Pyramid

==================

Features
--------

- Added a ``clone`` method and a ``__contains__`` method to the DummyModel
testing object.

- Allow DummyModel objects to receive extra keyword arguments, which will
be attached as attributes.

- The DummyTemplateRenderer now returns ``self`` as its implementation.

==================

Features
--------

- Added a ``repoze.bfg.testing`` module to attempt to make it slightly
easier to write unittest-based automated tests of BFG applications.
Information about this module is in the documentation.

- The default template renderer now supports testing better by looking for
``ITestingTemplateRenderer`` using a relative pathname. This is exposed
indirectly through the API named ``registerTemplateRenderer`` in
``repoze.bfg.testing``.

Deprecations
------------

- The names ``repoze.bfg.interfaces.ITemplate`` ,
``repoze.bfg.interfaces.ITemplateFactory`` and
``repoze.bfg.interfaces.INodeTemplate`` have been deprecated. These
should now be imported as ``repoze.bfg.interfaces.ITemplateRenderer`` and
``repoze.bfg.interfaces.ITemplateRendererFactory``, and
``INodeTemplateRenderer`` respectively.

- The name ``repoze.bfg.chameleon_zpt.ZPTTemplateFactory`` is deprecated.
Use ``repoze.bfg.chameleon_zpt.ZPTTemplateRenderer``.

- The name ``repoze.bfg.chameleon_genshi.GenshiTemplateFactory`` is
deprecated. Use ``repoze.bfg.chameleon_genshi.GenshiTemplateRenderer``.

- The name ``repoze.bfg.xslt.XSLTemplateFactory`` is deprecated. Use
``repoze.bfg.xslt.XSLTemplateRenderer``.

==================

Bug Fixes
---------

- Not passing the result of "get_options" as the second argument of
make_app could cause attribute errors when attempting to look up settings
against the ISettings object (internal). Fixed by giving the Settings
objects defaults for ``debug_authorization`` and ``debug_notfound``.

- Return an instance of ``Allowed`` (rather than ``True``) from
``has_permission`` when no security policy is in use.

- Fix bug where default deny in authorization check would throw a TypeError
(use ``ACLDenied`` instead of ``Denied``).

==================

Features
--------

- Expose a single ILogger named "repoze.bfg.debug" as a utility; this
logger is registered unconditionally and is used by the authorization
debug machinery. Applications may also make use of it as necessary
rather than inventing their own logger, for convenience.

- The ``BFG_DEBUG_AUTHORIZATION`` envvar and the ``debug_authorization``
config file value now only imply debugging of view-invoked security
checks. Previously, information was printed for every call to
``has_permission`` as well, which made output confusing. To debug
``has_permission`` checks and other manual permission checks, use the
debugger and print statements in your own code.

- Authorization debugging info is now only present in the HTTP response
body oif ``debug_authorization`` is true.

- The format of authorization debug messages was improved.

- A new ``BFG_DEBUG_NOTFOUND`` envvar was added and a symmetric
``debug_notfound`` config file value was added. When either is true, and
a NotFound response is returned by the BFG router (because a view could
not be found), debugging information is printed to stderr. When this
value is set true, the body of HTTPNotFound responses will also contain
the same debugging information.

- ``Allowed`` and ``Denied`` responses from the security machinery are now
specialized into two types: ACL types, and non-ACL types. The
ACL-related responses are instances of ``repoze.bfg.security.ACLAllowed``
and ``repoze.bfg.security.ACLDenied``. The non-ACL-related responses are
``repoze.bfg.security.Allowed`` and ``repoze.bfg.security.Denied``. The
allowed-type responses continue to evaluate equal to things that
themselves evaluate equal to the ``True`` boolean, while the denied-type
responses continue to evaluate equal to things that themselves evaluate
equal to the ``False`` boolean. The only difference between the two
types is the information attached to them for debugging purposes.

- Added a new ``BFG_DEBUG_ALL`` envvar and a symmetric ``debug_all`` config
file value. When either is true, all other debug-related flags are set
true unconditionally (e.g. ``debug_notfound`` and
``debug_authorization``).

Documentation
-------------

- Added info about debug flag changes.

- Added a section to the security chapter named "Debugging Imperative
Authorization Failures" (for e.g. ``has_permssion``).

Bug Fixes
---------

- Change default paster template generator to use ``Pastehttp`` server
rather than ``PasteScriptcherrpy`` server. The cherrypy server has a
security risk in it when ``REMOTE_USER`` is trusted by the downstream
application.

==================

Bug Fixes
---------

- If the ``render_view_to_response`` function was called, if the view was
found and called, but it returned something that did not implement
IResponse, the error would pass by unflagged. This was noticed when I
created a view function that essentially returned None, but received a
NotFound error rather than a ValueError when the view was rendered. This
was fixed.

==================

Docs
----

- An "Environment and Configuration" chapter was added to the narrative
portion of the documentation.

Features
--------

- Ensure bfg doesn't generate warnings when running under Python
2.6.

- The environment variable ``BFG_RELOAD_TEMPLATES`` is now available
(serves the same purpose as ``reload_templates`` in the config file).

- A new configuration file option ``debug_authorization`` was added.
This turns on printing of security authorization debug statements
to ``sys.stderr``. The ``BFG_DEBUG_AUTHORIZATION`` environment
variable was also added; this performs the same duty.

Bug Fixes
---------

- The environment variable ``BFG_SECURITY_DEBUG`` did not always work.
It has been renamed to ``BFG_DEBUG_AUTHORIZATION`` and fixed.

Deprecations
------------

- A deprecation warning is now issued when old API names from the
``repoze.bfg.templates`` module are imported.

Backwards incompatibilities
---------------------------

- The ``BFG_SECURITY_DEBUG`` environment variable was renamed to
``BFG_DEBUG_AUTHORIZATION``.