wiki:2.0/changelog
Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Version 37 (modified by mramm, 6 years ago) (diff)

--

Change Log

2.0b1 (unreleased):

Features

  • It's now possible to set all the parameters used by the repoze.who PluggableAuthenticationMiddleware through {yourapplication}.config.app_cfg.

Fixes

  • Failing tests in tg2 trunk (#2059).
  • Can't use @require decorator and require property in the same controller (#2063).

Backwards Incompatible Changes

  • tg.url no longer supports passing in a list of strings (these must be manually concatenated for now)
  • tg.url no longer supports passing in a params dict (but you can use keyword arguments)

Known Issues

  • apps using authentication outside the root of the URL hierarchy will redirect to the absolute root rather than the app root.

Contributors (in alphabetic order)

Florent Aide, Gustavo Narea, Mark Ramm, Jonathan Schemoul, Jorge Vargas

Upgrading from 1.9.7b2

  • Because of #2063, if you are using the controller-wide authorization functionality, you have to rename the "require" attribute to "alow_only". For example:
        class SomeSecureController(BaseController):
            allow_only = predicates.has_permission('onePermission')
    
            @expose('my_package.template.index')
            def index(self):
                # do something here
    
            @expose('my_package.template.add')
            @authorize.require(predicates.has_permission('specialPerm'))
            def do_things(self, **kw):
                # do other things here
    

If you are using tg.cycle, tg.selector, tg.ipeek, or tg.checker in your templates, you'll have to add that functionality to your lib.helpers module and import it from there. There is some talk about asking for some of these things to be added to webhelpers, so if you use them you may want to chime in in support of that on the mailing list.

1.9.7b2 (October 29th, 2008):

Features

  •  repoze.what replaces tgext.authorization. TurboGears 1.9.7b2 requires  repoze.what-1.0b1.
  • Authorization errors are now flashed.
  • Any TG2 controller may take advantage of the ability to set controller-wide authorization using the require attribute. Therefore you are highly encouraged to remove the SecureController class defined in {yourapplication}/lib/base.py.

Fixes

  • Custom authentication settings defined in {yourapplication}.config.app_cfg were ignored (this is, custom repoze.who identifiers, authenticators, challengers and MD providers).

Contributors (in alphabetic order)

Gustavo Narea, Mark Ramm

Upgrading from 1.9.7b1

  • Replace all the tgext.authorization occurrences with repoze.what (it's safe to do a bulk find & replace).
  • The @require decorator is now part of TG itself, not of repoze.what. Now you should import it from the tg module.
  • There are some  backwards incompatible changes from tgext.authorization-0.9a1 (used in the previous TG beta) and repoze.what-1.0b1.

Known Issues

  • Toscawidgets does not render js_callbacks properly because of breakage from the simplejson.

1.9.7b1 (October 29th, 2008):

Features

  • tgext.authorization replaces tg.ext.repoze.who; the later becomes deprecated. tgext.authorization only deals with authorization, and supports multiple sources to store your groups and permissions (not only databases), granting permissions to anonymous users, among other things.

Fixes

  • Tests failed on quickstarted applications without identity (#1977).
  • When running the websetup from the test suite, it used the development database instead of the in memory one (#1978).
  • SimpleJson? 2.0.4 now the minimum version.

Contributors (in alphabetic order)

Gustavo Narea, Mark Ramm

Upgrading from 1.9.7a4

  • If using DBTest, it's no longer mandatory to define the test database, as long as you define sqlalchemy.url in your test.ini file. So a DBTest subclass may look like this:
    class TestModel(DBTest):
        """The base class for testing models in you TG project."""
        model = model
    
    In fact, this is how that class looks like as of v1.9.7b1.
  • If you were using tg.ext.repoze.who, you should migrate to tgext.authorization:
    1. Replace tg.ext.repoze.who by tgext.authorization in your controllers (tgext.authorization provides the same authorize module).
    2. In {yourpackage}.config.app_cfg, the following settings are no longer necessary (and thus ignored):
      • base_config.sa_auth.user_id_column
      • base_config.sa_auth.password_encryption_method (it now relies on the verify_password method of your User model)
      • base_config.sa_auth.users_table
      • base_config.sa_auth.groups_table
      • base_config.sa_auth.permissions_table
    3. Now, remove the following line:
      base_config.sa_auth = Bunch()
      
    4. Finally, if you're using a non-default value for base_config.sa_auth.user_criterion, this following setting should be set in a different way:
Setting description Before Beta 1 As of Beta 1 Sample definition as of Beta 1
Change the name of the column that contains the user name base_config.sa_auth.user_criterion base_config.sa_auth.translations.user_name base_config.sa_auth.translations.user_name = 'person_name'

Known Issues

  • Toscawidgets does not render js_callbacks properly because of breakage from the simplejson.

1.9.7a4:

Features

  • New highly customizable replacement for Buffet renderers.
    • These are not on by default, you must add base_config.use_legacy_renderer = False to your app_cfg.py file to use them.
    • When using the new renderers, you have to switch genshi from dotted lookup to using paths+filenames.
  • TG2 now supports automatic transactions, so you no longer have to explicitly commit transactions
    • Transaction middleware supports cross-database transactions
    • Transactions are not begun until the SQLAlchemy session becomes dirty, so no transaction overhead is wasted on requests that don't ever write to the database
  • The SQLAlchemy metadata is no longer automatically bound in the config setup, so we can more easily support multiple database engines (eg., for master-slave replication).
  • added start_response to the context, so we're easily able to use it to use WSGI applications anywhere
  • added a use_wsgi_app() function that makes it very, very easy to mount a wsgi app in your tg2 controller, or use a TG2 controller as middleware.
  • Improved support and documentation for returning a WebOb? response object, so tg2 controllers can take over all aspects of defining the responce whenever that's needed.
  • Simply set base_config.serve_static to False to stop your TG2 app from serving up static content, no manual editing of the middleware setup required.
  • request, repsonse, etc all available from tg as well as pylons now
  • default template namspace now has request, response, and tg variables automatically injected into it.
  • quickstart now imports from tg wherever possible so there's less what's in tg what's in pylons
  • a custom content type can now be set dynamically within a controller method by setting the content type in @expose to tg.controllers.CUSTOM_CONTENT_TYPE and using pylons.response.headersContent-Type?
  • The declarative plugin of SQLAlchemy is now used in the default template, instead of the traditional method.
  • TG1's DBTest has been ported to TG2.

Fixes

  • You were not able to use non-standard class names for User, Group, and Permissions in tg.ext.repoze.who
  • Configuring an alternate location for controllers did not work with PylonsApp? (now we have TGApp, an it will work)>
  • the Content-Type header will not have charset=utf8 appended to it when it is not required

Contributors (in alphabetic order)

  • Gustavo Narea, Mark Ramm, Matthew Sherborne, Alberto Valverde

Upgrading from 1.9.7a3

  • The name of the tg.config module has been changed to tg.configuration. You must change your config/app_cfg.py file accordingly:
    -from tg.config import AppConfig, Bunch
    +from tg.configuration import AppConfig, Bunch
    
  • You must define the user_class, group_class, and permission_class in app_config.py when using the authorizaiton plugin.
    -base_config.sa_auth.user = model.User
    +base_config.sa_auth.user_class = model.User
     base_config.sa_auth.user_criterion = model.User.user_name
     base_config.sa_auth.user_id_column = 'user_id'
    +base_config.sa_auth.group_class = model.Group
    +base_config.sa_auth.permission_class = model.Permission
    
  • TG2 no longer binds the database engine to the DBSession or metadata so you can decide how you want to handle this (perhaps to re-bind the session dynamically to a different engine on a per-request basis, etc...).

This is now done in the yourapp.model.init_model callback which is called when your app is loaded and passed a configured engine as a parameter. To upgrade an existing project just add one line to init in you model directory, as shown here.

def init_model(engine):
   DBSession.configure(bind=enigne) # <-- this, add this
  • setup_tg_wsgi_app has been removed from tg.middleware. It's now a method of base_config, so following lines must be removed from config/middleware.py:
-from pylons.wsgiapp import PylonsApp
-from tg.middleware import setup_tg_wsgi_app

Of course if you're starting a new project, all of this is done automatically for you by quickstart.

  • If you turn on new-style renderers, you must now provide the filename (and whatever path information is necessary) in expose, including the .html extension. Furthermore, we're now registering the template directory in the search path directly, so expose can be simpler. The old expose:
    @expose('testproject.templates.index')
    def index(self):
        return dict(page='index')

Should be replaced by the new expose:

    @expose('index.html')
    def index(self):
        return dict(page='index')

1.9.7a3 (July, 29, 2008):

Features

  • TurboGears 2 now defaults to making multiple request parameters into a list that's passed to the controller (emulating the tg1 behavior).
  • The base_config object now has a number of methods for those who need very fine grained control of how the middleware and environment are setup.
  • tg2 now uses sphinx extensions to import code samples from svn, as well as to test the example code.
  • new support of calling wsgi_apps from a TG2 controller method (see the use_wsgi_app function)
  • added tg_vars to template namespace to more closely match tg1
  • Lots and lots of new docs covering:
    • Updated TW docs
    • Updated config docs
    • Updated PyAMF integration docs
    • Updated install and offline install docs

Fixes

  • Identity.py updated by splee to act more like tg1
  • Identity.py pep 8 compliance
  • Fix for #1885 development.ini now runs only on localhost to avoid security issues related to the debugging interface being turned on.
  • Added missing package requirement while using setup.py develop
  • updated Paste dependencies, in order to work around an import appconfig issue mentioned on the mailing list
  • updated the default quickstart project to look a bit nicer (thanks to Lukasz Szybalski)

Contributors (in alphabetic order)

Florent Aide, Bruno J. M. Melo, Lee McFadden?, Christopher Perkins, Mark Ramm, Sanjiv Singh, and Lukasz Szybalski.

Upgrading from 1.9.7a2

  • The changes to the base_config object make it necessary to change config/environment.py and config/middleware.py. Without these changes your app will raise deprecation warnings.
  • in config/environment.py:
-load_environment = make_load_environment(base_config)
+load_environment = base_config.make_load_environment()
  • in config/middleware.py:
+-make_base_app = setup_tg_wsgi_app(load_environment, base_config)
+make_base_app = base_config.setup_tg_wsgi_app(load_environment)
  • You can also delete the from tg.environment import make_load_environment statements from both config/app.py and config/environment.py