Upgrading¶
Upgrading to v0.3¶
You will need to make the following changes in order to upgrade from previous versions:
Predicate classes have changed their signature. In earlier versions you would have written:
class MyPredicate(Predicate):
def __call__(self, environ, context=None):
...
@make_predicate
def my_custom_predicate(environ, context=None):
...
You should now change this to:
class MyPredicate(Predicate):
def __call__(self, acl, identity, context=None):
...
@make_predicate
def my_custom_predicate(acl, identity, context=None):
...
RoleProviders also have a different signature. Change from this:
CustomRoleProvider(RoleProvider):
def member_subset(self, roles, identity, environ, context):
...
To this:
CustomRoleProvider(RoleProvider):
def member_subset(self, roles, identity, context):
...
If your RoleProvider or Predicate depends on information from the WSGI environ,
this is no longer directly supported. Your application must now explicitly pass
any context information required to evaluate roles or predicates in the
context
argument.
Testing permissions now always requires an ACL object. Where previously you would have written this:
some_permission.check(environ)
if some_other_permission.is_met(environ):
do_something()
Change this to:
from knave import ACL
acl = ACL.of(environ)
acl.require(some_permission)
if acl.test(some_other_permission):
do_something()
Changelog¶
1.0.0 (released 2020-09-03)¶
Dropped Python 2 compatibility
Standards compliance: KnaveMiddleware now returns a 403 response for both unauthorized and unauthenticated conditions
0.3.2 (released 2018-06-11)¶
Middleware now returns either a 401 or 403 error as appropriate, depending on whether a user has been authenticated.
0.3.1¶
Bugfix for issue where roles were incorrectly cached, causing checks for roles to fail where they should have passed
0.3¶
Optimized role membership lookups
Permission subclasses may now implement custom checking logic
Added @ACL.role_provider and @role_decider decorators
0.2¶
Initial release