CHANGES.txt

= Change Log =

== 2.4.3 (**Mar 1, 2020**) ==

* Support for ``i18n.native`` list of languages to disable translation for languages the templates are natively written in.
* Support for ``repoze.who`` options like Cookie ``SameSite`` and ``Secure``.
* Dunder ``__`` methods are no longer hijacked in context local objects. This allows ``pytest``, ``doctest`` and ``mock`` to inspect thread local objects like request.
* Error reporting now gives a proper error if email support is enabled but not properly configured

== 2.4.2 (**Oct 20, 2019**) ==

* Fixed support for zope.sqlalchemy 1.2

== 2.4.1 (**Sep 3, 2019**) ==

* Fixed hooks documentation (it wasn't updated to 2.4 hooks)
* Fixed examples in controller wrappers registration (they weren't updated to 2.4)
* Error controller is now able to properly respond JSON when the client sends ``Accept: application/json`` even if the routed action didn't support it.
* Fixed crash when error controller is accessed directly without any error.
* Removed stray ``<p>`` tag in JSON responses from error controller.
* Replaced references to 2.3 with 2.4 in quickstarted apps

== 2.4.0 (**May 10, 2019**) ==

* Configuration system rewrite, configuration is now based on a Configurator and Components.
* All features that were deprecated in 2.2 and 2.3 are now gone (IE support for ToscaWidgets1)
* Support custom reporters in Slow and Error reporting
* Removed support for Pylons Compatibility Mode.
* Removed support for Python 2.6
* WebTest is no longer a dependency of TurboGears, only of it's quickstarted apps.
* 100% test coverage guaranteed on PY3 too
* Removed deprecated transaction manager middleware
* Deprecated @beaker_cache
* genshi_custom_format removed
* Many tests moved from Genshi to Kajiki
* Make TransactionApplicationWrapper handle changes of active transaction
* Use transaction>=2.4 public API
* Support WebOb1.9 and WebTest2
* Remove constraint on raven during tests
* Remove support for deprecated request.validation.__getitem__
* Deprecated mingauth and sqlauth, only authmetadata is officially supported
* Get rid of deprecated get_flash and get_status
* Remove no longer supported Cache and Session middlewares

== 2.3.12 (**April 6, 2018**) ==

* OPTIONS HTTP method for a RestController will now respond with a 204 "No Content" by default instead of a 404
* WebOb version constrained to >=1.2,<1.8.0 to ensure full compatibility with TurboGears2.3
* Fixed highlight of active page in Jinja quickstart

== 2.3.11 (**July 3, 2017**) ==

* When configuring authentication it is now possible to provide ``('default', None)`` as an identifier to set custom identifiers and retain the default one.
* Python 3.6 is now officially supported
* Invalid requests (like GETs with a body) will not crash ``decode_params`` anymore.
* ``tg.util.webtest.test_context`` no longer depends on ``WebTest`` and can work on a plain ``TGApp`` instance.
* ErrorReporter now supports ``trace_errors.smtp_port`` option.
* ``trace_errors.enable = False`` can now disable error tracing middleware even when backlash is available
* Improved Kajiki template not found error message
* Support for datetime.time in json encoder
* Extract i18n from python code in kajiki templates by default
* Support for IPython in tgshell command.
* Add support for migrations from multiple databases when more than one database is involved.
* Fix for SCRIPT_NAME in login in quickstart template.

== 2.3.10 (**December 4, 2016**) ==

* Fixed unicode error messages in ``validation_errors_response``
* Added support for strip_text in kajiki templates
* Transaction manager no longer sets current path as not (fixes crash with transaction 2.0.3)
* Improved deprecated features warning reporting
* Allow custom error pages to only render for specific content types through ``errorpage.content_types`` option.
* Custom error pages no longer will render for content types != text/html
* Fixed ``tg.abort`` passthrough support, now properly skipping error pages and authentication.
* Changing ``tg.response.content_type`` in controller actions will now properly change the rendered template when multiple ones are registered.
* Documented request attributes and methods that previously were not.
* Exposed ``request.disable_error_pages()`` and ``request.disable_auth_challenger()`` to skip custom error pages and auth challenging in current request.
* It is no longer needed for ``lib.helpers`` and ``lib.app_globals`` to be imported into ``lib/__init__.py``.
* Controller Actions can now return ``None`` for a *204 No Content* response.
* Returning ``tg.response`` from a controller action will now return the response as it is instead of creating a new copy of it
* JSON renderer now accepts rendering only a part of the dictionary returned by the action through the ``key`` render_param.
* It is now possible to return JSON lists instead of objects from actions by using ``render_params={'allow_lists': False, 'key': 'values'}`` in ``@expose`` and returning the list in ``values`` key of the action returned dictionary.
* ``script_json_encode`` will now encode as JSON lists and iso dates by default.
* Remove downloads they are not more supported by pypi
* Fixed scaffolds for templates in newly quickstarted projects

== 2.3.9 (**August 11, 2016**) ==

* Kajiki is now the default template engine for easier quickstarting of projects on Python 3.4 and 3.5
* tgext.debugbar is now installed with devtools
* When quickstarting a project with Genshi on Python3.4 "name_constant" patch is enabled by default
* Devtools are now tested against Python 3.4 and 3.5 too
* Python 3.2 is no longer officially supported.
* Allow running python scripts through 'gearbox tgshell'
* Support render_params in kajiki
* Allow forcing file extension using !ext syntax in dotted templates
* Allow mixing dotted and file notations in mako renderer too
* Allow custom template file extension for mako templates
* Make DotteFileNameFinder work with zips too and add test for it
* Adapted tests for webob that doesn't specify encoding anymore for json
* Better support pkg_resources for forezen TG apps

== 2.3.8 (**March 16, 2016**) ==

* Fix auth logger not being configured in Ming quickstart
* Add minimal quickstart option, to remove example pages in quickstart
* Serialize sessions as JSON in newly quickstarted projects
* error messages in newly quickstarted projects are not required to be valid XML anymore.
* Configuration steps now only read/write options from configuration instead of AppConfig
* Refactor configuration steps making them internal
* Allow init_model to return the initialized session to enable both ming and sqlalchemy.
* Directly expose milestones in main tg namespace
* Clearly express that TGApp only methods available to users are __call__ and classmethods
* Provide TGApp.lookup_controller class method to allow to lookup controllers based on a specific configuration
* All milestones are now properly triggered when load_environment is not provided
* In case load_environment is False reuse global config as a new one is not created.
* Remove built-in routes support, this can now be implemented through _dispatch and is provided in tgext.routes
* Rely on new crank flatten_arguments function, this avoid crashes when controller receives unexpected arguments
* thread_locals got renamed to context in most locations
* Dispatch now relies on crank 0.8 resolve api
* Take params from DispatchState, this allows dispatcher to modify them
* No longer switch tmpl_context strictness depending on debug/production, that lead to unexpected bugs on production
* raise stacklevel in warnings to provider a better suited context in warnings.
* Allow lists in JSON Encoder when explicitly permitted
* unless utility function, works well coped with Convert validation utility.
* Support for scheme argument in url, lurl and redirect
* database name cannot be an empty string in mongodb
* Make LazyString objects iterable


== 2.3.7 (**October 13, 2015**) ==

* Documentation of configuration options has been greatly improved and most of them are now explicitly documented.
* It's now far easier to configure Helpers, App Globals and Database in Minimal mode
* Newly quickstarted projects now provide a scaffold (gearbox scaffold) for Ming models
* Some improvements to @cached, inside the controller the caching namespace and key are now available as request.caching
* Kajiki templates by default now provide .xhtml extension
* Kajiki rendering mode is now switched to html5 by default.
* Kajiki templates are now properly added to newly quickstarted kajiki projects
* Fixed database cleanup in Test Units when using Ming
* tg.util now provides tg.util.sqlalchemy and tg.util.ming with utilities to convert models to dictionaries for quick forms initialization.
* Kajiki now provides html_optional_tags option which by default forces Kajiki to close html, head and body tags.
* Easier configuration of database and models in minimal mode
* Fixed i18n message extraction in newly quickstarted projects when not using Genshi
* get_partial_dict now reports the element name when it raises an AttributeError
* DottedFileNameFinder returns absolute path always, copes with some odd python envs
* Raise error when encoding detached SA instance to JSON
* AppGlobals and Helpers can now be configured even without using a package
* ToscaWidgets2 support for Kajiki is now enabled
* Ensure that exclude_names is always an iterable for registered templates
* When rendering ErrorController, reuse the existing response so that users can access custom attributes instead of creating a new one
* request.args_params will now contain both request params and positional dispatch arguments (excluding *args). This ensures that @cached uses all params to generate the cache key not only the GET and POST params
* AppConfig.get_root_module is now marked as an internal method and has been renamed accordingly
* Crank (TG routing system) has experimental support for Python 3.6

== 2.3.6 (**July 26, 2015**) ==

* Multiple @validate decorators can now be applied on same method.
* Identity Metadata provisioning (TGAuthMetadata) is now performed by an application wrapper so that it can rely on caching and other features
* Beaker is now optional and should be a dependency of the application, if it is not installed Session and Caching AppWrappers get disabled.
* All new quickstarted projects now expose Beaker and Babel as dependencies.
* tg.util.webtest.test_context now available for unit testing of features that depend from a TurboGears context ( http://turbogears.readthedocs.org/en/development/reference/classes.html#tg.util.webtest.test_context )
* tg.validation.Convert utility function for simple validation that doesn't rely on formencode or tw2 ( http://turbogears.readthedocs.org/en/development/reference/classes.html#tg.validation.Convert )
* Lazy strings are now supported by JSONEncoder, useful for i18n in JSON responses
* tg.util.dates module provides utilities when working with dates ( http://turbogears.readthedocs.org/en/development/reference/classes.html#tg.util.dates.get_fixed_timezone )
* tg.util.files module provides utilities when working with files and paths ( http://turbogears.readthedocs.org/en/development/reference/classes.html#tg.util.files.DottedFileNameFinder )
* flash.allow_html option permits to disable HTML escaping in flash messages ( http://turbogears.readthedocs.org/en/development/reference/classes.html#tg.flash.TGFlash.configure )
* LazyString now supports all underlying string instance methods
* Kajiki templates now properly supports i18n
* Kajiki templates can now have a custom extension by using the templating.kajiki.template_extension option
* Kajiki templates can now disable automatic CDATA blocks using the templating.kajiki.cdata_scripts option
* Kajiki templates can now use autoblocks features using the templating.kajiki.xml_autoblocks option
* @expose can now replace an existing exposition for same content_type if old one was with no engine specified.
* Additional tests are now run against PY3 due to more libraries being available
* All new quickstarted projects now use WebHelpers2 package if available on system.

== 2.3.5 (**April 28, 2015**) ==

* request.identity is now unprintable for security reasons.
* Hooks now support different separated namespaces to avoid collisions with third party apps
* Quickstart now has support for MongoDB based projects on Python3
* Quickstart now provides .scaffold files for ``gearbox scaffold`` command.
* Quickstart login form now keeps username when login fails
* Configuration process cleanups, now .ini options overwrite AppConfig
* Various configuration options have been grouped under a common namespace (i18n.*, session.*, tm.*, errorpage.*)
* New ``configure_new_app`` hook that guarantees to always receive the unwrapped TGApp
* i18n, caching, session, transaction manager, ming and error pages are now application wrappers for speedups and better integration
* application wrappers now have a clear interface provided by ApplicationWrapper ABC
* Work-around for Genshi broken on Py3.4
* Improved support for connecting to a MongoDB ReplicaSet
* request.path is no longer cached, so application wrappers can change it and redirect the request
* Let /_test_vars work even when debug is False when in test mode

== 2.3.4 (**October 2, 2014**) ==

* Support for customizing Flash template
* Improving JSON support, permit customization without need for simplegeneric and support ISO dates
* Reference for configuration options is now automatically generate out of .configure methods of GlobalConfigurable objects
* Support the trace_slowreqs.enable config switch, this permits to actually turn off slow requests tracing.
* PyPy is now a test environment for TurboGears, each build is tested against it
* request.language is now deprecated as it was just a duplicate of tg.config['lang']
* tg.abort can now be used as an error_handler to give an error response in case of validation failure
* tg.validation_errors_response can be used to quickly return a 412 response with errors in JSON format in case of validation falure
* Ensure that when 'lang' option is set and i18n is enabled lang is used as fallback language
* @decode_params decorator is now available to accept controller parameters from request json body
* Utility functions to login/logout users
* Avoid shadowing KeyError exceptions in hooks, previously KeyError during hooks were swallowed
* All functions in tg.util are now public and documented for use by TurboGears users.

== 2.3.3 (**July 7, 2014**) ==

* Quickstart now uses HTTPFound instead of redirect to avoid appending SCRIPT_NAME multiple times
* Decoration.requirement is now a wrapper against first of Decoration.requirements
* Avoid Deprecation warnings on backlash
* Improving tg.render_template documentation
* Add support for backlash slow requests reporting
* Fix issue with app_globals when pylons compatibility mode is turned off
* Pagination and JSON encoding of Ming query cursors
* _visit now available with _before and _after, makes possible to implement custom behavior when the controller is visited for dispatching (before authorization)
* Pass through abort and SmartDenial improvements to authorization
* wrap and partial are built-in into python as we support only 2.6+
* Support using LazyUrl as a location for HTTPFound
* Refactor @beaker_cache to remove dependency on decorator module
* @cached decorator which replaced @beaker_cache and decoupling controller wrappers from app configurator
* It is now possible to register multiple requirements per method, provide API and tests
* decorator not used anymore as @require is now a Decoration based decorator
* As we don't depend on repoze.what anymore, make @require use Decoration instead of behing a plain python decorator
* Store validation context in a Bunch, so that it can be accessed with dotted notation
* make possible to provide a context for @cached_property, useful to make it thread safe
* get_lang now always returns a list
* Fix wrong ordering in exposition inheritance when renderers are not ready yet

== 2.3.2 (**March 8, 2014**) ==

* Quickstarted applications have been upgrade to Bootstrap3 CSS Framework
* Python3 support now includes TurboGears Admin
* Multiple Speedups in request dispatch and memory collection
* JSONP renderer is now provided built-in
* Renderers support has been rewrote, renderers are now easily pluginable
* Error reporting improvements: Reporting to Sentry is now built-in, when reporting exceptions by email it is now possible to attach request dump and local frame. Error options are now grouped in trace_errors namespace.
* Remove PasteDeploy dependency removed when in Minimal (microframework) mode.

* Support simple custom templates for paginator
* Support for URL translations, it is now possible to serve as controllers urls that contain odd characters.
* Improve TW2 rendering engine detection
* Quickstarted applications now enable the debugbar if installed
* Improve error_handler support in validation, they can now keep decoration and wrappers
* AppConfig plain configuration methods got renamed to _configure_* convention
* TGMing dependency has been removed when quickstarting with MongoDB/Ming
* chameleon_genshi renderer support moved to an external extension
* Improved the JSON Encoder, generators are now resolved as lists and tg.lurl() result can be encoded.
* Fix validation error reporting for TW2 with nested layouts
* Login should now forward also url GET parameters when redirecting
* Improvements to i18n support major feature is the ability to make get_lang() return only the languages supported by the application instead of returning all languages requested by user.
* Trigger controller_wrappers resolution on environment_loaded milestone instead of config_ready so that they can be register on setup hook
* To be coherent with add_ming_middleware rename the sqlalchemy related middleware setup method to add_sqlalchemy_middleware

== 2.3.1 (**November 4, 2013**) ==

* Also make error handling a class method as it is not bound to the controller instance
* Less usage of request local objects
* Keep track of method requirements in decoration
* Make _perform_validate a class method as it doesn't actually depend on the controller instance
* Skip coverage of a deprecated function that only forwards call to new API
* Improve registry manager streaming to cope with WSGI server that read the output like gevent-socketio
* A bit of move around of setup_tg_wsgi_app parts to cleanup roles of each component
* Put Decoration.register_hook in place again due to libraries using it but add a deprecation warning
* remove wrong TODO
* Refactor validation status reporting, tmpl_context.form_errors and tmpl_context.form_values got removed in favor of request.validation which keeps more details
* Fix docstring for AppConfig
* Refactoring TurboGears hooks and expose a public API to manage custom hooks
* Lazy resolution of application wrappers, so that ordering can be applied when they are all available
* Configuration milestones support, enables expositions to be resolved lazily when renderers are available

== 2.X ==

 * @with_trailing_slash and @without_trailing_slash have been moved to a 301 permanent redirect for SEO reasons
 * FriendlyFormPlugin has been replaced by the builtin FastFormPlugin with Py3 support, to keep using FriendlyFormPlugin just build it and use the form_plugin option of sa_auth
 * Removed support for "app:" prefix in template lookup, it actually didn't work much
 * Removed tg.decorators.postpone_commits, wasn't documented and it's trivial to replicate for specific projects
 * Remove tg.decorators.allow_only it actually didn't work and test for it was disabled.

== 2.1b2: (**March 27, 2009**) ==

 * Various fixes to dispatch involving _lookup
 * Functools removed as a dependency of TG2
 * Fixed #2456 TurboJson dependency causing RuntimeWarning
 * Fixed #2437 tg.url() docstring does not match behavior, pagination problem
 * Fixed #2455 Admin list view fails with more than 8 records
 * Fixed #1905 use variable_decode to add automagical formparsing like tg1
 * Fixed #2272 tg.url() is too laxist with argument types
 * Fixed #2299 flash() doesn't display anything when message is too long
 * Fixed #2337 RestController cannot handle non-ascii URLs
 * Fixed #2358 override_template does not work if @without_trailing_slash placed before @expose)
 * Fixed #2394 Configuration value "base_config.serve_static" sthould be set in *.ini files rather than in "app_cfg.py" file
 * Fixed #2403 Provide a TGCommand base class within TurboGears 2.x core
 * Fixed #2411 @https decorator crashes outside of root
 * Fixed #2413 Installing tw.dojo breaks CrudRestController from tgext.crud
 * Fixed #2416 Spurious SAWarnings caused by built-in SQL-based auth
 * Fixed #2450 TG 2.1 tests failing with recent WebOb version
 * Fixed #2451 Override template failing in 2.1
 * Fixed #2457 Make override_template work for all content types
 * Fixed #2458 Allow custom REST-like methods in RestController enhancement
 * Fixed #2469 Python2.4 issue when the uuid package is not installed
 * Tests fixed to not be order-dependent.
 * mako bytcode cashing added.
 * Python 2.4 compatibility.
 * Added tg.abort as a proxy to pylons.controllers.util.abort.

== 2.1b1: (**January 25, 2009**) ==

 * Deprecated default in favor of _default
 * Fixed handling of Unicode parameters
 * Added disable_request_extensions flag to configuration to allow users to ignore the request extension dispatch bits of object dispatch.
 * Increased length of Permission.permission_name to 63 chars.
 * Fixed GET requests on nested RestControllers.
 * Fixed case-sensitive incorrectness in quickstart when using mako template option.
 * Fixed numerous URL routing bugs, consilidating the RC and TGC controller base.
 * Fixed eroneous tg.url call inside the quickstart template.
 * Added use_dotted_templatenames support for Genshi.
 * Added ignore_parameters setting in the config
 * Added ability to have sa_auth.cookie_secret in .ini file
 * Added cookie_secret to quickstart template
 * Added tgext template

== 2.1a3: (**November, 29 2009**) ==

 * Fixed problems with Beaker Secret Key functionality.  (Thanks Sanjiv)
 * Fixed infinite loop problem associated with lookup.
 * Fixed RestController so delete() works with nested RCs.
 * Refactored Auth support to handle non-SA auth.
 * Deprecated lookup in favor of _lookup.

== 2.1a2: (**October, 25 2009**) ==

 * Front-ported Beaker Secret key functionality.
 * Fixed i18n hitting the filesystem on every call.
 * Fixed #2287, allowing genshi to now output xhtml.
 * Fixed #2273, allowing TW config from within the paste.ini file.
 * Fixed #2237, allowing initializing config before app setup to give setup access to configuration settings.
 * Fixed #2357, script_path was not properly carried through to dispatch.
 * Fixed #2167, tgext.admin was not allowing for integrity errors to pass thru from post/put.
 * Fixed #2373, Returning a list for an exposed json template now raises a meaningful exception.
 * Fixed #2247, strict_c is now the default for the turbogears configuration in debug mode.

== 2.1a1: (**October 2, 2009**) ==

  * Refactor of Dispatch Code.
  * TurboJson Requirement dropped.
  * ToscaWidgets2 support added.

== 2.0.1: (**June 21, 2009**) ==

=== Features ===

 * ToscaWidgets made optional
 * @expose(content_type="foo/var") now works #2280 thanks ondrejj (Docs are still outdated)

=== Fixes ===

 * SECURITY FIX: RestController and CrudRestController where not respecting allow_only. r6584 and r6587 (jorge.vargas,mramm)
 * Fixed WSGI compatibility bug #2294 from Alex Morega at pycon sprints.
 * Fixed Jinja2 renderer (#2310) thanks mbailey!
 * Small test suite incompatibility on windows #2301 (chrisz)
 * Fixed the very annoying login messages from i8n r6586 (everyone reported this :p)

=== Backwards Incompatible Changes ===

 * Reverted fix for #2241 the workaround should be at tgext.wsgiapps's HGController. If you add needed this fix you will need to fix it on your side.

=== Known Issues ===

 * None

== 2.0rc1: (**March 3, 2009**) ==

=== Features ===

 * None

=== Fixes ===

 * The authorization failure reason was being hardcoded when the Controller.allow_only attribute was used and the user was anonymous ([6520])
 * Fixes to the special __before__ and  __after__ methods that are called before and after a controller's request is completed.


=== Backwards Incompatible Changes ===

 * None.

=== Known Issues ===

 * None

== 2.0b7: (**March 4, 2009**) ==

=== Features ===

 * Now quickstarted applications with auth* enabled have a complete set of tests for protected areas and authentication, using repoze.who-testutil (#2198).
 * Unitesting with SQLAlchemy enable is now possible

=== Fixes ===

 * .allow_only was broken in the !RootController (#2254)
 * Controller Wide authorization now works as expected in all cases (even when you forget to call super's __init__)
 * Now quickstarted applications are PEP-8 and PEP-257 compliant (#2223)
 * Controller tests in the quickstart were not isolated, and did not have sample data from setup_app
 * !TestModel in quickstarted applications was be moved to {app}.tests.models (#2249).
 * repoze.what implements a workaround for a bug in Python < 2.6 whereby non-ASCII messages couldn't be logged (#2250)
 * Controller tests are now isolated (#2244)


=== Backwards Incompatible Changes ===

 * None.

=== Known Issues ===

 * being rejected from the Catwalk admin controllers caused you to loose your current login credentials. (#2262)

== 2.0b6: (**Febuary 25, 2009**) ==

Beta 6 moves some dependencies into the Quickstarted project, so users who don't need them can edit them out.   However, this means that you must {{{python setup.py develop}}}  your quickstarted app.

=== Features ===

 * New default ModelTest class for unitesting #2200, quickstarted project uses it documentation pending but it's super easy to use :)
 * Installing TurboGears now requires less dependencies thanks to #2176
 * TurboGears is now pip compatible but still not the default #2169
 * The repoze.what integration is now provided by the new [http://code.gustavonarea.net/repoze.what-pylons/ repoze.what-pylons] package.
 * the webhelpers defined in lib/helpers are now only added to the template as helpers not as h.   Previously Mako's h was not available because we were overriding it.  This change was also sponsored by the campaign against one letter variables ;)
 * For Python 2.6 users, introduced the class decorator @allow_only to set controller-wide authorization. It's an alternative to ''Controller.allow_only''.
 * Now repoze.what predicates can be evaluated without passing the environ, as in:
{{{
>>> from repoze.what.predicates import not_anonymous
>>> p = non_anonymous()
>>> bool(p) # Will return False if the user is anonymous; True otherwise
False
}}}
 Also, now they're available as part of the TG-specific variables in the templates. (#2205).

=== Fixes ===

 * ''@tg.require'' set the status code to 401 when authorization was denied, regardless of whether the user was anonymous or not. From now on, a 403 status is used when the user was authenticated.
 * repoze.what predicate messages in the quickstart are translated lazily (#2179; #2180).
 * QUickstarted projects without Authorization were not starting due to a paster template error.

=== Backwards Incompatible Changes ===

 * Due to #2176 it is now required to run (python setup.py develop / pip install -e .) on a new quickstarted project to get the dependencies only used there.
 * If you relied on the ''Controller._check_security()'' method, then you have to call it from ''Controller.!__before!__()'' because it's not called anymore by TG.
 * if you used tg.testutils it's now gone r6323 (noone really used it)


=== Known Issues ===

 * While installing tg.devtools, you'll get an error about "repoze.who" not being found. A workaround is to try to run the command, again.
 * SQLAlchemy is not properly set up in test environments (#2243).
 * The ''!__before!__()'' method of the controllers is not called.

== 2.0b5: (**Febuary 4, 2009**) ==

=== Features ===

 * Implemented post-login and post-logout pages in quickstarted applications thanks to the latest version of ''repoze.what-quickstart''.
 * you can now manually set the content type in the controller and return a string, generator or webob response object without @expose messing with the response at all.
 * by popular demand the tg.url function now supports getting a list of strings (like tg1)

=== Fixes ===

 * Authorization denial messages issued using TG's flash mechanism were using an invalid status and thus were not inside the typical color box.
 * Two production config files were included in quickstart
 * Pylons style __before__ was not supported.
 * error pages were not styled properly
 * repoze.who now respects SCRIPT_PATH so logout_handler will go to the right place in apps not mounted at the root of the url tree.
 * SQLite install requirement added for python 2.4 users
 * Several files were not included in the egg bundle for TG2 projects that were eggified.
 * catwalk scrolling issue fixed

=== Backwards Incompatible Changes ===

 * None

=== Known Issues ===

* None

== 2.0b4: (January 24th, 2009) ==

Beta 4 is mostly a bugfix release, with no new features as we are approaching the 2.0 final release we need to squash out all the remaining known bugs and start working on release candidates.    B4 is a recomended upgrade for all TG2 users who are using our authentication system because a threadsafety issue in repoze.what could cause authenentication denied messages to get sent to the wrong user if two users were denied access at "the same" time.

Other key fixes, allow flash messages to cross authentication boundries, and updates to the admin so that it handles some relationships better, and to the mimetypes stuff so that .json works on all platforms.

Beta 5 should be released next week with many more fixes.

=== Features ===

 * None

=== Fixes ===

 * Synchronized to repoze.what 1.0.1, which fixes an important bug that may affect production websites.
 * Updated repoze.who so that it passes cookies along when doing a redirect for authorization  -- this allows us to send flash messages across login requests.
 * Updated sprox to fix an issue with some relationships
 * Updated tgext.admin and catwalk to go with the new sprox release and fix some minor issues.
 * Fixed problem where content type negotiation was not working on some platforms that don't include mimetypes for .json out of the box
 * The traceback poster feature of the interactive debugger was not returning all the libraries in use, this is now fixed.

=== Backwards Incompatible Changes ===

 * None

=== Known Issues ===

 * Error page is not styled properly.
 * catwalk opening page does not show a scrollbar -- even if one is needed

 More minor issues that are known in b4 and expected to be fixed in b5 can be found here:

http://trac.turbogears.org/query?milestone=2.0b5

=== Contributors (in alphabetic order) ===

 Gustavo Narea, Mark Ramm, Jorge Vargas, Christoper Perkins, Alberto Valverde.

== 2.0b3: (January 20th, 2009) ==

=== Features ===

 * HTTP Verb aware dispatch mechanisms for support of more REST based interfaces.
 * you can now indicate a content type request using file extensions (index.html or index.json)
 * Full unicode support in the url and redirect functions
 * WSGIAppController and a new tgext.wsgiapps project to make mounting wsgi apps in TG2 even easier.
 * Flash messages now use a plain cookie as a transport mechanism so they can be accessed and displayed with JS code which can make cacheing easier.

=== Fixes ===

 * Use a routes that supports unicode params, rather than doing our own escaping
 * Some not authorized exceptions were not being caught by repoze.who because of the order in which the core middleware was added to the TG application (#2152).

=== Backwards Incompatible Changes ===

 * The "status_" prefix has been removed from the status codes of the flash messages so pre 2.0b3 quickstarted apps must be updated accordingly. TG now provides a helper to display them in the template, read this [http://groups.google.com/group/turbogears-trunk/msg/fcf0784c074f5dfc post] for more details.

=== Known Issues ===

 * none

=== Contributors (in alphabetic order) ===

 Gustavo Narea, Chris Perkins, Mark Ramm, Alberto Valverde, Jorge Vargas.


== 2.0b2:  January 7, 2008) ==

=== Features ===
 * Debugger page now allows searching the turbogears mailing list
 * Debugger page now posts TG dependencies when you post a traceback to the web
 * app_cfg now allows you to regester call_on_startup and call_on_shutdown functions
 * tg.url now wraps pylons.url to properly encode unicode strings to URL strings (as per the iri to url RFC)
 * "error pages" now looked up and displayed by normal TurboGears controllers

=== Fixes ===

 * tg.url fixed so escaping of redirect params is no longer required.

=== Contributors (in alphabetic order) ===

Mark Ramm



== 2.0b1: (December 29th, 2008) ==

=== Features ===
 * It's now possible to set all the parameters used by the repoze.who !PluggableAuthenticationMiddleware through '''{yourapplication}.config.app_cfg'''.

=== Fixes ===
 * Failing tests in tg2 trunk (#2059).
 * Can't use @require decorator and require property in the same controller (#2063).

=== Backwards Incompatible Changes ===

 * tg.url no longer supports passing in a list of strings (these must be manually concatenated for now)
 * tg.url no longer supports passing in a params dict (but you can use keyword arguments)

=== Known Issues ===

 * apps using authentication outside the root of the URL hierarchy will redirect to the absolute root rather than the app root.

=== Contributors (in alphabetic order) ===

Florent Aide, Gustavo Narea, Chris Perkins, Mark Ramm, Jonathan Schemoul, Jorge Vargas

=== Upgrading from 1.9.7b2 ===
 * Because of #2063, if you are using the controller-wide authorization functionality, you have to rename the "require" attribute to "alow_only". For example:
{{{
    class SomeSecureController(BaseController):
        allow_only = predicates.has_permission('onePermission')

        @expose('my_package.template.index')
        def index(self):
            # do something here

        @expose('my_package.template.add')
        @authorize.require(predicates.has_permission('specialPerm'))
        def do_things(self, **kw):
            # do other things here
}}}

If you are using tg.cycle, tg.selector, tg.ipeek, or tg.checker in your templates, you'll have to add that functionality to your lib.helpers module and import it from there.  There is some talk about asking for some of these things to be added to webhelpers, so if you use them you may want to chime in in support of that on the mailing list.


== 1.9.7b2 (December 2nd, 2008): ==

=== Features ===
 * [http://static.repoze.org/whatdocs/ repoze.what] replaces ''tgext.authorization''. TurboGears 1.9.7b2 requires [http://static.repoze.org/whatdocs/News.html#repoze-what-1-0b1-2008-11-26 repoze.what-1.0b1].
 * Authorization errors are now flashed.
 * Any TG2 controller may take advantage of the ability to set controller-wide authorization using the '''require''' attribute. Therefore you are highly encouraged to remove the !SecureController class defined in '''{yourapplication}/lib/base.py'''.

=== Fixes ===
 * Custom authentication settings defined in '''{yourapplication}.config.app_cfg''' were ignored (this is, custom repoze.who identifiers, authenticators, challengers and MD providers).

=== Contributors (in alphabetic order) ===
Gustavo Narea, Mark Ramm

=== Upgrading from 1.9.7b1 ===
 * Replace all the ''tgext.authorization'' occurrences with ''repoze.what'' (it's safe to do a bulk find & replace).
 * The '''@require''' decorator is now part of TG itself, not of ''repoze.what''. Now you should import it from the '''tg''' module.
 * There are some [http://static.repoze.org/whatdocs/News.html#backwards-incompatible-changes backwards incompatible changes] from tgext.authorization-0.9a1 (used in the previous TG beta) and repoze.what-1.0b1.

=== Known Issues ===
   * Toscawidgets does not render js_callbacks properly because of breakage from the simplejson.

== 1.9.7b1 (October 29th, 2008): ==

=== Features ===
 * ''tgext.authorization'' replaces ''tg.ext.repoze.who''; the later becomes deprecated. ''tgext.authorization'' only deals with ''authorization'', and supports multiple sources to store your groups and permissions (not only databases), granting permissions to anonymous users, among other things.

=== Fixes ===
 * Tests failed on quickstarted applications without identity (#1977).
 * When running the ''websetup'' from the test suite, it used the development database instead of the in memory one (#1978).
 * SimpleJson 2.0.4 now the minimum version.

=== Contributors (in alphabetic order) ===
Gustavo Narea, Mark Ramm

=== Upgrading from 1.9.7a4 ===
 * If using DBTest, it's no longer mandatory to define the test database, as long as you define ''sqlalchemy.url'' in your ''test.ini'' file. So a DBTest subclass may look like this:
{{{
class TestModel(DBTest):
    """The base class for testing models in you TG project."""
    model = model
}}}
 In fact, this is how that class looks like as of v1.9.7b1.
 * If you were using '''tg.ext.repoze.who''', you should migrate to '''tgext.authorization''':
   1. Replace '''tg.ext.repoze.who''' by '''tgext.authorization''' in your controllers (tgext.authorization provides the same ''authorize'' module).
   1. In ''{yourpackage}.config.app_cfg'', the following settings are no longer necessary (and thus ignored):
    * base_config.sa_auth.user_id_column
    * base_config.sa_auth.password_encryption_method (it now relies on the ''verify_password'' method of your ''User'' model)
    * base_config.sa_auth.users_table
    * base_config.sa_auth.groups_table
    * base_config.sa_auth.permissions_table
   1. Now, remove the following line:
{{{
base_config.sa_auth = Bunch()
}}}
   1. Finally, if you're using a non-default value for '''base_config.sa_auth.user_criterion''', this following setting should be set in a different way:

   || '''Setting description''' || '''Before Beta 1''' || '''As of Beta 1''' || '''Sample definition as of Beta 1''' ||
   || Change the name of the column that contains the user name || base_config.sa_auth.user_criterion || base_config.sa_auth.translations.user_name || base_config.sa_auth.translations.user_name = 'person_name' ||



=== Known Issues ===
   * Toscawidgets does not render js_callbacks properly because of breakage from the simplejson.


== 1.9.7a4: ==

=== Features ===
    * New highly customizable replacement for Buffet renderers.
         * These are not on by default, you must add base_config.use_legacy_renderer = False to your app_cfg.py file to use them.
         * When using the new renderers, you have to switch genshi from dotted lookup to using paths+filenames.
    * TG2 now supports automatic transactions, so you no longer have to explicitly commit transactions
       * Transaction middleware supports cross-database transactions
       * Transactions are not begun until the SQLAlchemy session becomes dirty, so no transaction overhead is wasted on requests that don't ever write to the database
    * The SQLAlchemy metadata is no longer automatically bound in the config setup, so we can more easily support multiple database engines (eg., for master-slave replication).
    * added start_response to the context, so we're easily able to use it to use WSGI applications anywhere
    * added a use_wsgi_app() function that makes it very, very easy to mount a wsgi app in your tg2 controller, or use a TG2 controller as middleware.
    * Improved support and documentation for returning a WebOb response object, so tg2 controllers can take over all aspects of defining the responce whenever that's needed.
    * Simply set base_config.serve_static to False to stop your TG2 app from serving up static content, no manual editing of the middleware setup required.
    * request, repsonse, etc all available from tg as well as pylons now
    * default template namspace now has request, response, and tg variables automatically injected into it.
    * quickstart now imports from tg wherever possible so there's less what's in tg what's in pylons
    * a custom content type can now be set dynamically within a controller method by setting the content type in @expose to tg.controllers.CUSTOM_CONTENT_TYPE and using pylons.response.headers['Content-Type']
    * The declarative plugin of SQLAlchemy is now used in the default template, instead of the traditional method.
    * TG1's DBTest has been ported to TG2.


=== Fixes ===
    * You were not able to use non-standard class names for User, Group, and Permissions in tg.ext.repoze.who
    * Configuring an alternate location for controllers did not work with PylonsApp (now we have TGApp, an it will work)>
    * the Content-Type header will not have `charset=utf8` appended to it when it is not required

=== Contributors (in alphabetic order) ===

* Gustavo Narea, Mark Ramm, Matthew Sherborne, Alberto Valverde

=== Upgrading from 1.9.7a3 ===

    * The name of the `tg.config` module has been changed to `tg.configuration`.  You must change your `config/app_cfg.py` file accordingly:
{{{
-from tg.config import AppConfig, Bunch
+from tg.configuration import AppConfig, Bunch
}}}

    * You must define the user_class, group_class, and permission_class in app_config.py when using the authorizaiton plugin.
{{{
-base_config.sa_auth.user = model.User
+base_config.sa_auth.user_class = model.User
 base_config.sa_auth.user_criterion = model.User.user_name
 base_config.sa_auth.user_id_column = 'user_id'
+base_config.sa_auth.group_class = model.Group
+base_config.sa_auth.permission_class = model.Permission
}}}

   *  TG2 no longer binds the database engine to the DBSession or metadata so you can decide how you want to handle this (perhaps to re-bind the session dynamically to a different engine on a per-request basis, etc...).

This is now done in the yourapp.model.init_model callback which is called when your app is loaded and passed a configured engine as a parameter. To upgrade an existing project just add one line to __init__ in you model directory, as shown here.

{{{
def init_model(engine):
   DBSession.configure(bind=enigne) # <-- this, add this
}}}

  * `setup_tg_wsgi_app` has been removed from `tg.middleware`.  It's now a method of `base_config`, so following lines must be removed from `config/middleware.py`:

{{{
-from pylons.wsgiapp import PylonsApp
-from tg.middleware import setup_tg_wsgi_app
}}}


Of course if you're starting a new project, all of this is done automatically for you by quickstart.

   *  If you turn on new-style renderers, you must now provide the filename (and whatever path information is necessary) in expose, including the .html extension. Furthermore, we're now registering the template directory in the search path directly, so expose can be simpler. The old expose:

{{{
    @expose('testproject.templates.index')
    def index(self):
        return dict(page='index')
}}}

Should be replaced by the new expose:

{{{
    @expose('index.html')
    def index(self):
        return dict(page='index')
}}}

== 1.9.7a3 (July, 29, 2008): ==

=== Features ===

    * TurboGears 2 now defaults to making multiple request parameters into a list that's passed to the controller (emulating the tg1 behavior).
    * The base_config object now has a number of methods for those who need very fine grained control of how the middleware and environment are setup.
    * tg2 now uses sphinx extensions to import code samples from svn, as well as to test the example code.
    * new support of calling wsgi_apps from a TG2 controller method (see the use_wsgi_app function)
    * added tg_vars to template namespace to more closely match tg1
    * Lots and lots of new docs covering:
       * Updated TW docs
       * Updated config docs
       * Updated PyAMF integration docs
       * Updated install and offline install docs

=== Fixes ===

    * Identity.py updated by splee to act more like tg1
    * Identity.py pep 8 compliance
    * Fix for #1885 development.ini now runs only on localhost to avoid security issues related to the debugging interface being turned on.
    * Added missing package requirement while using setup.py develop
    * updated Paste dependencies, in order to work around an import appconfig issue mentioned on the mailing list
    * updated the default quickstart project to look a bit nicer (thanks to Lukasz Szybalski)

=== Contributors (in alphabetic order) ===

Florent Aide, Bruno J. M. Melo, Lee McFadden, Christopher Perkins, Mark Ramm, Sanjiv Singh, and Lukasz Szybalski.

=== Upgrading from 1.9.7a2 ===

    * The changes to the `base_config` object make it necessary to change `config/environment.py` and `config/middleware.py`.  Without these changes your app will raise deprecation warnings.

      * in `config/environment.py`:

{{{
-load_environment = make_load_environment(base_config)
+load_environment = base_config.make_load_environment()
}}}

      * in `config/middleware.py`:

{{{
+-make_base_app = setup_tg_wsgi_app(load_environment, base_config)
+make_base_app = base_config.setup_tg_wsgi_app(load_environment)
}}}

      * You can also delete the from `tg.environment import make_load_environment` statements from both `config/app.py` and `config/environment.py`