako's h was not available because we were overriding it.  This change was also sponsored by the campaign against one letter variables ;)  
    89  * For Python 2.6 users, introduced the class decorator @allow_only to set controller-wide authorization. It's an alternative to ''Controller.allow_only''. 
    90  * Now repoze.what predicates can be evaluated without passing the environ, as in: 
    91 {{{ 
    92 >>> from repoze.what.predicates import not_anonymous 
    93 >>> p = non_anonymous() 
    94 >>> bool(p) # Will return False if the user is anonymous; True otherwise 
    95 False 
    96 }}} 
    97  Also, now they're available as part of the TG-specific variables in the templates. (#2205). 
    98  
    99 === Fixes === 
    100  
    101  * ''@tg.require'' set the status code to 401 when authorization was denied, regardless of whether the user was anonymous or not. From now on, a 403 status is used when the user was authenticated. 
    102  * repoze.what predicate messages in the quickstart are translated lazily (#2179; #2180). 
    103  * QUickstarted projects without Authorization were not starting due to a paster template error.  
    104  
    105 === Backwards Incompatible Changes === 
    106   
    107  * Due to #2176 it is now required to run (python setup.py develop / pip install -e .) on a new quickstarted project to get the dependencies only used there. 
    108  * If you relied on the ''Controller._check_security()'' method, then you have to call it from ''Controller.!__before!__()'' because it's not called anymore by TG. 
    109  * if you used tg.testutils it's now gone r6323 (noone really used it)  
    110  
    111  
    112 === Known Issues === 
    113   
    114  * While installing tg.devtools, you'll get an error about "repoze.who" not being found. A workaround is to try to run the command, again. 
    115  * SQLAlchemy is not properly set up in test environments (#2243). 
    116  * The ''!__before!__()'' method of the controllers is not called. 
    117  
    118 == 2.0b5: (**Febuary 4, 2009**) == 
    119  
    120 === Features === 
    121  
    122  * Implemented post-login and post-logout pages in quickstarted applications thanks to the latest version of ''repoze.what-quickstart''. 
    123  * you can now manually set the content type in the controller and return a string, generator or webob response object without @expose messing with the response at all.  
    124  * by popular demand the tg.url function now supports getting a list of strings (like tg1)  
    125  
    126 === Fixes === 
    127  
    128  * Authorization denial messages issued using TG's flash mechanism were using an invalid status and thus were not inside the typical color box. 
    129  * Two production config files were included in quickstart 
    130  * Pylons style __before__ was not supported.  
    131  * error pages were not styled properly 
    132  * repoze.who now respects SCRIPT_PATH so logout_handler will go to the right place in apps not mounted at the root of the url tree.  
    133  * SQLite install requirement added for python 2.4 users 
    134  * Several files were not included in the egg bundle for TG2 projects that were eggified.  
    135  * catwalk scrolling issue fixed 
    136  
    137 === Backwards Incompatible Changes === 
    138  
    139  * None 
    140  
    141 === Known Issues === 
    142   
    143 * None 
    144  
    145 == 2.0b4: (January 24th, 2009) == 
    146  
    147 Beta 4 is mostly a bugfix release, with no new features as we are approaching the 2.0 final release we need to squash out all the remaining known bugs and start working on release candidates.    B4 is a recomended upgrade for all TG2 users who are using our authentication system because a threadsafety issue in repoze.what could cause authenentication denied messages to get sent to the wrong user if two users were denied access at "the same" time.  
    148  
    149 Other key fixes, allow flash messages to cross authentication boundries, and updates to the admin so that it handles some relationships better, and to the mimetypes stuff so that .json works on all platforms.  
    150  
    151 Beta 5 should be released next week with many more fixes.  
    152  
    153 === Features === 
    154  
    155  * None 
    156  
    157 === Fixes === 
    158  
    159  * Synchronized to repoze.what 1.0.1, which fixes an important bug that may affect production websites. 
    160  * Updated repoze.who so that it passes cookies along when doing a redirect for authorization  -- this allows us to send flash messages across login requests.  
    161  * Updated sprox to fix an issue with some relationships 
    162  * Updated tgext.admin and catwalk to go with the new sprox release and fix some minor issues.  
    163  * Fixed problem where content type negotiation was not working on some platforms that don't include mimetypes for .json out of the box 
    164  * The traceback poster feature of the interactive debugger was not returning all the libraries in use, this is now fixed.  
    165  
    166 === Backwards Incompatible Changes === 
    167  
    168  * None 
    169  
    170 === Known Issues === 
    171   
    172  * Error page is not styled properly.  
    173  * catwalk opening page does not show a scrollbar -- even if one is needed 
    174  
    175  More minor issues that are known in b4 and expected to be fixed in b5 can be found here:  
    176  
    177 http://trac.turbogears.org/query?milestone=2.0b5 
    178  
    179 === Contributors (in alphabetic order) === 
    180  
    181  Gustavo Narea, Mark Ramm, Jorge Vargas, Christoper Perkins, Alberto Valverde. 
    182  
    183 == 2.0b3: (January 20th, 2009) == 
    184  
    185 === Features === 
    186  
    187  * HTTP Verb aware dispatch mechanisms for support of more REST based interfaces.  
    188  * you can now indicate a content type request using file extensions (index.html or index.json)  
    189  * Full unicode support in the url and redirect functions  
    190  * WSGIAppController and a new tgext.wsgiapps project to make mounting wsgi apps in TG2 even easier. 
    191  * Flash messages now use a plain cookie as a transport mechanism so they can be accessed and displayed with JS code which can make cacheing easier. 
    192  
    193 === Fixes === 
    194  
    195  * Use a routes that supports unicode params, rather than doing our own escaping 
    196  * Some not authorized exceptions were not being caught by repoze.who because of the order in which the core middleware was added to the TG application (#2152). 
    197  
    198 === Backwards Incompatible Changes === 
    199  
    200  * The "status_" prefix has been removed from the status codes of the flash messages so pre 2.0b3 quickstarted apps must be updated accordingly. TG now provides a helper to display them in the template, read this [http://groups.google.com/group/turbogears-trunk/msg/fcf0784c074f5dfc post] for more details.  
    201  
    202 === Known Issues === 
    203   
    204  * none 
    205  
    206 === Contributors (in alphabetic order) === 
    207  
    208  Gustavo Narea, Chris Perkins, Mark Ramm, Alberto Valverde, Jorge Vargas. 
    209  
    210  
    211 == 2.0b2:  January 7, 2008) == 
    212  
    213 === Features === 
    214  * Debugger page now allows searching the turbogears mailing list 
    215  * Debugger page now posts TG dependencies when you post a traceback to the web 
    216  * app_cfg now allows you to regester call_on_startup and call_on_shutdown functions  
    217  * tg.url now wraps pylons.url to properly encode unicode strings to URL strings (as per the iri to url RFC) 
    218  * "error pages" now looked up and displayed by normal TurboGears controllers 
    219  
    220 === Fixes === 
    221  
    222  * tg.url fixed so escaping of redirect params is no longer required.  
    223   
    224 === Contributors (in alphabetic order) === 
    225  
    226 Mark Ramm 
    227  
    228  
    229  
    230 == 2.0b1: (December 29th, 2008) == 
    231  
    232 === Features === 
    233  * It's now possible to set all the parameters used by the repoze.who !PluggableAuthenticationMiddleware through '''{yourapplication}.config.app_cfg'''. 
    234  
    235 === Fixes === 
    236  * Failing tests in tg2 trunk (#2059). 
    237  * Can't use @require decorator and require property in the same controller (#2063). 
    238  
    239 === Backwards Incompatible Changes === 
    240  
    241  * tg.url no longer supports passing in a list of strings (these must be manually concatenated for now) 
    242  * tg.url no longer supports passing in a params dict (but you can use keyword arguments) 
    243  
    244 === Known Issues === 
    245   
    246  * apps using authentication outside the root of the URL hierarchy will redirect to the absolute root rather than the app root.  
    247  
    248 === Contributors (in alphabetic order) === 
    249  
    250 Florent Aide, Gustavo Narea, Chris Perkins, Mark Ramm, Jonathan Schemoul, Jorge Vargas 
    251  
    252 === Upgrading from 1.9.7b2 === 
    253  * Because of #2063, if you are using the controller-wide authorization functionality, you have to rename the "require" attribute to "alow_only". For example: 
    254 {{{ 
    255     class SomeSecureController(BaseController): 
    256         allow_only = predicates.has_permission('onePermission') 
    257  
    258         @expose('my_package.template.index') 
    259         def index(self): 
    260             # do something here 
    261  
    262         @expose('my_package.template.add') 
    263         @authorize.require(predicates.has_permission('specialPerm')) 
    264         def do_things(self, **kw): 
    265             # do other things here 
    266 }}} 
    267  
    268 If you are using tg.cycle, tg.selector, tg.ipeek, or tg.checker in your templates, you'll have to add that functionality to your lib.helpers module and import it from there.  There is some talk about asking for some of these things to be added to webhelpers, so if you use them you may want to chime in in support of that on the mailing list.  
    269  
    270    
    271 == 1.9.7b2 (December 2nd, 2008): == 
    272  
    273 === Features === 
    274  * [http://static.repoze.org/whatdocs/ repoze.what] replaces ''tgext.authorization''. TurboGears 1.9.7b2 requires [http://static.repoze.org/whatdocs/News.html#repoze-what-1-0b1-2008-11-26 repoze.what-1.0b1]. 
    275  * Authorization errors are now flashed. 
    276  * Any TG2 controller may take advantage of the ability to set controller-wide authorization using the '''require''' attribute. Therefore you are highly encouraged to remove the !SecureController class defined in '''{yourapplication}/lib/base.py'''. 
    277  
    278 === Fixes === 
    279  * Custom authentication settings defined in '''{yourapplication}.config.app_cfg''' were ignored (this is, custom repoze.who identifiers, authenticators, challengers and MD providers). 
    280  
    281 === Contributors (in alphabetic order) === 
    282 Gustavo Narea, Mark Ramm 
    283  
    284 === Upgrading from 1.9.7b1 === 
    285  * Replace all the ''tgext.authorization'' occurrences with ''repoze.what'' (it's safe to do a bulk find & replace). 
    286  * The '''@require''' decorator is now part of TG itself, not of ''repoze.what''. Now you should import it from the '''tg''' module. 
    287  * There are some [http://static.repoze.org/whatdocs/News.html#backwards-incompatible-changes backwards incompatible changes] from tgext.authorization-0.9a1 (used in the previous TG beta) and repoze.what-1.0b1. 
    288  
    289 === Known Issues === 
    290    * Toscawidgets does not render js_callbacks properly because of breakage from the simplejson. 
    291  
    292 == 1.9.7b1 (October 29th, 2008): == 
    293  
    294 === Features === 
    295  * ''tgext.authorization'' replaces ''tg.ext.repoze.who''; the later becomes deprecated. ''tgext.authorization'' only deals with ''authorization'', and supports multiple sources to store your groups and permissions (not only databases), granting permissions to anonymous users, among other things. 
    296  
    297 === Fixes === 
    298  * Tests failed on quickstarted applications without identity (#1977). 
    299  * When running the ''websetup'' from the test suite, it used the development database instead of the in memory one (#1978). 
    300  * SimpleJson 2.0.4 now the minimum version. 
    301  
    302 === Contributors (in alphabetic order) === 
    303 Gustavo Narea, Mark Ramm 
    304  
    305 === Upgrading from 1.9.7a4 === 
    306  * If using DBTest, it's no longer mandatory to define the test database, as long as you define ''sqlalchemy.url'' in your ''test.ini'' file. So a DBTest subclass may look like this: 
    307 {{{ 
    308 class TestModel(DBTest): 
    309     """The base class for testing models in you TG project.""" 
    310     model = model 
    311 }}} 
    312  In fact, this is how that class looks like as of v1.9.7b1. 
    313  * If you were using '''tg.ext.repoze.who''', you should migrate to '''tgext.authorization''': 
    314    1. Replace '''tg.ext.repoze.who''' by '''tgext.authorization''' in your controllers (tgext.authorization provides the same ''authorize'' module). 
    315    1. In ''{yourpackage}.config.app_cfg'', the following settings are no longer necessary (and thus ignored): 
    316     * base_config.sa_auth.user_id_column 
    317     * base_config.sa_auth.password_encryption_method (it now relies on the ''verify_password'' method of your ''User'' model) 
    318     * base_config.sa_auth.users_table 
    319     * base_config.sa_auth.groups_table 
    320     * base_config.sa_auth.permissions_table 
    321    1. Now, remove the following line: 
    322 {{{ 
    323 base_config.sa_auth = Bunch() 
    324 }}} 
    325    1. Finally, if you're using a non-default value for '''base_config.sa_auth.user_criterion''', this following setting should be set in a different way: 
    326  
    327    || '''Setting description''' || '''Before Beta 1''' || '''As of Beta 1''' || '''Sample definition as of Beta 1''' || 
    328    || Change the name of the column that contains the user name || base_config.sa_auth.user_criterion || base_config.sa_auth.translations.user_name || base_config.sa_auth.translations.user_name = 'person_name' || 
    329  
    330  
    331  
    332 === Known Issues === 
    333    * Toscawidgets does not render js_callbacks properly because of breakage from the simplejson. 
    334   
    335  
    336 == 1.9.7a4: == 
    337  
    338 === Features === 
    339     * New highly customizable replacement for Buffet renderers.   
    340          * These are not on by default, you must add base_config.use_legacy_renderer = False to your app_cfg.py file to use them.  
    341          * When using the new renderers, you have to switch genshi from dotted lookup to using paths+filenames.  
    342     * TG2 now supports automatic transactions, so you no longer have to explicitly commit transactions 
    343        * Transaction middleware supports cross-database transactions 
    344        * Transactions are not begun until the SQLAlchemy session becomes dirty, so no transaction overhead is wasted on requests that don't ever write to the database 
    345     * The SQLAlchemy metadata is no longer automatically bound in the config setup, so we can more easily support multiple database engines (eg., for master-slave replication).  
    346     * added start_response to the context, so we're easily able to use it to use WSGI applications anywhere 
    347     * added a use_wsgi_app() function that makes it very, very easy to mount a wsgi app in your tg2 controller, or use a TG2 controller as middleware.  
    348     * Improved support and documentation for returning a WebOb response object, so tg2 controllers can take over all aspects of defining the responce whenever that's needed. 
    349     * Simply set base_config.serve_static to False to stop your TG2 app from serving up static content, no manual editing of the middleware setup required.  
    350     * request, repsonse, etc all available from tg as well as pylons now 
    351     * default template namspace now has request, response, and tg variables automatically injected into it.  
    352     * quickstart now imports from tg wherever possible so there's less what's in tg what's in pylons 
    353     * a custom content type can now be set dynamically within a controller method by setting the content type in @expose to tg.controllers.CUSTOM_CONTENT_TYPE and using pylons.response.headers['Content-Type'] 
    354     * The declarative plugin of SQLAlchemy is now used in the default template, instead of the traditional method. 
    355     * TG1's DBTest has been ported to TG2. 
    356  
    357  
    358 === Fixes === 
    359     * You were not able to use non-standard class names for User, Group, and Permissions in tg.ext.repoze.who 
    360     * Configuring an alternate location for controllers did not work with PylonsApp (now we have TGApp, an it will work)>  
    361     * the Content-Type header will not have `charset=utf8` appended to it when it is not required 
    362  
    363 === Contributors (in alphabetic order) === 
    364  
    365 * Gustavo Narea, Mark Ramm, Matthew Sherborne, Alberto Valverde 
    366  
    367 === Upgrading from 1.9.7a3 === 
    368  
    369     * The name of the `tg.config` module has been changed to `tg.configuration`.  You must change your `config/app_cfg.py` file accordingly: 
    370 {{{ 
    371 -from tg.config import AppConfig, Bunch 
    372 +from tg.configuration import AppConfig, Bunch 
    373 }}} 
    374  
    375     * You must define the user_class, group_class, and permission_class in app_config.py when using the authorizaiton plugin.  
    376 {{{ 
    377 -base_config.sa_auth.user = model.User 
    378 +base_config.sa_auth.user_class = model.User 
    379  base_config.sa_auth.user_criterion = model.User.user_name 
    380  base_config.sa_auth.user_id_column = 'user_id' 
    381 +base_config.sa_auth.group_class = model.Group 
    382 +base_config.sa_auth.permission_class = model.Permission 
    383 }}} 
    384  
    385    *  TG2 no longer binds the database engine to the DBSession or metadata so you can decide how you want to handle this (perhaps to re-bind the session dynamically to a different engine on a per-request basis, etc...). 
    386  
    387 This is now done in the yourapp.model.init_model callback which is called when your app is loaded and passed a configured engine as a parameter. To upgrade an existing project just add one line to __init__ in you model directory, as shown here.  
    388  
    389 {{{ 
    390 def init_model(engine): 
    391    DBSession.configure(bind=enigne) # <-- this, add this 
    392 }}} 
    393  
    394   * `setup_tg_wsgi_app` has been removed from `tg.middleware`.  It's now a method of `base_config`, so following lines must be removed from `config/middleware.py`: 
    395  
    396 {{{ 
    397 -from pylons.wsgiapp import PylonsApp 
    398 -from tg.middleware import setup_tg_wsgi_app 
    399 }}} 
    400  
    401  
    402 Of course if you're starting a new project, all of this is done automatically for you by quickstart.  
    403  
    404    *  If you turn on new-style renderers, you must now provide the filename (and whatever path information is necessary) in expose, including the .html extension. Furthermore, we're now registering the template directory in the search path directly, so expose can be simpler. The old expose: 
    405  
    406 {{{ 
    407     @expose('testproject.templates.index') 
    408     def index(self): 
    409         return dict(page='index') 
    410 }}} 
    411  
    412 Should be replaced by the new expose: 
    413  
    414 {{{ 
    415     @expose('index.html') 
    416     def index(self): 
    417         return dict(page='index') 
    418 }}} 
    419  
    420 == 1.9.7a3 (July, 29, 2008): == 
    421  
    422 === Features === 
    423  
    424     * TurboGears 2 now defaults to making multiple request parameters into a list that's passed to the controller (emulating the tg1 behavior). 
    425     * The base_config object now has a number of methods for those who need very fine grained control of how the middleware and environment are setup. 
    426     * tg2 now uses sphinx extensions to import code samples from svn, as well as to test the example code.  
    427     * new support of calling wsgi_apps from a TG2 controller method (see the use_wsgi_app function)  
    428     * added tg_vars to template namespace to more closely match tg1 
    429     * Lots and lots of new docs covering:  
    430        * Updated TW docs 
    431        * Updated config docs 
    432        * Updated PyAMF integration docs 
    433        * Updated install and offline install docs 
    434  
    435 === Fixes === 
    436  
    437     * Identity.py updated by splee to act more like tg1 
    438     * Identity.py pep 8 compliance 
    439     * Fix for #1885 development.ini now runs only on localhost to avoid security issues related to the debugging interface being turned on. 
    440     * Added missing package requirement while using setup.py develop 
    441     * updated Paste dependencies, in order to work around an import appconfig issue mentioned on the mailing list 
    442     * updated the default quickstart project to look a bit nicer (thanks to Lukasz Szybalski) 
    443  
    444 === Contributors (in alphabetic order) === 
    445  
    446 Florent Aide, Bruno J. M. Melo, Lee McFadden, Christopher Perkins, Mark Ramm, Sanjiv Singh, and Lukasz Szybalski. 
    447  
    448 === Upgrading from 1.9.7a2 === 
    449  
    450     * The changes to the `base_config` object make it necessary to change `config/environment.py` and `config/middleware.py`.  Without these changes your app will raise deprecation warnings. 
    451  
    452       * in `config/environment.py`: 
    453  
    454 {{{ 
    455 -load_environment = make_load_environment(base_config) 
    456 +load_environment = base_config.make_load_environment() 
    457 }}} 
    458  
    459       * in `config/middleware.py`: 
    460  
    461 {{{  
    462 +-make_base_app = setup_tg_wsgi_app(load_environment, base_config) 
    463 +make_base_app = base_config.setup_tg_wsgi_app(load_environment) 
    464 }}} 
    465  
    466       * You can also delete the from `tg.environment import make_load_environment` statements from both `config/app.py` and `config/environment.py` 
     1Moved to [wiki:2.0/ChangeLog].