You are not logged in Log in Join
You are here: Home » Download Zope Products » Content Management Framework » CMF-1.5.0beta2 » CHANGES.txt

Log in
Name

Password

 

CHANGES.txt

CMF 1.5.0beta2 (2004/09/27)

New Features

  • CookieCrumbler: Merged changes from standalone version. Cookies set on an HTTPS connection are now marked as secure, meaning they will not be transmitted over HTTP.
  • PortalFolder: New Folderish Interface defines the content* methods.
  • PortalFolder: Improved WebDAV folder listings. Hidden sub-objects like tools are now filtered out. To see all sub-objects, you need the Manage portal permission.
  • TypesTool: New properties can be added from the ZMI to TypeInformation objects.

Bug Fixes

  • CMFDefault/Document: store / return size of "raw" source text for get_size.
  • ZPT skin: Refactored registered_notify_template. For security reasons, it no longer adds the password to the login URL.
  • PortalFolder: Fixed _checkId policy. In a subfolder, members without Manage portal permission were not able to create content items whose names clashed with content items in the portal root.
  • CookieCrumbler: Improved came_from URL. Problems in connection with stack manipulation on traversal or usage of traverse_subpath should be fixed now.
  • PortalFolder: Public content* methods or no longer publishable. This prevents expensive anonymous calls to contentItems(), contentIds() and contentValues() via URLs. They still can be used in TTW code.
  • ZPT skin: Added missing mail_password_template.
  • TypeInformation: Simplified Method Aliases API. The new queryMethodID() replaces getMethodPath() and getMethodURL(). Aliases for method paths are no longer supported.
  • FSFile: Allow setting a content_type value using a .metadata file (http://www.zope.org/Collectors/CMF/281)
  • FSPageTemplate: Refine the XML content type detection so that addtional data such as encoding is preserved (http://www.zope.org/Collectors/CMF/228)
  • ActionInformation: If a path expression ending in an object that gets called using __render_with_namespace__ (such as DTML objects and Scripts (Python)) is used a KeyError for "here" would be thrown inside PageTemplates.ZRPythonExpr.call_with_ns. call_with_ns expects the namespace to contain "here", which the context coming from CMFCore.Expressions.createExprContext did not provide. Added "here" as an alias pointing to the provided "object" (http://www.zope.org/Collectors/CMF/171)
  • DiscussionItem: Made sure that the workflow is notified of their creation (Issue #280).
  • http://www.zope.org/Collectors/CMF/205: When pasting a content item, local roles were not changed to reflect the neew ownership.
  • ZPT skin: Added missing RSS script and template. (http://zope.org/Collectors/CMF/279)
  • DirectoryView: Improved createDirectoryView() backwards compatibility. Using platform specific path separators is deprecated.
  • UniqueIdAnnotation: Fixed manage_after* methods. They didn't work correctly in nested folders.
  • Workflow: Marked WorkflowMethod alias WorkflowAction as deprecated.
  • ZPT skin: Improved folder_copy_control and folder_cut_control. They now catch CopyErrors.
  • DirectoryView: Readded expandpath() for backwards compatibility. Some products still import expandpath from DirectoryView because it was once defined there. Note that importing expandpath from DirectoryView is deprecated and doesn't work with CMF HEAD / 1.6.
  • RegistrationTool: An optional password can now be passed to registeredNotify() (Issue #277).
  • Tool icons can now reside in subdirectories (Issue #144).

CMF 1.5.0beta (2004/08/12)

New Features

  • The CMF is now under the terms of version 2.1 of the Zope Public License (ZPL); it was previously under ZPL version 2.0.
  • TypeInfos: Marked getActionById as deprecated. Use getActionInfo if you need an URL or getMethodPath if you need a method.
  • CatalogTool.CatalogTool now has a private unrestrictedSearchResults method bypassing the effective and expiry date and roles. The new method has to be used with care to not expose security holes in applications using the CatalogTool.
  • CMFCalendar.CalendarTool: Made workflow states configurable TTW. (http://zope.org/Collectors/CMF/110)
  • Minor featurelet: The "Action Providers" ZMI tab on the portal_actions tool now links directly to the tools shown (http://zope.org/Collectors/CMF/181)
  • CMFCore.utils: Introduced contributorsplitter() utility function along the lines of keywordsplitter().
  • Actions and Action providers: Further refactoring.
    • Removed again OldstyleActionProvider Interface and OldstyleActionProviderBase that existed only in 1.5.0-alpha. ActionProvider now also works with oldstyle Action mappings.
    • listActionInfos() and getActionInfo() now return ActionInfo objects instead of Action info mappings. ActionInfo objects have a backwards compatible mapping interface.
  • Added CMFUid product which provides tools for generating, registering, and storing unique IDs for content (gregweb).
    • As an example of how to use unique ids, enhanced CMFDefault.Favorite content class, using unique ids to track moved or renamed content items.
    • At the bottom of the page the permanent link to the content object is shown (http://www.example.com//permalink/1234, where 1234 is the unique id of the content object)
  • Added __init__ method to the IOpaqueItems.ICallableOpaqueItem interface.
  • CookieCrumber now supports logging the authenticated user id to the access log just like basic auth.
  • portal_setup tool can now disply / download diffs between profiles and / or snapshots.
  • The find tab on the portal_skins tool will now mark the object that would be returned when using the specified skin

Bug Fixes

  • CMFCore.PortalFolder: Enforce check of "Delete objects" permission during cut + paste. (http://zope.org/Collectors/CMF/259)
    1. B. This fix depends on an update to the underlying Zope software, e.g., Zope 2.7.3 or later. Two new unit tests fail on Zope 2.7.2 and earlier.
  • CMFDefault.MetadataTool: Validation would disallow vocabulary-constrained metadata elements to be empty (http://zope.org/Collectors/CMF/217)
  • CMFDefault.DiscussionItem: Replies were not sorted chronologically (http://zope.org/Collectors/CMF/211)
  • CMFDefault.Image and CMFDefault.File: When copy/pasting Image and File objects the review state did not revert to "private". (http://zope.org/Collectors/CMF/176)
  • CMFSetup: Refactored rolemap. Converted the roles attribute to role sub-elements. Fixed an acquisition bug that caused incomplete exports. Updated default profile.
  • CMFWiki: Prevent deprecation notice for the deprecated CMFWikiPermissions module by replacing its usage in CMFWiki.__init__ with the new permissions module.
  • CMFTopic: Change topic_view template to show title and ID (it only showed title before; http://zope.org/Collectors/CMF/180)
  • CMFCore.PortalFolder: Unlike other content, only Managers were able to create PortalFolders using mkdir in FTP. Fixed by inserting missing security declaration for PortalFolder.manage_addFolder (http://zope.org/Collectors/CMF/167)
  • Default text format for NewsItems is now structured-text, just like it is for Documents, tuhs removing a spurious difference (http://zope.org/Collectors/CMF/138).
  • CMFCalendar.CalendarTool: (Lost) fix for issues 65 and 159. The determination of the date/time range constituting a specific month was faulty.
  • CMFDefault.DublinCore: Use the portal_metadata tool's getPublisher for the DublinCore Publisher element (thanks to Eric Brown for the patch).
  • CMFCalendar.CalendarTool: Code assumed US datetime format throughout. At least since Zope 2.7 users can change that.
  • CMFCalendar.Event: Day, month, and year were processed in the wrong order by Event.edit(). (http://zope.org/Collectors/CMF/202)
  • CMFCore.PortalFolder: _verifyObjectPaste() did not check the container's allowed content types, enabling users to paste objects they were not allowed to add. (http://zope.org/Collectors/CMF/216)
  • CMFDefault.File and CMFDefault.Image: setFormat() failed to update the content_type property causing index_html() to use a stale mimetype when serving the file or image. (http://zope.org/Collectors/CMF/226)
  • CMFDefault.Document, CMFDefault.Link, and CMFCalendar.Event: WebDAV PUT() caused improper splitting of Contributors metadata header.
  • CMFCore.PortalFolder: Fixed missing import of BadRequest exception.
  • DCWorkflow DefaultWorkflowClassic: Fixed pending state permissions.
  • CMFSetup: Refactored actions, type-infos and workflow definition. Changed some XML attributes. Converted list items and descriptions to sub-elements.
  • ActionInformation: Some attribute cleanup. Enforced usage of Title instead of Name, URL or URL (Expression) instead of Action. Enforced boolean type of Visible.
  • DiscussionTool: Fixed two acquisition bugs. (Collector #119 and #201)
  • Change default CookieCrumbler Cache-Control header value from "no-cache" to "private" to allow browser caches to cache cookie authenticated pages but not proxies and HTTP accellerators.
  • ActionInformation: Correctly store an empty tuple for permissions if no permission is given (Collector #242).
  • DublinCore: Use a default ceiling date that is parsable by DateIndex (Collector #132).
  • RSS: Creates correct XML by always quoting arguments (Collector #170).

CMF 1.5.0alpha (2004/07/09)

New Features

  • CMFActionIcons product is now shipped as part of the CMF release.
  • New portal_setup tool provides export / import of various site configuration choices, both as tarballs and as TTW "snapshots". See the README.
  • zpt skin: Some forms are now scripts. These scripts are dispatchers that call validators and controllers and set redirect depending on the selected button. If redirect is not set, the script calls a template and returns the resulting HTML page.
  • ActionProviderBase, ActionInformation: Added methods to modify/edit actions. New method getActionObject in ActionProviderBase and edit method in ActionInformation (Collector 195). An action now may be modified/edited the following way:
            action_provider.getActionObject('object/view').edit(title='VIEW')
    
  • Topic objects now support syndication (Collector #203).
  • PortalFolder and zpt skin: PortalFolder now inherits from OrderedFolder.
    • Added buttons to folder_contents that allow to set a default sorting for each PortalFolder or to order the sub-objects by hand.
    • Modified index_html to show sub-objects in the selected order. The old index_html is still available as index_html_categorized.
  • CMFDefault utils: Added html_marshal function. This is similar to ZTUtils.make_hidden_input(), but returns a sequence of (name, value) pairs instead of html code.
  • CMFCore utils and content types: Marked _getViewFor as deprecated. __call__() and view() methods using _getViewFor() are deprecated as well. Use Method Aliases instead.
  • CMFDefault Site: Now adds the Classic DCWorkflow on creation. If DCWorkflow is not installed, no default workflow is added.
  • DynamicType: Added getActionInfo method. This is a shortcut to getActionInfo() of the related TypeInformation.
  • DublinCore: setModificationDate is now guarded by ModifyPortalContent.
  • zpt skin: Reimplemented folder_contents and related controllers. Uses a dispatcher script that calls the right validators and controllers if a form button is pushed. The result looks almost the same as before.
  • PortalFolder and SkinnedFolder: Added new and rename_items Actions. Used for redirects they are invisible by default.
  • CMFCore exceptions: Added some Exceptions. AccessControl.Unauthorized is a subclass of zExceptions.Unauthorized, so for best results use AccessControl_Unauthorized to raise Unauthorized and zExceptions_Unauthorized to catch them all. CopyError and ResourceLockedError are now also available for TTW code. EditingConflict is a new CMF class replacing the old string exception.
  • Callable Opaque Items, CMFCatalogAware: Added an interface ICallableOpaqueItemWithHooks. CMF now calls the manage_after and manage_before hooks of a marked opaque item on copying, moving or deleting the containing content object.
  • DublinCore: Creator element no longer depends on Ownership. (Collector #25)
    • Added listCreators() and listContributors() to the DublinCore Interface. Creator() now returns the first element of listCreators(). Contributors() is now a deprecated alias of listContributors() and might change in a future version.
    • Updated DublinCore implementation in DefaultDublinCoreImpl and DiscussionItem. Added new addCreator() method that is called by notifyModified(). SkinnedFolder also uses the new methods.
    • Updated ContentFilter to work with listCreators().
    • Updated CatalogTool to index listCreators. Creator index and metadata are deprecated and might be removed in a future version.
    • Updated skins to search listCreators() and show all creators.
  • TypeInfos: _finishConstruction() now calls reindexObject(). This makes sure changes made by ScriptableTypeInformation scripts are indexed and notifyModified() is called after content creation.
  • Document: Removed WorkflowMethod wrapper of setFormat(). This was the only wrapped MutableDublinCore method and caused an ugly second reindexObject() / notifyModified() call in the middle of _editMetadata().
  • CatalogTool: Updated to post Zope 2.6.2 ZCatalog interface. catalog_object() and reindexObject() now support the new update_metadata argument. reindexObjectSecurity() doesn't update catalog metadata anymore.
  • Added new hook to CookieCrumbler "twiddleAuthCookie". The twiddleAuthCookie skin script, if present is called on each request where a cookie authentication token is present. It is passed the auth cookie name and value so that it can perform such functions as extending the expiration of the cookie. A twiddleAuthCookie script along with a setAuthCookie script could create login sessions that timeout after a period of inactivity for example.
  • Refactored ActionsTool and Action providers:
    • Added listActionInfos() and getActionInfo() to the ActionProvider Interface, added object argument to listActions().
    • Added OldstyleActionProvider Interface and OldstyleActionProviderBase for Action providers still not using ActionInformation objects. WorkflowTool and CMFCore DiscussionTool use this.
    • Action providers queried by ActionsTool should implement the new ActionProvider Interface. Action providers subclassing ActionProviderBase inherit the necessary methods.
    • To ease transition it will be sufficient to implement the OldstyleActionProvider Interface, using OldstyleActionProviderBase. The use of Action providers not implementing one of these Interfaces is deprecated. Support for them will be removed after CMF 1.5.
    • Added helper methods getOAI() and getExprContext() to get computed contexts from REQUEST cache or create new ones.
  • CMFDefault MembershipTool and zpt skin: Added Manage members Action. The skin now provides basic membership management: Browsing members, registering new members and deleting members including their member data, member area and Local Roles.
  • The caching policy manager now sets the header X-Cache-Headers-Set-By when it sets cache headers in a response.
  • FSDTMLMethods now play nicely with the caching policy manager.
  • zpt skin: Added batch_widgets.pt and getBatchNavigation.py. roster and search use now the new navigation macro. Looks like before, but i18n works better and it's easier to reuse or replace the code.
  • zpt skin: Added zpt version of registered_notify_template.
  • CMFCorePermissions: Made them available for import by Scripts.
  • CMFCore MembershipTool and MemberDataTool: Added delete methods.
    • deleteMemberData() deletes the member data of a member.
    • deleteMemberArea() deletes the member area of a member.
    • deleteLocalRoles() now has a recursive argument.
    • deleteMembers() deletes members including member data, member area and Local Roles.
  • CMFCore MembershipTool: Changed interface.
    • createMemberarea() is now called createMemberArea(). For backwards compatibility createMemberarea is a deprecated alias.
    • getMembersFolder() is now also part of the CMFCore interface.
  • CMFCorePermissions: Added Change local roles Permission. PortalFolder's Local Roles Action and MembershipTool's Local Roles methods are now guarded by Change local roles of the object.
  • Added CMFCore 'exceptions.py': Errors defined in this module are available for import by Scripts.
  • CMFCore and CMFDefault MembershipTool: Changed permissions. createMemberarea() for someone else and getRoster() including hidden members are now protected by Manage users. getMemberById(), listMemberIds() and listMembers() as well.
  • Document and NewsItem: Un-hardwired manage_FTPget() for text/html. Added source_html.dtml and source_html.pt. manage_FTPget() now has a gethtml hook and uses source_html by default. (Collector #168)
  • TypeInformation: Added Method Aliases.
    • TypesTool and TypeInformation now have an Aliases tab to configure Method Aliases TTW.
    • factory_type_information now has a key aliases to configure Method Aliases in a product. This key is required, but may be empty: If it doesn't exist, TypeInformation will try to update by guessing aliases.
    • DynamicType manipulates TraversalRequestNameStack depending on Method Aliases. (Default) and view aliases bypass __call__() and view() methods on traversal.
    • PortalFolder's mkdir hook now makes use of Method Aliases.
  • CMFCore and CMFDefault MembershipTool: Changed member area creation. wrapUser() does no longer call createMemberarea(). createMemberarea() should now be called from the logged_in page.
  • CMFDefault MembershipTool: Added a customization hook to createMemberarea(). A createMemberContent script placed inside the tool overrides default member content creation.

Bug Fixes

  • zpt skin: Removed dependency on dtml layers.
  • CMFCore utils: Marked format_stx function as deprecated. It's no longer necessary to work around default STX handling.
  • DirectoryView: Refactored path handling. Should now work with any products path setup. (Collector #210)
  • Enforced new "local permissions" pattern: each top-level CMF product should have a permissions.py module which imports / declares all permissions used within the product; other modules within the product should import from there. Likewise for exceptions.py.
  • Removed pre Zope 2.7.0 compatibility code. Now Zope 2.7.0 or a later platform is required for CMF.
  • CatalogTool: Marked the meta_type index as deprecated.
  • PortalFolder: Marked the spec argument as deprecated. Use the filter argument with portal_type instead for contentItems(), contentIds(), contentValues() and listFolderContents().
  • PortalFolder: Fixed portal_type acquisition bug in ContentFilter.
  • DynamicType: Added getPortalTypeName() to the interface.
  • Collector #227: expose ZPT filename in tracebacks which include FSPageTemplates.
  • zpt skin: Switched base tag policy back to that of dtml skin. This makes the use of relative URLs in content easier. If you have content that depends on the old policy you can customize getBaseTag.pt and add a slash. (Collector #66)
  • Actions of folderish types: Fixed some inconsistencies. Whatever the old CMFDefault policy was - this is the current policy: "object" is used for Actions related to the object itself, "folder" is used for Actions related to the container of the object.
    • Changed the category of PortalFolder and SkinnedFolder Actions to object.
    • Moved folderContents of folderish types from ActionsTool to PortalFolder's type info. Other folderish types now have to declare their own folderContents Action if they need one.
    • Renamed Topic's subtopics and SkinnedFolder's foldercontents Action to folderContents to get them in sync.
  • StrippingParser: Added big, small, sub and sup to valid tags.
  • _checkPermission: Added check for executable owner and proxy roles.
  • SkinsContainer: Fixed context wrappers returned by getSkinByPath(). The original context of skin folders is now removed. This avoids having SkinTool attributes added to the CMFSite root object.
  • CatalogTool: Removed deprecated id from default indexes and metadata.
  • Skins: Fixed a DateTime related issue in search_form and doFormSearch. Added one second to epoch to work around the problem that the timezone gets lost if time is 00:00:00.
  • CMFCore.PortalFolder: Explicitly declare base interfaces.
  • Tests: CachingPolicyManager tests don't fail on Windows anymore. (Collector #107)
  • SkinsTool: Fixed cookie paths. clearSkinCookie() now uses the same cookie path as updateSkinCookie() which is now "inside-out" hosting safe.
  • DefaultDublinCoreImpl: Changed accessor permissions. As defined in the interface accessors are now protected by View.
  • CMFDefault utils: Made tuplize() work correctly with string types.
  • CMFCore utils: Reverted obsolete workaround in _checkPermission.
  • Skin scripts: Made except statements safer by being more specific. Hope this still catches all relevant errors.
  • Removed some pre Zope 2.4.3 with PageTemplates backwards compatibility cruft. A later platform is required since CMF 1.3.
  • Collector #153: CookieCrumbler didn't preserve query strings.