Zope changes This file contains change information for the current Zope release. Change information for previous versions of Zope can be found in the file HISTORY.txt. Zope 2.3.0 alpha 2 Features Added - The install machinery for source release has been modified to allow Zope to build out of the box for Python 2.0. Note however, that Python 2.0 is still not officially supported. You may see quite a few warnings from the extension builder when compiling for Python 2. - A new module, AccessControl.Permissions has been added to make it easier to use the new security assertion spelling. The new module provides consistent symbolic constants for the standard Zope permissions. - Cache manager support added. This allows site administrators to ease the burden on their site in a very configurable way. It also provides an API for developers to follow when experimenting with caching strategies. - The ZPublisher 'method' form variable type has been deprecated in favor of 'action'. The behavior is the same, only the official (and documented in the Zope book) name has changed. The 'method' name is still supported for backward compatibility. - The 'objectIds' and 'objectValues' methods of ObjectManager derived objects are no longer directly Web-accessible. This is a topic that has come up over and over on the lists. Some (xml-rpc, mostly) users may depend on this behavior - applications that need access to this information remotely should be modified so that a Python Script or DTML Method can explicitly pass the data. - The Image.tag() and ZopeAttributionButton methods now return an image tag that is XHTML compatible; a space and a slash have been added. - SQLMethods can now be edited via FTP and WebDAV tools. Thanks to Anthony Baxter for his FTP support patches. - The Catalog has been slightly overhauled to manage object paths instead of URLs in its tables. This should not cause any backward compatability concern, but everyone upgrading should read the web pages on the zope.org site at: http://dev.zope.org/Wikis/DevSite/Projects/ZCatalogVirtualHostFix/UpgradeFAQ this will provide information about how to upgrade and new features on the result sets, like getObject and getPath. These are very important. - SiteAccess 2.0 has been added, to enable virtual hosting. - The StandardCacheManagers product has been added as a primary product, making it easier to get started with caching. - The class DTMLFile has been added alongside of HTMLFile. It supports name bindings, ignores positional parameters, and puts the container on top of the namespace by default. Most HTMLFiles should work the same (or more securely) if converted to a DTMLFile. Most management interface methods should be converted by the final release of 2.3. - Added a variable called PUBLISHED to REQUEST. From now on, this variable should be used instead of PARENTS for user validation. - The inituser file is now read even when one user has been created. This provides a way to reset the password after a new user installs Zope but ignores the generated password. - ZCatalogs have a reduced number of management interface tabs. - ZCatalog keyword and field indexes have been modified to use a merge strategy when existing indexes are updated. When an existing object is indexed, the contents of field and keyword indexes are merged with the changes detected between the existing contents of the index and the new content. - CatalogPathAware class added. This will eventually replace CatalogAware. - The ManagementInterfaceQuickFix project was merged in. The Zope management interface has been tweaked in various ways to improve productivity and consistency and is now at least slightly less ugly :) Bugs Fixed - A misspelled function name which prevented the addition of properties was corrected. - Caused PropertySheets to restrict IDs the same way ObjectManager does. - (Collector #1586) Fixed situation where the Catalog would attempt to loop over a bucket as if it were a list, which won't work. This was reported by Steve Alexander with a patch. - Corrected local role computation (Hotfix 2000-12-15) - The basic user folder implementation in User.py was changed to use the Zope security policy machinery. see http://dev.zope.org/Wikis/DevSite/Proposals/ ChangeUserFoldersToUseSecurityPolicyAPI for details. - Trying to cut or copy with no items selected now returns a nicer error message. - A roles keyword argument was added to ZopeSecurityPolicy.validate to enable callers to pass in roles as opposed to allowing the machinery to figure it out for itself. - Some product context initialization related to setting roles was updated. Zope 2.3.0 alpha 1 Features Added - Python Scripts are now part of the Zope core. Big whopping kudos to Evan Simpson for all of the work he has put into this! Having Python Scripts in the core will allow people to much more easily separate logic and presentation (and get that logic out of DTML!) More information and prototype documentation for Python Scripts can be found in the dev.zope.org project: http://dev.zope.org/Wikis/DevSite/Projects/PythonMethods - Added the __replaceable__ property support to ObjectManager. This is currently documented only in the Wiki. - Added unit tests for the DateTime module. - Added new BASEPATHn and URLPATHn variables in the REQUEST object, and changed Zope core DTML files to use BASEPATH1 instead of SCRIPT_NAME. - Added new getId() method to SimpleItem.Item. This should now be used instead of referencing 'object.id' directly, as it is guaranteed to always be a method and to always return the right thing regardless of how the id of the object is stored internally. - Improved Ownership controls. Now you simply choose whether or not to take ownership of sub-objects when taking ownership. There is no need to control implicit/explicit ownership. - Changed the Zope installation procedure so it is only necessary to create one user account and that user is stored in the ZODB. The user created at startup now is simply a normal intial "Manager", not the "superuser". It is no longer necessary to login, create an initial manager, logout and log back in! Woohoo! - Implemented the "emergency user" concept, which is the new name for what was called the superuser. The emergency user doesnt even exist now until you explicitly create it. - Added new "WebDAV source view" HTTP handler, enabled by new '-W' (note uppercase) switch to z2.py. This handler is *not* enabled by default. - Implemented "hookable PUT creation" (allows containers to override webdav.NullResource's guess at the type of object to create when PUT is done to an unknown ID). - Added testrunner.py to the utilities directory. The testrunner is a basic utility for running PyUnit based unit tests. It can be used to run all tests found in the Zope tree, all test suites in a given directory or in specific files. The testrunner will be used to ensure that all checked in tests pass before releases are made. For more information, see the docstring of the actual testrunner.py module. - The Interface scarecrow package has been checked in - more work will likely be done on it before it goes into wide use. See Michel's "Zope Interfaces" project on dev.zope.org for details: http://www.zope.org/Wikis/Interfaces/FrontPage - PyUnit has been checked into the core. Along with the testrunner, this provides enough infrastructure for us to incrementally begin accumulating (and running!) test suites for various parts of the Zope core. - The new security assertion support has been checked in. For more information and an updated version of the "Zope security for developers" guide see the project on dev.zope.org: http://dev.zope.org/Wikis/DevSite/Projects/DeclarativeSecurity Bugs Fixed - Removed some cruft in OFS/content_types.py (an old data structure was being constructed but was going unused in favor of a newer structure used in conjunction with the mimetypes module). - (Collector #1650)Where the underlying object does not define its own '__cmp__()', comparisons of acquisition-wrapped objects fall back to comparing the identities *of the wrappers* . Fixed to unwrap the object (both, if needed) before comparing identities. - (Collector #1687 Products which register base classes for ZClasses typically defer creating them until product registration; the derived ZClass needs them to be available immediately after import. Deprecated 'ProductContext.registerZClass' and 'ProductContext.registerBaseClass' in favor of a new function, 'ZClasses.createZClassForBase' (because none of the machinery needed a ProductContext instance anyway). - (Collector #1355) Fixed overlapping HTTP POST requests in ZServer which could have been corrupted. Thanks to Jeff Ragsdale. - Undid a bug fix that caused the DateTime unit tests to fail. - Removed the requirement that an "access" file exist. "access" is now only needed to create an emergency user account. - Disabled the monitor port by default because, initially, there is no emergency user, and thus no password that can be used to protect the port. - Secured the hole that was patched by Hotfix_2000-12-08. - Disallowed object IDs that end with two underscores. - Caused PropertyManager to restrict id's the same way ObjectManager does.