TG 1.1 release this weekend?

0 views
Skip to first unread message

Christopher Arndt

unread,
Sep 14, 2009, 4:48:15 PM9/14/09
to turbogea...@googlegroups.com
So, should we prepare a TG 1.1 rc1 release this weekend now that the
SQLAlchemy mapper issue is resolved?

I would volunteer to carry out the preparations. If there are any
outstanding tickets, which you would like to resolve (i.e. provide a
solution for) before that, please speak up until this Friday.


Chris

Daniel Fetchinson

unread,
Sep 14, 2009, 5:05:20 PM9/14/09
to turbogea...@googlegroups.com

Unfortunately I don't have a fix but what's the official point of view
on this ticket?

http://trac.turbogears.org/ticket/2207

Neither identity.SecureObject nor identity.SecureResource protects a
whole URL tree currently. This is independent of catwalk, which I
don't use anymore and it was indicated on this list that catwalk is
anyway semi-deprecated and not recommended. But this problem of
protecting a whole tree applies without catwalk too (I just mention
this because in the ticket I was talking about catwalk, but the
problem is more general).

In other words, is there an officially blessed way of protecting a
whole URL tree?

Cheers,
Daniel

--
Psss, psss, put it down! - http://www.cafepress.com/putitdown

Christopher Arndt

unread,
Sep 14, 2009, 8:58:05 PM9/14/09
to turbogears-trunk
Daniel Fetchinson schrieb:

> Unfortunately I don't have a fix but what's the official point of view
> on this ticket?
>
> http://trac.turbogears.org/ticket/2207
>
> Neither identity.SecureObject nor identity.SecureResource protects a
> whole URL tree currently.

Sorry, I can't confirm your findings. Secureresource does protect
subcontrollers as well. Take this example:


class ControllerB(controllers.Controller):
@expose()
def meth1(self):
return "ControllerB.meth1"

class ControllerA(controllers.Controller, identity.SecureResource):
require = identity.not_anonymous()
b = ControllerB()

@expose()
def meth1(self):
return "ControllerA.meth1"

class Root(controllers.RootController):
a = ControllerA()

# standard quickstart root controller following...


Accessing the URL /a/b/meth1 brings up the login screen as it should and
after login returns "ControllerB.meth1".

That leaves the CatWalk problem, which could probably be solved by
adding SecureResource as a mix-in dynamically. But I think that's not
enough reason to delay the release any further. If you come up with a
solution, though, I'll be glad to include it.


Chris

Florent Aide

unread,
Sep 15, 2009, 4:16:03 AM9/15/09
to turbogea...@googlegroups.com
+1 for this week end target. I think we are inline and I only need to
fix the mess in the kid templates for the website generation...

Christopher Arndt

unread,
Sep 15, 2009, 9:42:41 AM9/15/09
to turbogea...@googlegroups.com
Christopher Arndt schrieb:

I have updated the 1.1 changelog to include all changes since the last
beta release (1.1b3) which are unique to the 1.1+1.5 branches.

Could all interested individuals please check if sth important is
missing and if I have missed any contributors to this release?

I leave it to somebody else to update the 1.0 changelog with all the
changes that also affected the 1.0 branch.


Chris

Daniel Fetchinson

unread,
Sep 15, 2009, 2:04:25 PM9/15/09
to turbogea...@googlegroups.com
>> Unfortunately I don't have a fix but what's the official point of view
>> on this ticket?
>>
>> http://trac.turbogears.org/ticket/2207
>>
>> Neither identity.SecureObject nor identity.SecureResource protects a
>> whole URL tree currently.
>
> Sorry, I can't confirm your findings. Secureresource does protect
> subcontrollers as well. Take this example:
>
>
> class ControllerB(controllers.Controller):
> @expose()
> def meth1(self):
> return "ControllerB.meth1"
>
> class ControllerA(controllers.Controller, identity.SecureResource):
> require = identity.not_anonymous()
> b = ControllerB()
>
> @expose()
> def meth1(self):
> return "ControllerA.meth1"
>
> class Root(controllers.RootController):
> a = ControllerA()
>
> # standard quickstart root controller following...
>
>
> Accessing the URL /a/b/meth1 brings up the login screen as it should and
> after login returns "ControllerB.meth1".

Sorry, you are right, I might have been checking with an older version
or just simply messed up.

> That leaves the CatWalk problem, which could probably be solved by
> adding SecureResource as a mix-in dynamically. But I think that's not
> enough reason to delay the release any further. If you come up with a
> solution, though, I'll be glad to include it.

I agree, catwalk itself should not hold up the release, I don't use it
anyway myself.

Christopher Arndt

unread,
Sep 16, 2009, 8:58:33 AM9/16/09
to turbogears-trunk
Daniel Fetchinson schrieb:

>>> Unfortunately I don't have a fix but what's the official point of view
>>> on this ticket?
>>>
>>> http://trac.turbogears.org/ticket/2207
>>>
>> That leaves the CatWalk problem, which could probably be solved by
>> adding SecureResource as a mix-in dynamically. But I think that's not
>> enough reason to delay the release any further. If you come up with a
>> solution, though, I'll be glad to include it.
>
> I agree, catwalk itself should not hold up the release, I don't use it
> anyway myself.

Turns out, this was solely a problem in CatWalk. This is now fixed in
SVN r6643.


Chris

Daniel Fetchinson

unread,
Sep 16, 2009, 1:00:23 PM9/16/09
to turbogea...@googlegroups.com

Great! Thanks Chris, this issue made me a bit uneasy but granted, I
haven't done my testing carefully enough, it's good to know that it
was catwalk only.

Christopher Arndt

unread,
Sep 16, 2009, 1:46:16 PM9/16/09
to turbogea...@googlegroups.com
I'm currently going through the list of open tickets for the 1.1
milestone (see http://trac.turbogears.org/wiki/TicketQueries) and I've
already fixed and closed a few. I would like at least to close (either
through fixing or closing as invalid) the defects with priority "normal"
before the 1.1rc1 release this weekend and maybe some of the open
enhancements.

The only real roadblock I currently see is
http://trac.turbogears.org/ticket/2036. Anybody has any ideas how to
handle this?


Chris

Christopher Arndt

unread,
Sep 20, 2009, 7:57:15 AM9/20/09
to turbogea...@googlegroups.com
Christopher Arndt schrieb:

TG 1.1rc1 will in all probability be released tonight. If you want any
last-minute fixes in, speak up NOW!

If 1.1rc1 works well, it will be released as 1.1final in two weeks.


Chris

Reply all
Reply to author
Forward
0 new messages