Restler

------------------

- Use proper HTTP redirect status code when redirecting after POST or PUT
(303 See Other instead 302 Found). 302 means a resource moved temporarily,
which isn't semantically correct; we really want to say, "go see this other
resource," and this is exactly what the 303 status code is intended for.

IE (8, didn't test other IEs) won't follow a 302 returned from an AJAX
request, so this fixes that. Firefox will follow either a 302 or 303,
although technically following the 302 is incorrect ("...the user agent MUST
NOT automatically redirect the request unless it can be confirmed by the
user...").

XXX: Cross domain issue: When using 302, for some reason the Location
header used the script URL of the requesting application instead of the URL
of the Web service utilizing Restler. Now, using 303, the Location header
uses the URL of the Web service, so if the requesting application and the WS
are not in the same domain space, this will cause a problem as neither IE or
FF will follow the redirect in this case. TODO: At the moment, I'm not sure
what the best solution for this is. Is this something that can be handled in
a generic manner with X-Forwarded-For or something like that?

------------------

- Made changes needed for Pylons 1.0.

------------------

This release contains a backwards-incompatible change to an undocumented
(and somewhat experimental) feature: paths in responses, which was introduced
in 0.4.0 and changed in 0.4.1.

- Reverted the change made in 0.4.1 with regard to paths. Relative paths in
responses are now relative to the host URL instead of the application. This
seems to better reflect how these paths will actually be used--for example,
in an AJAX application, this style is more convenient.

In `response.request`, removed `app_url`; added `full_url`, `host_url`, and
`app_prefix`.

------------------

- Corrected paths returned in JSON responses so that they are relative to
the application URL instead of relative to the server root.

------------------

- Upgraded SQLAlchemy from 0.5.7 to 0.5.8
- Got rid of wanky privileges scheme. Removed decorators module altogether;
removed privileges decorations from Controller class. Rationale: auth is
not really within Restler's scope, and it seems very likely that users
wouldn't want to use this simplistic scheme anyway.
- Created a top-level API by importing a few things into the top-level
__init__.py.
- Use json module from stdlib when available (i.e., Python 2.6+).
- In addition to an object's type, inject its module and URL path into the
corresponding JSON object. Use __double_underscore__ style for these
attributes to indicated that they are "meta". `type` is now `__type__`
in JSON results.
- Removed `Entity.get_column_default` method as this relies on SQLA's
declarative extension, but Restler does/should not depend on declarative
(it should only depend on mapped classes).
- Delegate HTTP parameter parsing to entitu instead of handling that in
controller.
- Inject request metadata into response objects (request method, URL,
path info, query params, etc). XXX: Account for proxy.
- Removed templates, static files, and Web helpers.
- Removed deprecated `EntityMeta` metaclass.

------------------

- Use a function instead of a metaclass to instrument Entity classes with
member_name and related class attributes. Replace usage of EntityMeta with
instrument_class (from restler.entity).
- Upgraded SQLAlchemy from 0.5.6 to 0.5.7
- Upgraded decorator from 3.0.1 to 3.1.2