-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGES
1111 lines (1021 loc) · 59.1 KB
/
CHANGES
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
Changelog
=========
Here you can see the full list of changes between each Eve release.
In Development
--------------
Version 0.6.1
~~~~~~~~~~~~~
Not released.
- Fix: dependendencies on sub-document fields always return 422. Closes #706.
- Fix: invoking ``post_internal`` with ``skpi_validation = True``
causes a ``422`` response. Closes #726.
- Fix: explict inclusive datasource projection is ignored. Closes #722.
- Dev: optimize versioning by building specific versions without deepcopying
the root document (Nick Park).
- Dev: ``_client_projection`` method has been moved up from the mongo layer to
the base DataLayer class. It is now available for other data layers
implementations, such as Eve-SQLAlchemy (Gonéri Le Bouder).
- Docs: add Eve-Swagger to Extensions page.
- Docs: fix broken link to Mongo's capped collections (Nathan Reynolds).
Stable
------
Version 0.6
~~~~~~~~~~~
Released on 28 September, 2015
- New: support for embedding simple ObjectId fields: you can now use the
``data_relation`` rule on them (Gonéri Le Bouder).
- New: support for multiple layers of embedding (Gonéri Le Bouder).
- New: ``SCHEMA_ENDPOINT`` allows resource schema to be returned from an API
endpoint (Nick Park).
- New: HATEOAS links can be customized from within callback functions (Magdas
Adrian).
- New: ``_INFO``: string value to include an info section, with the given INFO
name, at the Eve homepage (suggested value ``_info``). The info section will
include Eve server version and API version (API_VERSION, if set). ``None``
otherwise, if you do not want to expose any server info. Defaults to ``None``
(Stratos Gerakakis).
- New: ``id_field`` sets a field used to uniquely identify resource items
within the database. Locally overrides ``ID_FIELD`` (Dominik Kellner).
- New: ``UPSERT_ON_PUT`` allows document creation on PUT if the document does
not exist. Defaults to ``True``. See below for details.
- New: PUT attempts to create a document if it does not exist. The URL endpoint
will be used as ``ID_FIELD`` value (if ``ID_FIELD`` is included with the
payload, it will be ignored). Normal validation rules apply. The response
will be a ``201 Created`` on successful creation. Response payload will be
identical the one you would get by performing a single document POST to the
resource endpoint. Set ``UPSET_ON_PUT`` to ``False`` to disable this
behaviour, and get a ``404`` instead. Closes #634.
- New: POST accepts documents which include ``ID_FIELD`` (``_id``) values. This
is in addition to the old behaviour of auto-generating ``ID_FIELD`` values
when the submitted document does not contain it. Please note that, while you
can add ``ID_FIELD`` to the schema (previously not allowed), you don't really
have to, unless its type is different from the ``ObjectId`` default. This
means that in most cases you can start storing ``ID_FIELD``-included
documents right away, without making any changes.
- New: Log MongoDB and HTTP methods exceptions (Sebastien Estienne).
- New: Enhanced Logging.
- New: ``VALIDATION_ERROR_AS_LIST``. If ``True`` even single field errors will
be returned in a list. By default single field errors are returned as strings
while multiple field errors are bundled in a list. If you want to standardize
the field errors output, set this setting to ``True`` and you will always get
a list of field issues. Defaults to ``False``. Closes #536.
- New: ``STANDARD_ERRORS`` is a list of HTTP codes that will be served with the
canonical API response format, which includes a JSON body providing both
error code and description. Addresses #586.
- New: ``anyof`` validation rule allows you to list multiple sets of rules to
validate against.
- New: ``alloff`` validation rule, same as ``anyof`` except that all rule
collections in the list must validate.
- New: ``noneof`` validation rule. Same as ``anyof`` except that it requires no
rule collections in the list to validate.
- New: ``oneof`` validation rule. Same as ``anyof`` except that only one rule
collections in the list can validate.
- New: ``valueschema`` validation rules replaces the now deprecated
``keyschema`` rule.
- New: ``propertyschema`` is the counterpart to ``valueschema`` that validates
the keys of a dict.
- New: ``coerce`` validation rule. Type coercion allows you to apply a callable
to a value before any other validators run.
- New: ``MONGO_AUTHDBNAME`` allows to specify a MongoDB authorization database.
Defaults to ``None`` (David Wood).
- New: ``remove`` method in Mongo data layer now returns the deletion status or
``None`` if write acknowledgement is disabled (Mayur Dhamanwala).
- New: ``unique_to_user`` validation rule allows to validate that a field value
is unique to the user. Different users can share the same value for the
field. This is useful when User Restricted Resource Access is enabled on an
endpoint. If URRA is not active on the endpoint, this rule behaves like
``unique``. Closes #646.
- New: ``MEDIA_BASE_URL`` allows to set a custom base URL to be used when
``RETURN_MEDIA_AS_URL`` is active (Henrique Barroso).
- New: ``SOFT_DELETE`` enables soft deletes when set to ``True`` (Nick Park.)
- New: ``mongo_indexes`` allows for creation of MongoDB indexes at application
launch (Pau Freixes.)
- New: clients can opt out of default embedded fields:
``?embedded={"author":0}`` would cause the embedded author not to be included
with response payload. (Tobias Betz.)
- New: CORS: Support for ``X-ALLOW-CREDENTIALS`` (Cyprien Pannier.)
- New: Support for dot notation in POST, PATCH and PUT methods. Be aware that,
for PATCH and PUT, if dot notation is used even on just one field, the whole
sub-document will be replaced. So if this document is stored:
``{"name": "john", "location": {"city": "New York", "address": "address"}}``
A PATCH like this:
``{"location.city": "Boston"}``
(which is exactly equivalent to:)
``{"location": {"city": "a nested city"}}``
Will update the document to:
``{"name": "john", "location": {"city": "Boston"}}``
- New: JSONP Support (Tim Jacobi.)
- New: Support for multiple MongoDB databases and/or servers.
- ``mongo_prefix`` resource setting allows overriding of the default
``MONGO`` prefix used when retrieving MongoDB settings from configuration.
For example, set a resource ``mongo_prefix`` to ``MONGO2`` to read/write
from the database configured with that prefix in your settings file
(``MONGO2_HOST``, ``MONGO2_DBNAME``, etc.)
- ``set_mongo_prefix()`` and ``get_mongo_prefix()`` have been added to
``BasicAuth`` class and derivates. These can be used to arbitrarily set
the target database depending on the token/client performing the request.
Database connections are cached in order to not to loose performance. Also,
this change only affects the MongoDB engine, so extensions currently
targetting other databases should not need updates (they will not inherit
this feature however.)
- New: Enable ``on_pre_GET`` hook for HEAD requests (Daniel Lytkin.).
- New: Add ``X-Total-Count`` header for collection GET/HEAD requests (Daniel
Lytkin.).
- New: ``RETURN_MEDIA_AS_URL``, ``MEDIA_ENDPOINT`` and ``MEDIA_URL`` allow for
serving files at a dedicated media endpoint while urls are returned in
document media fields (Daniel Lytkin.)
- New: ``etag_ignore_fields``. Resource setting with a list of fields belonging
to the schema that won't be used to compute the ETag value. Defaults to
``None`` (Olivier Carrère.)
- Change: when HATEOAS is off the home endpoint will respond with ``200 OK``
instead of ``404 Not Found`` (Stratos Gerakakis).
- Change: PUT does not return ``404`` if a document URL does not exist. It will
attempt to create the document instead. Set ``UPSET_ON_PUT`` to ``False`` to
disable this behaviour and get a ``404`` instead.
- Change: A PATCH including an ``ID_FIELD`` field which value is different than
the original will get a ``400 Bad Request``, along with an explanation in the
message body that the field is immutable. Previously, it would get an
``unknown field`` validation error.
- Dev: Improve GET perfomance on large versioned documents (Nick Park.)
- Dev: The ``MediaStorage`` base class now accepts the active resource as an
argument for its methods. This allows data-layers to avoid resorting to the
Flask request object to determine the active resource. To preserve backward
compatibility the new ``resource`` argument defaults to ``None`` (Magdas
Adrian).
- Dev: The Mongo data-layer is not dependant on the Flask request object
anymore. It will still fallback to it if the ``resource`` argument is
``None``. Closes #632. (Magdas Adrian).
- Fix: store versions in the same mongo collection when ``datasource`` is used
(Magdas Adrian).
- Fix: Update ``serialize`` to gracefully handle non-dictionary values in dict
type fields (Nick Park).
- Fix: changes to the ``updates`` argument, applied by callbacks hooked to the
``on_updated`` event, were not persisted to the database (Magdas Adrian).
Closes #682.
- Fix: Changes applied to the ``updates`` argument``on_updated`` returns the
whole updated document. Previously, it was only returning the updates sent
with the request. Closes #682.
- Fix: Replace the Cerberus rule ``keyschema``, now deprecated, with the new
``propertyschema`` (Julian Hille).
- Fix: some error message are not filtered out of debug mode anymore, as they
are useful for users and do not leak informations. Closes #671 (Sebastien
Estienne).
- Fix: reinforce Content-Type Header handling to avoid possible crash when it
is missing (Sebastien Estienne).
- Fix: some schema errors were not being reported as SchemaError exceptions.
A more generic 'DOMAIN missing or wrong' message was returned instead.
- Fix: When versioning is enabled on a resource with a custom ID_FIELD,
versioning documents will inherit their ID from the versioned document,
making any update of the document result in a DuplicateKeyError (Matthieu
Prat).
- Fix: Filter validation fails to validate query selectors that contain a value
of the list data-type, which is not a list of sub-queries. See #674 (Matthieu
Prat).
- Fix: ``_validate_dependencies`` always returns ``None``.
- Fix: ``412 Precondition Failed`` does not return a JSON body. Closes #661.
- Fix: ``embedded_fields`` may point on a field that come from another embedded
document. For example, ``['a.b.c', 'a.b', 'a']`` (Gonéri Le Bouder).
- Fix: add handling of sub-resource resolving for PUT method (Olivier Poitrey).
- Fix: ``dependencies`` rule would mistakenly validate documents when target
fields happened to also have a ``default`` value.
- Fix: According to RFC2617 the separator should be (=) instead of (:). This
caused at least Chrome not to prompt user for the credentials, and not to
send the Authorization header even when credentials were in the url (Samuli
Tuomola).
- Fix: make sure ``unique`` validation rule is consistent between HTTP methods.
A field value must be unique within the datasource, regardless of the user
who created it. Closes #646.
- Fix: OpLog domain entry is not created if ``OPLOG_ENDPOINT`` is ``None``.
Closes #628.
- Fix: Do not overwrite ``ID_FIELD`` as it is not a sub resource. See #641 for
details (Olivier Poitrey).
- Fix: ETag computation crash when non-standard json serializers are used
(Kevin Roy.)
- Fix: Remove duplicate item in Mongo operators list. Closes #619.
- Fix: Versioning: invalidate cache when ``_latest_version`` changes in
versioned doc (Nick Park.)
- Fix: snippet in account management tutorial (xgddsg.)
- Fix: ``MONGO_REPLICA_SET`` and other significant Flask-PyMongo settings have
been added to the documentation. Closes #615.
- Fix: Serialization of lists of lists (Nick Park.)
- Fix: Make sure ``original`` is not modified during ``PATCH``. Closes #611
(Petr Jašek.)
- Fix: Route parameters are applied to new documents before they are validated.
This ensures that documents with required fields will be populated before
they are validated. Addresses #354. (Matthew Ellison.)
- Fix: ``GridFSMediaStorage`` does not save filename. Closes #605 (Sam Luu).
- Fix: Reinforce GeoJSON validation (Joakim Uddholm.)
- Fix: Geopoint coordinates do not accept integers. Closes #591 (Joakim
Uddholm.)
- Fix: OpLog enabled makes PUT return wrong Etag. Closes #590.
- Update: Cerberus 0.9.2 is now required.
- Update: PyMongo 2.8 is now required (which in turn supports MongoDB 3.0)
Version 0.5.3
~~~~~~~~~~~~~
Released on 17 March, 2015.
- Fix: Support for Cerberus 0.8.1.
- Fix: Don't block on first field serialization exception. Closes #568.
- Fix: Ignore read-only fields in ``PUT`` requests when their values aren't
changed compared to the stored document (Bjorn Andersson.)
- Docs: replace ``file`` with ``media`` type. Closes #566.
Version 0.5.2
~~~~~~~~~~~~~
Released on 23 Feb, 2015.
Codename: 'Giulia'.
- Fix: hardening of database concurrency checks. See #561 (Olivier Carrère.)
- Fix: ``PATCH`` and ``PUT`` do not include Etag header (Marcus Cobden.)
- Fix: endpoint-level authentication crash when a callable is passed. Closes
#558.
- Fix: serialization of ``keyschema`` fields with ``objetid`` values. Closes
#525.
- Fix: typos in schema rules might lead to arbitrary payloads being validated
(Emmanuel Leblond.)
- Fix: ObjectId value in ID field of type string (Jaroslav Semančík.)
- Fix: User Restricted Resource Access does not work with HMAC Auth classes.
- Fix: Crash when ``embedded`` is used on subdocument with a missing field
(Emmanuel Leblond.)
- Docs: add ``MONGO_URI`` as an alternative to other MongoDB connection
options. Closes #551.
- Change: Werkzeug 0.10.1 is now required.
- Change: ``DataLayer`` API methods ``update()`` and ``replace()`` have a new
``original`` argument.
Version 0.5.1
~~~~~~~~~~~~~
Released on 16 Jan, 2015.
- Fix: dependencies with value checking seem broken (#547.)
- Fix: documentation typo (Marc Abramowitz.)
- Fix: pretty url for regex with a colon in the expression (Magdas Adrian.)
Version 0.5
~~~~~~~~~~~
Released on 12 Jan, 2015.
- New: Operations Log (http://python-eve.org/features#operations-log.)
- New: GeoJSON (http://python-eve.org/features.html#geojson) (Juan Madurga.)
- New: Internal Resources (http://python-eve.org/features#internal-resources) (Magdas Adrian.)
- New: Support for multiple origins when using CORS (Josh Villbrandt, #532.)
- New: Regexes are stripped out of HATEOAS urls when present. You now get
``games/<game_id>/images`` where previously you would get
``games/<regex('[a-f0-9]{24}'):game_id>/images``). Closes #466.
- New: ``JSON_SORT_KEYS`` enables JSON key sorting (Matt Creenan).
- New: Add the current query string to the self link for responses with
multiple documents. Closes #464 (Jen Montes).
- New: When document versioning is on, add ``?version=<version_num>`` to
HATEOAS self links. Also adds pagination links for ``?version=all`` and
``?version=diffs`` requests when the number exceeds the max results.
Partially addresses #475 (Jen Montes).
- New: ``QUERY_WHERE`` allows to set the query parameter key for filters.
Defaults to ``where``.
- New: ``QUERY_SORT`` allows to set the query parameter key for sorting.
Defaults to ``sort``.
- New: ``QUERY_PAGE`` allows to set the query parameter key for pagination.
Defaults to ``page``.
- New: ``QUERY_PROJECTION`` allows to set the query parameter key for
projections. Defaults to ``projection``.
- New: ``QUERY_MAX_RESULTS`` allows to set the query parameter key for max
results. Defaults to ``max_results``.
- New: ``QUERY_EMBEDDED`` allows to set the query parameter key embedded
documents. Defaults to ``embedded``.
- New: Fire ``on_fetched`` events for ``version=all`` requests (Jen Montes).
- New: Support for CORS ``Access-Control-Expose-Headers`` (Christian Henke).
- New: ``post_internal()`` can be used for intenral post calls. This method is
not rate limited, authentication is not checked and pre-request events are
not raised (Magdas Adrian).
- New: ``put_internal()`` can be used for intenral PUT calls. This method is
not rate limited, authentication is not checked and pre-request events are
not raised (Kevin Funk).
- New: ``patch_internal()`` can be used for intenral PATCH calls. This method
is not rate limited, authentication is not checked and pre-request events are
not raised (Kevin Funk).
- New: ``delete_internal()`` can be used for intenral DELETE calls. This method
is not rate limited, authentication is not checked and pre-request events are
not raised (Kevin Funk).
- New: Add an option to ``_internal`` methods to skip payload validation
(Olivier Poitrey).
- New: Comma delimited sort syntax in queries. The MongoDB data layer now also
supports queries like ``?sort=lastname,-age``. Addresses #443.
- New: Add extra 4xx response codes for proper handling. Only ``405`` Method
not allowed, ``406`` Not acceptable, ``409`` Conflict, and ``410`` Gone have
been added to the list (Kurt Doherty).
- New: Add serializers for integer and float types (Grisha K.)
- New: dev-requirements.txt added to the repo.
- New: Embedding of documents by references located in any subdocuments. For
example, query ``embedded={"user.friends":1}`` will return a document with
"user" and all his "friends" embedded, but only if ``user`` is a subdocument
and ``friends`` is a list of references (Dmitry Anoshin).
- New: Allow mongoengine to work properly with cursor counts (Johan Bloemberg)
- New: ``ALLOW_UNKNOWN`` allows unknown fields to be read, not only written as
before. Closes #397 and #250.
- New: ``VALIDATION_ERROR_STATUS`` allows setting of the HTTP status code to
use for validation errors. Defaults to ``422`` (Olivier Poitrey).
- New: Support for sub-document projections. Fixes #182 (Olivier Poitrey).
- New: Return ``409 Conflict`` on pymongo ``DuplicateKeyError`` for ``POST``
requests, as already happens with ``PUT`` requests (Matt Creenan, #537.)
- Change: ``DELETE`` returns ``204 NoContent`` on a successful delete.
- Change: SERVER_NAME removed as it is not needed anymore.
- Change: URL_PROTOCOL removed as it is not needed anymore.
- Change: HATEOAS links are now relative to the API root. Closes #398 #401.
- Change: If-Modified-Since has been disabled on resource (collections)
endpoints. Same functionality is available with a ``?where={"_udpated":
{"$gt": "<RFC1123 date>"}}`` request. The OpLog also allows retrieving detailed
changes happened at any endpoint, deleted documents included. Closes #334.
- Change: etags are now persisted with the documents. This ensures that etags
are consistent across queries, even when projection queries are issued.
Please note that etags will only be stored along with new documents created
and/or edited via API methods (POST/PUT/PATCH). Documents inserted by other
means and those stored with v0.4 and below will keep working as previously:
their etags will be computed on-the-fly and you will get still be getting
inconsistent etags when projection queries are issued. Closes #369.
- Change: XML item, meta and link nodes are now ordered. Closes #441.
- Change: ``put`` method signature for ``MediaStorage`` base class has been
updated. ``filemame`` is now optional. Closes #414.
- Change: CORS behavior to be compatible with browsers (Chrome). Eve is now
echoing back the contents of the Origin header if said content is whitelisted
in X_DOMAINS. This also safer as it avoids exposing internal server
configuration. Closes #408. This commit was carefully handcrafed on a flight
to EuroPython 2014.
- Change: Specify a range of dependant package versions. #379 (James Stewart).
- Change: Cerberus 0.8 is now required.
- Change: pymongo v2.7.2 is now required.
- Change: simplejson v3.6.5 is now required.
- Change: update ``dev-requirements.txt`` to most recent tools available.
- Fix: add ``README.rst`` to ``MANIFEST.in`` (Niall Donegan.)
- Fix: ``LICENSE`` variable in ``setup.py`` should be "shortstring". Closes
#540 (Niall Donegan.)
- Fix: ``PATCH`` on fields with original value of ``None`` (Marcus Cobden,
#534).
- Fix: Fix impossible version ranges in setup.py (Marcus Cobden, #531.)
- Fix: Bug with expanding lists of roles, compromising authorization (Mikael
Berg, #527)
- Fix: ``PATCH`` on subdocument fields does not overwrite the whole
subdocument anymore. Closes #519.
- Fix: Added support for validation on field attribute with type list (Jorge
Morales).
- Fix: Fix a serialization bug with integer and float when value is
0 (Olivier Poitrey).
- Fix: Custom ID fields tutorial: if custom ID fields are being used, then
MongoDB/Eve won't be able to create them automatically as it does with the
`ObjectId` default type. Closes #511.
- Fix: Dependencies with default values were reported as missing if omitted.
Closes #353.
- Fix: Dependencies always fails on PATCH if dependent field isn't part of
the update. #363.
- Fix: client projections work when ``allow_unknown`` is active. Closes #497.
- Fix: datasource projections are active when ``allow_unknown`` is active.
closes #497.
- Fix: Properly serialize nullable floats and integers. Closes #469.
- Fix: ``_mongotize()`` turns non-ObjectId strings (but not unicode) into
ObjectIds. Closes #508 (Or Neeman).
- Fix: Fix validation of read-only fields inside dicts. Closes #474 (Arnau
Orriols).
- Fix: Parent and collection links follow the scheme described in #475 (Jen
Montes).
- Fix: Ignore read-only fields in ``PATCH`` requests when their values aren't
changed compared to the stored document. Closes #479.
- Fix: Allow ``EVE_SETTINGS`` envvar to be used exclusively. Previously,
a settings file in the working directory was always required. Closes #461.
- Fix: exception when trying to set nullable media field to null (Daniel
Lytkin)
- Fix: Add missing ``$options`` and ``$list`` MongoDB operators to the
allowed list (Jaroslav Semančík).
- Fix: Get document when it is missing embedded media. In case you try to
embedd a document which has media fields and that document has been deleted,
you would get an error (Petr Jašek).
- Fix: fix additional lookup regex in RESTful Account Management tutorial
(Ashley Roach).
- Fix: ``utils.weak_date`` always returns a RFC-1123 date (Petr Jašek).
- Fix: Can't embed a ressource with a custom _id (non ObjectId). Closes #427.
- Fix: Do not follow DATE_FORMAT for HTTP headers. Closes #429 (Olivier
Poitrey).
- Fix: Fix app initialization with resource level versioning #409 (Sebastián
Magrí).
- Fix: KeyError when trying to use embedding on a field that is missing from
document. It was fixed earlier in #319, but came back again after new
embedding mechanism (Daniel Lytkin).
- Fix: Support for list of strings as default value for fields (hansotronic).
- Fix: Media fields are now properly returned even in embedded documents.
Closes #305.
- Fix: auth in domain configuration can be either a callable or a class
instance (Gino Zhang).
- Fix: Schema definition: a default value of [] for a list causes IndexError.
Closes #417.
- Fix: Close file handles in setup.py (Harro van der Klauw)
- Fix: Querying a collection should always return pagination information (even
when no data is being returned). Closes #415.
- Fix: Recursively validate the whole query string.
- Fix: If the data layer supports a list of allowed query operators, take
them into consideration when validating a query string. Closes #388.
- Fix: Abort with 400 if unsupported query operators are used. Closes #387.
- Fix: Return the error if a blacklisted MongoDB operator is used in a query
(debug mode).
- Fix: Invalid sort syntax raises 500 instead of 400. Addresses #378.
- Fix: Fix serialization when `type` is missing in schema. #404 (Jaroslav
Semančík).
- Fix: When PUTting or PATCHing media fields, they would not be properly
replaced as needed (Stanislav Heller).
- Fix: ``test_get_sort_disabled`` occasional failure.
- Fix: A POST with an empty array leads to a server crash. Now returns a 400
error isntead and ensure the server won't crash in case of mongo invalid
operations (Olivier Poitrey).
- Fix: PATCH and PUT don't respect flask.abort() in a pre-update event. Closes
#395 (Christopher Larsen).
- Fix: Validating keyschema rules would cause a TypeError since 0.4. Closes
nicolaiarocci/cerberus#48.
- Fix: Crash if client projection is not a dict #390 (Olivier Poitrey).
- Fix: Server crash in case of invalid "where" syntax #386 (Olivier Poitrey).
Version 0.4
~~~~~~~~~~~
Released on 20 June, 2014.
- [new] You can now start the app without any resource defined and use
``app.register_resource`` later as needed (Petr Jašek).
- [new] Data layer is now usable outside request context, for example within
a Celery task where there's no request context (Petr Jašek).
- [new][change] Add pagination info to get results whatever the HATEOAS status.
Closes #355 (Olivier Poitrey).
- [new] Ensure all errors return a parseable body (JSON or XML). Closes #365
(Olivier Poitrey).
- [new] Apply sub-request route's params to the created document if matching
the schema, e.g. a POST on ``/people/1234…/invoices`` will set the
``contact_id`` field to 1234… so created invoice is automatically associated
with the parent resource (Olivier Poitrey).
- [new] Allow some more HTTP errors (403 and 404) to be thrown from db hooks
(Olivier Poitrey).
- [new] ``ALLOWED_READ_ROLES``. A list of allowed `roles` for resource
endpoints with GET and OPTIONS methods (Olivier Poitrey).
- [new] ``ALLOWED_WRITE_ROLES``. A list of allowed `roles` for resource
endpoints with POST, PUT and DELETE methods (Olivier Poitrey).
- [new] ``ALLOWED_ITEM_READ_ROLES``. A list of allowed `roles` for item
endpoints with GET and OPTIONS methods (Olivier Poitrey).
- [new] ``ALLOWED_ITEM_WRITE_ROLES``. A list of allowed `roles` for item
endpoints with PUT, PATCH and DELETE methods (Olivier Poitrey).
- [new] 'dependencies' validation rule.
- [new] 'keyschema' validation rule.
- [new] 'regex' validation rule.
- [new] 'set' as a core data type.
- [new] 'min' and 'max' now apply to floats and numbers too.
- [new] File Storage. ``EXTENDED_MEDIA_INFO`` allows a list of meta fields
(file properties) to forward from the file upload driver (Ben Demaree).
- [new] Python 3.4 is now supported.
- [new] Support for default values in documents with more than one level of
data (Javier Gonel).
- [new] Ability to send entire document in write responses. ``BANDWITH_SAVER``
aka Coherence Mode (Josh Villbrandt).
- [new] ``on_pre_<METHOD>`` events expose the `lookup` dictionary which allows
for setting up dynamic database lookups on both resource and item endpoints.
- [new] Return a 400 response on pymongo DuplicateKeyError, with exception
message if debug mode is on (boosh).
- [new] PyPy officially supported and tested (Javier Gonel).
- [new] tox support (Javier Gonel).
- [new] Post database events (Javier Gonel). Addresses #272.
- [new] Versioned Documents (Josh Villbrandt). Closes #224.
- [new] Python trove classifiers added to setup.py.
- [new] Client projections are also honored at item endpoints.
- [new] validate that ID_FIELD is not set as a resource ``auth_field``.
Addresses #266.
- [new] ``URL_PROTOCOL`` defines the HTTP protocol used when building HATEOAS
links. Defaults to ``''`` for relative paths (Junior Vidotti).
- [new] ``on_delete_item`` and ``on_deleted_item`` is raised on DELETE requests
sent to document endpoints. Addresses #232.
- [new] ``on_delete_resource`` and ``on_deleted_resource`` is raised on DELETE
requests sent to resource endpoints. Addresses #232.
- [new] ``on_update`` is raised on PATCH requests, when a document is about to
be updated on the database. Addresses #232.
- [new] ``on_replace`` is raised on PUT requests, when a document is about to
be replaced on the database. Addresses #232.
- [new] ``auth`` constructor argument accepts either a class instance or
a callable. Closes #248.
- [change] Cerberus 0.7.2 is now required.
- [change] Jinja2 2.7.3 is now required.
- [change] Werkzeug 0.9.6 is now required.
- [change] simplejson 3.5.2 is now required.
- [change] itsdangerous 0.24 is now required. Addresses #378.
- [change] Events 0.2.1 is now required.
- [change] MarkupSafe 0.23 is now required.
- [change] For bulk and non-bulk inserts, response status now always either 201
when everything was ok or 400 when something went wrong. For bulk inserts, if
at least one document doesn't validate, the whole request is rejected, and
none of the documents are inserted into the database. Additionnaly, this
commit adopts the same response format as collections: responses are always
a dict with a ``_status`` field at its root and an eventual ``_error`` object
if ``_status`` is ``ERR`` to comply with #366. Documents status are stored in
the ``_items`` field (Olivier Poitrey).
- [change] Callbacks get whole json response on ``on_fetched``. This allows for
callbacks functions to alter the whole payload, even when HATEOAS is enabled
and ``_items`` and ``_links`` metafields are present.
- [change] ``on_insert`` is not raised anymore on PUT requests (replaced by
above mentioned ``on_replace``).
- [change] ``auth.request_auth_value`` is no more. Yay. See below.
- [change] ``auth.set_request_auth_value()`` allows to set the ``auth_field``
value for the current request.
- [change] ``auth.get_request_auth_value()`` allows to retrieve the
``auth_field`` value for the current request.
- [change] ``on_update(ed)`` and ``on_replace(ed)`` callbacks now receive both
the original document and the updates (Jaroslav Semančík).
- [change] Review event names (Javier Gonel).
- [fix] return 500 instead of 404 if CORS is enabled. Closes #381.
- [fix] Crash on GET requests on resource endpoints when ID_FIELD is missing on
one or more documents. Closes #351.
- [fix] Cannot change a nullable objectid type field to contain null. Closes
#341.
- [fix] HATEOAS links as business unit values even when regexes are configured
for the endpoint.
- [fix] Documentation improvements (Jen Montes).
- [fix] KeyError exception was raised when field specified in schema as
embeddable was missing in a particular document (Jaroslav Semančík).
- [fix] Tests on HEAD requests would very occasionally fail. See #316.
- [change] PyMongo 2.7.1 is now required.
- [fix] Automatic fields such as ``DATE_CREATD`` and ``DATE_CREATED`` are
correctly handled in client projections (Josh Villbrandt). Closes #282.
- [fix] Make codebase compliant with latest PEP8/flake8 release (Javier Gonel).
- [fix] If you had a media field, and set datasource projection to 0 for that
field, the media would not be deleted. Closes #284.
- [fix] tests cleanup (Javier Gonel).
- [fix] tests now run on any system without needing to set ``ulimit`` to
a higher value (Javier Gonel).
- [fix] media files: don't try to delete a field that does not exist (Taylor
Brown).
- [fix] Occasional KeyError while building ``_media`` helper dict. See #271
(Alexander Hendorf).
- [fix] ``If-Modified-Since`` misbehaviour when a datasource filter is set.
Closes #258.
- [fix] Trouble serializing list of dicts. Closes #265 and #244.
- [fix] ``HATEOAS`` item links are now coherent actual endpoint URL even when
natural immutable keys are used in URLs (Junior Vidotti). Closes #256.
- [fix] Replaced ``ID_FIELD`` by ``item_lookup_field`` on self link.
item_lookup_field will default to ``ID_FIELD`` if blank.
Version 0.3
~~~~~~~~~~~
Released on 14 February, 2014.
- [fix] Serialization of sub-documents (Hannes Tiede). Closes #244.
- [new] ``X_MAX_AGE`` allows to configure CORS Access-Control-Max-Age (David
Buchmann).
- [fix] ``GET`` with ``If-Modified-Since`` on list endpoint returns incorrect
304 if resource is empty. Closes #243.
- [change] ``POST`` will return ``201 Created`` if at least one document was
accepted for insertion; ``200 OK`` otherwise (meaning the request was
accepted and processed). It is still client's responsability to parse the
response payload to check if any document did not pass validation. Addresses
#201 #202 #215.
- [new] ``number`` data type. Allows both integers and floats as field values.
- [fix] Using primary keys other than _id. Closes #237.
- [fix] Add tests for ``PUT`` when User Restricted Resource Access is active.
- [fix] Auth field not set if resource level authentication is set. Fixes #231.
- [fix] RateLimit check was occasionally failing and returning a 429 (John
Deng).
- [change] Jinja2 2.7.2 is now required.
- [new] media files (images, pdf, etc.) can be uploaded as ``media`` document
fields. When a document is requested, eventual media files will be returned
as Base64 strings. Upload is done via ``POST``, ``PUT`` and ``PATCH`` using
the ``multipart/data-form`` content-type. For optmized performance, by
default files are stored in GridFS, however custom ``MediaStorage`` classes
can be provided to support alternative storage systems. Clients and API
maintainers can exploit the projections feature to include/exclude media
fields from requests. For example, a request like
``/url/<id>?projection={"image": 0}`` will return the document without the
image field. Also, while setting a resource ``datasource`` it is possible to
explicitly exclude media fields from standard responses (clients will need to
explicitly add them to the payload with ``?projection={"image": 1}``).
- [new] ``media`` type for schema fields.
- [new] ``media`` application argument. Allows to specify a media storage class
to be used to store media files. Defaults to ``GridFSMediaStorage``.
- [new] ``GridFSMediaStorage`` class. Stores files into GridFS.
- [new] ``MediaStorage`` class provides a standardized API for storing files,
along with a set of default behaviors that all other storage systems can
inherit or override as necessary.
- [new] ``file`` data type support and validation for resource schema.
- [new] ``multipart/form-data`` content-type is now supported for requests.
- [fix] Field exclusion (``?projection={"fieldname": 0}``) now supported in
client projections. Remember, mixing field inclusion and exclusion is still
not supported by MongoDB.
- [fix] ``URL_PREFIX`` and ``API_VERSION`` are correctly reported in HATOEAS
links.
- [fix] ``DELETE`` on sub-resources should only delete documents referenced by
the parent. Closes #212.
- [fix] ``DELETE`` on a resource endpoint honors User-Restricted Resource
Access. Closes #213.
- [new] ``JSON`` allows to enable/disable JSON responses. Defaults to ``True``
(JSON enabled).
- [new] ``XML`` allows to enable/disable XML responses. Defaults to ``True``
(XML enabled).
- [fix] XML properly honors ``_LINKS`` and ``_ITEMS`` settings.
- [fix] return all document fields when resource schema is empty.
- [new] pytest.ini for pytest support.
- [fix] All tests should now run with nose and pytest. Closes #209.
- [new] ``query_objectid_as_string`` resource setting. Defaults to ``False``.
Addresses #207.
- [new] ``ETAG`` allows to customize the etag field. Defaults to ``_etag``.
- [change] ``etag`` is now ``_etag`` in all default response payloads (see
above).
- [change] ``STATUS`` defaults to '_status'.
- [change] ``ISSUES`` defaults to '_issues'.
- [change] ``DATE_CREATED`` defaults to '_created'. Upgrade existing
collections by running ``db.<collection>.update({}, { $rename: { "created":
"_created" } }, { multi: true })`` in the mongo shell. If an index exists on
the field, drop it and create a new one using the new field name.
- [change] ``LAST_UPDATED`` defaults to '_updated'. Upgrade existing
collections by running ``db.<collection>.update({}, { $rename: { "updated":
"_updated" } }, { multi: true })`` in the mongo shell. If an index exists on
the field, drop it and create a new one usung the new field name.
- [change] Exclude ``etag`` from both response payload and headers if
concurrency control is disabled (``IF_MATCH`` = ``False``). Closes #205.
- [fix] Custom ``ID_FIELD`` would fail on update/insert methods. Fixes #203
(Jaroslav Semančík).
- [change] GET: when If-Modified-Since header is present, either no documents
(304) or all documents (200) are sent per the HTTP spec. Original behavior
can be achieved with:
``/resource?where={"updated":{"$gt":"if-modified-since-date"}}`` (Josh
Villbrandt).
- [change] Validation errors are now reported as a dictionary with offending
fields as keys and issues descriptions as values.
- [change] Cerberus v0.6 is now required.
Version 0.2
~~~~~~~~~~~
Released on 30 November, 2013.
- [new] Sub-Resources. It is now possible to configure endpoints such as:
``/companies/<company_id>/invoices``. Also, the corresponding item endpoints,
such as ``/companies/<company_id>/invoices/<invoice_id>``, are available. All
CRUD operations on these endpoints are allowed. Closes 156.
- [new] ``resource_title`` allows to customize the endpoint title (HATEOAS).
- [new][dev] ``extra`` cursor property, when present, will be added to ``GET``
responses (with same key). This feature can be used by Eve extensions to
inject proprietary data into the response stream (Petr Jašek).
- [new] ``IF_MATCH`` allows to disable checks for ETag matches on edit, replace
and delete requests. If disabled, requests without an If-Match header will be
honored without returning a 403 error. Defaults to True (enabled by default).
- [new] ``LINKS`` allows to customize the links field. Default to '_links'.
- [new] ``ITEMS`` allows to customize the items field. Default to '_items'.
- [new] ``STATUS`` allows to customize the status field. Default to 'status'.
- [new] ``ISSUES`` allows to customize the issues field. Default to 'issues'.
- [new] Handling custom ID fields tutorial.
- [new] A new ``json_encoder`` initialization argument is available. It allows
to pass custom JSONEncoder or eve.io.BaseJSONEncoder to the Eve instance.
- [new] A new ``url_converters`` initialization argument is available. It
allows to pass custom Flask url converters to the Eve constructor.
- [new] ID_FIELD fields can now be of arbitrary types, not only ObjectIds.
Thanks to Kelvin Hammond for contributing to this one. Closes #136.
- [new] ``pre_<method>`` and ``pre_<method>_<resource>`` event hooks are now
available. They are raised when a request is received and before processing
it. The resource involved and the Flask request object are returned to the
callback function (dccrazyboy).
- [new] ``embedded_fields`` activates default Embedded Resource Serialization
on a list of selected document fields. Eventual embedding requests by clients
will be processed along with default embedding. In order for default
embedding to work, the field must be defined as embeddable, and embedding
must be active for the resource (with help from Christoph Witzany).
- [new] ``default_sort`` option added to the ``datasource`` resource setting.
It allows to set default sorting for the endpoint. Default sorting will be
overriden by a client request that happens to include a ``?sort`` argument
within the query string (with help from Christoph Witzany).
- [new] You can now choose to provide custom settings as a Python dictionary.
- [new] New method ``Eve.register_resource()`` for registering new resource
after initialization of Eve object. This is needed for simpler initialization
API of all ORM/ODM extensions (Stanislav Heller).
- [change] Rely on Flask endpoints to map urls to resources.
- [change] For better consistency with new ``pre_<method>`` hooks,
``on_<method>`` event hooks have been renamed to ``on_post_<method>``.
- [change] Custom authentication classes can now be set at endpoint level. When
set, an endpoint-level auth class will override the eventual global level
auth class. Authentication docs have been updated (and greatly revised)
accordingly. Closes #89.
- [change] JSON encoding is now handled at the DataLayer level allowing for
specialized, granular, data-aware encoding. Also, since the JSON encoder is
now a class attribute, extensions can replace the pre-defined data layer
encoder with their own implementation. Closes #102.
- [fix] HMAC example and docs updated to align with new hmac in Python 2.7.3,
which is only accepting bytes string. Closes #199.
- [fix] Properly escape leaf values in XML responses (Florian Rathgeber).
- [fix] A read-only field with a default value would trigger a validation error
on POST and PUT methods.
Version 0.1.1
~~~~~~~~~~~~~
Released on October 31th, 2013.
- DELETE now uses the original document ID_FIELD when issuing the delete
command to the underlying data layer (Xavi Cubillas).
- Embedded Resource Serialization also available at item endpoints
(``/invoices/<id>/?embedded={'person':1}``),
- ``collection`` (used when setting up a data relation, see Embedded Resource
Serialization) has been renamed to ``resource`` in order to avoid confusion
between the Eve schema and underlying MongoDB collections.
- Nested endpoints. Endpoints with deep paths like ``/contacts/overseas`` can
now function in conjuction with top-level endpoints (``/contacts``).
Endpoints are completely independent: each can allow item lookups
(``/contacts/<id>`` and ``contacts/overseas/<id>``) and different access
methods. Previously, while you could have complex urls, you could not get
nested endpoints to work properly.
- PyMongo 2.6.3 is now supported.
- item-id wrappers have been removed from POST/PATCH/PUT requests and
responses. Requests for single document insertion/edition are now performed
by just submitting the relevant document. Bulk insert requests are performed
by submitting a list of documents. The response to bulk requests is a list
itself in which every list item contains the state of the corresponding
request document. Please note that this is a breaking change. Also be aware
that when the request content-type is ``x-www-form-urlencoded``, single
document insert is performed. Closes #139.
- ObjectId are properly serialized on POST/PATCH/PUT methods.
- Queries on ObjectId and datetime values in nested documents.
- ``auth.user_id`` renamed to ``auth.request_auth_value`` for better
consistency with the ``auth_field`` setting. Closes #132 (Ryan Shea).
- Same behavior as Flask, SERVER_NAME now defaults to None. It allows much
easier development on distant machine that may changes IP (Ronan Delacroix).
- CORS support was not available for ``additional_lookup`` urls (Petr Jašek.)
- 'default' field values that could be assimilated to ``None`` (0, None, "")
would be ignored.
- POST and PUT would fail with 400 if there was no auth class while
``auth_field`` was set for a resource.
- Fix order of string arguments in exception message in
flaskapp.validate_schema() (Roy Smith).
Version 0.1
~~~~~~~~~~~
Released on September 30th, 2013.
- ``PUT`` method for completely replace a document while keeping the same
unique identifier. Closes #96.
- Embedded Resource Serialization. If a document field is referencing
a document in another resource, clients can request the referenced document
to be embedded within the requested document (Bryan Cattle). Closes #68.
- "No trailing slash" URLs are now supported. Closes #118.
- HATEOAS is now optional and can be disabled both at global and resource
level.
- ``X-HTTP-Method-Override`` supported for all HTTP Methods. Closes #95.
- HTTP method is now passed into ``authenticate()`` and ``check_auth()`` (Ken
Carpenter). Closes #90 .
- Cleanup and hardening of User-Restricted Resource Access Edit (Bryan Cattle).
- Account Management tutorial updated to reflect the event hooks naming update
introduced in v0.0.9.
- Some more Python 3 refactoring (Dong Wei Ming).
- Events 0.2.0 is now supported.
- PyMongo 2.6.2 is now supported.
- Cerberus 0.4.0 is now supported.
- Item ``GET`` on documents with non-existent 'created' field (because
stored outside of API context) were not returning a default value for the
field.
- Edits on documents with non-existent 'created' or 'updated' fields
(because stored outside of the API context) were returning ``412 Precondition
Failed``. Closes #123.
- ``on_insert`` is raised when a ``PUT`` (replace action) is about to be
performed. Closes #120.
- Installation on Windows with Python 3 was returning encoding errors.
- Fixed #99: malformed XML render when href includes forbidden URI/URL chars.
- Fixed a bug introduced with 0.0.9 and Python 3 support. Filters (``?where``)
on datetime values were not working when running on Python 2.x.
- Fixed some typos and minor grammatical errors all across the documentation
(Ken Carpenter, Jean Boussier, Kracekumar, Francisco Corrales Morales).
Version 0.0.9
~~~~~~~~~~~~~
Released on August 29, 2013
- PyMongo 2.6 is now supported.
- ``FILTERS`` boolean replaced by ``ALLOWED_FILTERS`` list which allows for
explicit whitelisting of filter-enabled fields (Bryan Cattle). Closes #78.
- Custom user ids for User-Restricted Resource Access, allowing for more
flexibility and token revocation with token-based authentication. Closes #73.
- ``AUTH_USERNAME_FIELD`` renamed to ``AUTH_FIELD``.
- ``auth_username_field`` renamed to ``auth_field``.
- BasicAuth and subclasses now support ``user_id`` property.
- Updated the event hooks naming system to be more robuts and consistent.
Closes #80.
- To emphasize the fact that they are tied to a method, all ``on_<method>``
hooks now have ``<method>`` in uppercase.
- ``on_getting`` hook renamed to ``on_fetch_resource``.
- ``on_getting_<resource>`` hook renamed to ``on_fetch_resource_<resource>``
- ``on_getting_item`` hook renamed to ``on_fetch_item``.
- ``on_getting_item_<item_title>`` hook renamed to
``on_fetch_item_<item_title>``.
- ``on_posting`` hook renamed to ``on_insert``.
- Datasource projections always include automatic fields (``ID_FIELD``,
``LAST_UPDATED``, ``DATE_CREATED``). Closes #85.
- Public HTTP methods now override `auth_username_field` Edit. Closes #70
(Bryan Cattle).
- Response date fields are now using GMT instead of UTC. Closes #83.
- Handle the case of 'additional_lookup' field being an integer. If this is the
case you can omit the 'url' key, as it will be ignored, and the integer value
correctly parsed.
- More informative HTTP error messages. Some more informative error messages
have been added for HTTP 400/3/12 and 500 errors. The error messages only
show if DEBUG==True (Bryan Cattle).
- ``on_getting(resource, documents)`` is now ``on_getting_resource(resource,
documents)``; ``on_getting_<resource>(documents) is now known as
``on_getting_resource_<resource>(documents)`` (Ryan Shea).
- Added a new event hook: ``on_getting_item_<title>(_id, document)`` (Ryan
Shea).
- Allow ``auth_username_field`` to be set to ``ID_FIELD`` (Bryan Cattle).
- Python 3.3 is now supported.
- Flask 0.10.1 is now supported.
- Werkzeug 0.9.4 is now supported.
- Copyright finally updated to 2013.
Version 0.0.8
~~~~~~~~~~~~~
Released on July 25th 2013.
- Only run RateLimiting tests if redis-py is installed and redis-server is
running.
- CORS ``Access-Control-Allow-Headers`` header support (Garrin Kimmell).
- CORS ``OPTIONS`` support for resource and items endpoints (Garrin Kimmell).
- ``float`` is now available as a data-type in the schema definition ruleset.
- ``nullable`` field schema rule is now available. If ``True`` the field value
can be set to null. Defaults to ``False``.
- v0.3.0 of Cerberus is now a requirement.
- ``on_getting``, ``on_getting_<resource>`` and ``on_getting_item`` event
hooks. These events are raised when documents have just been read from the
database and are about to be sent to the client. Registered callback
functions can eventually manipulate the documents as needed. Please be aware
that ``last_modified`` and ``etag`` headers will always be consistent with
the state of the documents on the database (they won't be updated to reflect
changes eventually applied by the callback functions). Closes #65.
- Documentation fix: ``AUTH_USERFIELD_NAME`` renamed to ``AUTH_USERNAME_FIELD``
(Julien Barbot).
- Responses to GET requests for resource endpoints now include a ``last`` item
in the `_links` dictionary. The value is a link to the last page available.
The item itself is only provided if pagination is enabled and the page being
requested isn't the last one. Closes #62.
- It is now possible to set the MongoDB write concern level at both global
(``MONGO_WRITE_CONCERN``) and endpoint (``mongo_write_concern``) levels. The
value is a dictionary with all valid MongoDB write_concern settings (w,
wtimeout, j and fsync) as keys. ``{'w': 1}`` is the default, which is also
MongoDB's default setting.
- ``TestMininal`` class added to the test suite. This will allow to start the
building of the tests for an application based on Eve, by subclassing the
TestMinimal class (Daniele Pizzolli).
Version 0.0.7
~~~~~~~~~~~~~
Released on June 18th 2013.
- Pinned Werkzeug requirement to v0.8.3 to avoid issues with the latest release
which breaks backward compatibility (actually a Flask 0.9 requirements issue,
which backtracked to Eve).
- Support for Rate Limiting on all HTTP methods. Closes #58. Please note: to
successfully execute the tests in 'eve.tests.methods.ratelimit.py`, a running
redis server is needed.
- ``utils.request_method`` internal helper function added, which allowed for
some nice code cleanup (DRY).
- Setting the default 'field' value would not happen if a 'data_relation' was
nested deeper than the first schema level. Fixes #60.
- Support for ``EXTRA_RESPONSE_FIELDS``. It is now possible to configure a list
of additonal document fields that should be provided with POST responses.
Normally only automatically handled fields (``ID_FIELD``, ``LAST_UPDATED``,
``DATE_CREATED``, ``etag``) are included in POST payloads.
``EXTRA_RESPONSE_FIELDS`` is a global setting that will apply to all resource
endpoint . Defaults to ``[]``, effectively disabling the feature.
``extra_response_fields`` is a local resource setting and will override
``EXTRA_RESPONSE_FIELDS`` when present.
- ``on_posting`` and ``on_posting_<resource>`` event hooks. ``on_posting`` and
``on_posting_<resource>`` events are raised when documents are about to be
stored. Among other things this allows callback functions to arbitrarily
update the documents being inserted. ``on_posting(resource, documents)`` is
raised on every successful POST while ``on_posting_<resource>(documents)`` is
only raised when <resource> is being updated. In both circumstances events
will be raised only if at least one document passed validation and is going
to be inserted.
- Flask native ``request.json`` is now used when decoding request payloads.
- *resource* argument added to Authorization classes. The ``check_auth()``
method of all classes in the ``eve.auth`` package (``BasicAuth``,
``HMACAuth``, ``TokenAuth``) now supports the *resource* argument. This
allows subclasses to eventually build their custom authorization logic around
the resource being accessed.
- ``MONGO_QUERY_BLACKLIST`` option added. Allows to blacklist mongo query
operators that should not be allowed in resource queries (``?where=``).
Defaults to ['$where', '$regex']. Mongo Javascript operators are disabled by
default as they might be used as vectors for injection attacks. Javascript
queries also tend to be slow and generally can be easily replaced with the
(very rich) Mongo query dialect.
- ``MONGO_HOST`` defaults to 'localhost'.
- ``MONGO_PORT`` defaults to 27017.
- Support alternative hosts/ports for the test suite (Paul Doucet).
Version 0.0.6
~~~~~~~~~~~~~
Released on May 13th 2013.
- Content-Type header now properly parsed when additional arguments are
included (Ondrej Slinták).
- Only fields defined in the resource schema are now returned from the
database. Closes #52.
- Default ``SERVER_NAME`` is now set to ``127.0.0.1:5000``.
- ``auth_username_field`` is honored even when there is no query in the request
(Thomas Sileo).
- Pagination links in XML payloads are now properly escaped. Fixes #49.
- HEAD requests supported. Closes #48.
- Event Hooks. Each time a GET, POST, PATCH, DELETE method has been executed,
both global ``on_<method>`` and resource-level ``on_<method>_<resource>``
events will be raised. You can subscribe to these events with multiple
callback functions. Callbacks will receive the original flask.request object
and the response payload as arguments.
- Proper ``max_results`` handling in ``eve.utils.parse_request``, refactored
tests (Tomasz Jezierski).
- Projections. Projections are conditional queries where the client dictates
which fields should be returned by the API (Nicolas Bazire).
- ``ALLOW_UNKNOWN`` option, and the corresponding ``allow_options`` local
setting, allow for a less strict schema validation. Closes #34.
- ETags are now provided with POST responses. Closes #36.
- PATCH performance improvement: ETag is now computed in memory; performing an
extra database lookup is not needed anymore.
- Bulk Inserts on the database. POST method heavily refactored to take
advantage of MongoDB native support for Bulk Inserts. Please note: validation
constraints are checked against the database, and not between the payload
documents themselves. This causes an interesting corner case: in the event of
a multiple documents payload where two or more documents carry the same value
for a field where the ``unique`` constraint is set, the payload will validate
successfully, as there are no duplicates in the database (yet). If this is an
issue, the client can always send the documents once at a time for insertion,
or validate locally before submitting the payload to the API.
- Responses to document GET requests now include the ETag in both the header
and the payload. Closes #29.
- ``methods`` settings keyword renamed to ``resource_methods`` for coherence
with the global ``RESOURCE_METHODS`` (Nicolas Carlier).
Version 0.0.5
~~~~~~~~~~~~~
Released on April 11th 2013.
- Fixed an issue that apparently caused the test suite to only run successfully
on the dev box. Thanks Chronidev for reporting this.
- Referential integrity validation via the new ``data_relation`` schema
keyword. Closes #25.