version 0.7.28 final (31-December-2013): * djblets.auth: * Fixed HTTP 500 errors when failing to save the registration form. If saving the registration form failed in some way (due to a username conflict, for example), Djblets would fail with an HTTP 500. It's now propagated up and reported properly. version 0.7.27 final (12-December-2013): * djblets.webapi: * Fixed a regression with the new webapi auth backend support. If an Authorization header was sent by a client that already had a valid cookie, the code would attempt to access an undefined variable. The code is now in a more appropriate place to access that variable. version 0.7.26 final (10-December-2013): * djblets.util.fields: * Fixed JSONField in the administration UI. A JSONField will now render proper JSON, and not a Python repr() of JSON, in the administration UI. This is properly validated and saved. * djblets.webapi: * Added support for web API authentication backends. It's now possible to write custom auth backends for the web API. By default, our standard HTTP Basic Auth is used, but others can now be written. Projects can set settings.WEB_API_AUTH_BACKENDS to a list of Python class paths to set custom auth backends. In coming releases, we'll supply new ones as well. version 0.7.25 final (28-November-2013): * djblets.auth: * Added some human-readable labels for RegistrationForm. * RegistrationForm subclasses that make use of fields that normalize to non-strings no longer fail to save. * djblets.webapi: * Usernames with plus signs in them are now matched in the API. This is useful for e-mail addresses as usernames. Patch by Mark Côté. version 0.7.24 final (21-November-2013): * djblets.util.http: * Fixed ETag matching. ETag request headers weren't being looked up properly, preventing pages from being able to make intelligent caching decisions. version 0.7.23 final (5-November-2013): * djblets.extensions: * Fix URL errors when configuring extensions with a custom SITE_ROOT. * djblets.util.fields: * JSONFields can now be safely edited through the administration UI, complete with validation. * jquery.gravy: * Fixed hiding the pencil icons on an inlineEditor when disabled. version 0.7.22 final (1-November-2013): * djblets.extensions: * AJAX_SERIAL is updated when extensions are enabled/disabled or their configuration changes, allowing templates using AJAX_SERIAL as part of their cache to invalidate. * djblets.siteconfig: * Reduced query counts for installs using siteconfig. * djblets.webapi: * Reduced query counts when returning payloads for list resources with no entries. * Common attribute lookups on WebAPIResource are now cached. version 0.7.21 final (11-October-2013): * djblets.webapi: * Added a has_list_access_permissions function, which is used to determine access to a list resource. version 0.7.20 final (11-October-2013): * djblets.datagrid: * Fixed pagination on the datagrid. version 0.7.19 final (10-October-2013): * Security updates: * JSONField now corrects incorrectly stored contents in a safer way, to remove the risk of any exploits in a JSON payload. This is CVE-2013-4409, and was reported and patched by Frederik Braun. * General: * Updated much of the codebase to be more compatible with Django 1.5 and newer. The upcoming Djblets 0.8 releases will be geared more heavily toward Django 1.5 compatibility. * Packaging: * Fixed building the static media for Djblets when using a Python interpreter other than the one named 'python' in the system path. Patch by Emmanuel Gil Peyrot. * Djblets now requires django-pipeline 1.2.24. This version of Djblets does not work correctly with newer versions. * djblets.extensions: * Extensions can now add additional middleware by setting Extension.middleware to a list of middleware classes. Patch by Mark Côté. * Updated ExtensionResource to use the modern, type-checked, documented field style, and to add missing documentation. * djblets.util.templatetags.djblets_js: * The json_dumps filter no longer defaults to indenting at all. Previously, it defaulted to 0, which did not indent code, but did preserve newlines. * djblets.webapi: * WebAPIError.with_message no longer overrides the original message for all other instances of that error. * Added WebAPIError.with_overrides, which allows overriding the message and HTTP headers. * The webapi decorators now preserve and merge webapi-related information from other decorators, such as the lists of response errors and optional/required fields. * jquery.gravy: * The modalBox z-index has been increased from its previously low z-index, to prevent other UI elements from more easily popping up over it. Patch by Natasha Dalal. version 0.7.18 final (15-September-2013): * Security updates: * We now require Django 1.4.8, which has some important security updates to prevent a DoS against the auth module. * Web API resource lists are now more careful about access permissions. See the section on djblets.webapi below. * JavaScript: * inlineEditor now has a "raw value" option. There are now a couple new options to the inlineEditor widget for dealing with custom text: "hasRawValue" and "rawValue". If hasRawValue is true, then the contents of rawValue is used as the source text for the editor, instead of the text contents of the associated element. This allows the caller to do some specialized pre-formatting on the text contents. * Added a "matchHeight" option to inlineEditor to prevent the height-matching behavior. A matchHeight is false (defaults to true), the editor won't attempt to match the height of the rendered element. This is important when pre-formatting the text going into the widget using the new raw value options. * Preserve the height of the label for inlineEditors when toggling pencil visibility. The label should no longer change height when the pencil icon is shown or hidden. * djblets.webapi: * Fixed access permissions on resource lists. The list resources, by default, didn't do any permissions checking other than the basic logged-in checks. This meant that if you had a protected resource with children, you could get lists of the children even without access to the parents. This is an important security update, and we recommend all users of the API update immediately. * Requests to invalid API resources now return a standard API 404, instead of a default Django 404. (Bug #3052) version 0.7.17 final (15-August-2013): * Packaging: * We now require Django 1.4.6, which is the latest security release in the 1.4.x series. * The build-media script is no longer assumed to be executable when building the package. Patch by Andrew Grigorev. * The 'tests' module is no longer included in the egg. Patch by Alex Morega. * djblets.extensions: * The extensions media directory is once again based on the package name, and not the display name of the extension. * djblets.util: * Added a cached_javascript_catalog view in djblets.util.views, which caches and returns the JavaScript localization catalog provided by Django. This prevents having to regenerate it all the time. * Fixed a compatibility issue with Python 2.5 in @controlled_subprocess when trying to kill the process. (Bug #2935) * Improved the localizability of a string in @controlled_subprocess. * djblets.webapi: * The documentation for ?max-results= now explains the existence of a hard limit of 200 results, so callers aren't surprised when they try to use larger numbers. * The 'X-Content-Type-Options: nosniff' header is passed in API response headers, to prevent IE8 from trying to download payloads. (Bug #2889) version 0.7.16 final (27-July-2013): This release contains security fixes in the datagrid. If you are using the datagrid, it is recommended that you upgrade to this release. * JavaScript: * autoSizeTextArea now cleans up its hidden proxy elements when destroyed. * inlineEditor can be told not to focus a textarea by default by setting 'focusOnOpen' to false. * modalBox can place itself in an element other than <body> by setting the 'container' option to the element. * modalBox takes a 'boxID' option that, if specified, will set the ID of the modalBox element. * funcQueue now takes an optional context parameter for callback functions. The callbacks will be invoked with 'this' set to that context. * djblets.datagrid: * Data pulled from the database and rendered into cells are always escaped now. Custom columns can still override this by providing their own rendering. This led to an XSS vulnerability. This is CVE-2013-4795. * Columns can now specify an image_class instead of an image_url. This will render the icon as a <div> with the given CSS class name, instead of rendering an <img>. It's useful when using spritesheets. * Added a JavaScript reload() function that can be called on a datagrid element to trigger a dynamic reload from the server. * djblets.extensions: * Extensions can now specify their list of app directories. An Extension subclass can define an 'apps' member variable that, like INSTALLED_APPS, lists the app module paths the extension uses. These will each be added to INSTALLED_APPS when enabled, and removed when disabled. If an extension does not provide 'apps', then this falls back on the default behavior of only adding the extension's parent app. * Extensions can now specify the author's URL. Extension.metadata can now specify an 'Author-home-page' field, which points to the URL for the author's site. This is meant to distinguish between the extension's URL, and the URL for the person/company/organization that created the extension. * Improved the look and feel for extension configuration. The extension configuration pages now fit in with the admin UI a lot better. They share much of the look of other admin UI pages. Furthermore, when extensions are saved, there's now feedback given to the user, instead of just simply re-rendering the page. * Improved the functionality for extension configuration. Extension configuration forms now contain all the functionality of SiteSettingsForm. This include fieldsets and save blacklists (which prevent a field from automatically being saved in the extension settings). * Improved the list of available extensions. The list no longer causes part of the extension description to be overlapped. It also shows the author of the extension, and links back to the author's site. version 0.7.15 final (26-May-2013): * djblets.extensions: * Extension classes can now define a 'metadata' variable to override the package's metadata. This uses standard PyPI metadata fields. Using this, single Python package can provide several extensions. * TemplateHooks subclasses can now override a new render_to_string function to do their own processing and rendering, instead of simply rendering the provided template_name. * The template_name parameter to TemplateHook is now optional. * The Django template loader cache is now reset when syncing extension settings or enabling/disabling an extension. * djblets.webapi: * Added a "is_webapi_handler" attribute to WebAPIResource. This allows for introspection from any middleware that's going to call a view. It can test if this is set on the view to know whether it's calling into an API handler. version 0.7.14 final (6-May-2013): * JavaScript: * inlineEditor now emits a "cancel" event when pressing OK without any modifications. Previously, there was no indication that it had finished. * inlineEditor's "complete" event now has the initialValue parameter (which comes after the new value) set correctly. Previously, it was always the same as the value, making it hard to determine if anything had changed. * $.fn.html() now works with setting empty strings. * djblets.gravatars: * Added get_gravatar_url_for_email. This returns the gravatar URL for a given e-mail address, rather than needing a User object. * djblets.webapi: * The cache of known URI templates for a RootResource now works properly when the path leading to the RootResource can change. * When serializing an object while using ?expand, any QuerySet will be converted to a list. This prevents any changes from happening between serializing and rendering. version 0.7.13 final (26-April-2013): * djblets.log: * Added enhanced request logging. This supplements Python's logging functions (logging.info, etc.) to take an optional request= parameter. When passed, the logging information will show some additional details (by default, the username and path) related to the log entry, helping with debugging. * djblets.siteconfig: * Changing and loading the site_static_url setting will now actually cause static media files to be loaded from that URL. version 0.7.12 final (19-April-2013): * djblets.datagrid: * Massively speed up datagrid rendering. The rendering code for datagrids had a flaw where it would re-populate some state for every cell, and this could be very expensive. It's now reused on all cells. We saw this with one application where a datagrid would take 6 seconds to render. Now it takes 0.5 seconds. * djblets.extensions: * Added an install_extension function to ExtensionManager. This can be used to install extensions dynamically from a file or URL. Patch by Surya Nallu. * djblets.util.fields: * CounterField now allows incrementing/decrementing by values other than 1. Patch by Raja Venkataraman. * djblets.util.templatetags: * The thumbnail and crop_image template tags now work with Django Storage backends. * Added a save_image_to_storage function in djblets_images that makes it easy to save image data to Storage backends. * djblets.webapi: * Resources now consider both Last Modified and ETag headers simultaneously when determining if a cached payload is still valid. Previously, if the Last Modified timestamps were the same, the ETag check would fail. version 0.7.11 final (21-February-2013): * General: * Require Django 1.4.5 as a minimum. This is the latest security release of Django. For more information, see https://www.djangoproject.com/weblog/2013/feb/19/security/ * djblets.extensions: * "config/" and "db/" links for extensions are now generated properly when specifying a custom SITE_ROOT. (Bug #2843) Patch by Raja Venkataraman. * djblets.log: * Added an Admin UI setting for changing log levels. This is the 'logging_level' setting in siteconfig, which controls settings.LOGGING_LEVEL. Patch by Raja Venkataraman. * djblets.siteconfig: * Added new 'list-siteconfig', 'get-siteconfig', and 'set-siteconfig' management commands for manipulating siteconfig configuration from the shell. version 0.7.10 final (6-February-2013): * djblets.util.fields: * CounterField was failing to use the initializers for brand new instances of a model, defaulting to None instead. Patch by Raja Venkataraman. version 0.7.9 final (27-January-2013): * JavaScript: * modalBoxes now use z-indexes of 99 and 100 for the box and content, instead of 11000 and 11001. * djblets.datagrid: * Columns data by way of field access can now span field relationships. For example, "some.other.object.field" can now be used. Patch by Alexander Artemenko. * djblets.extensions: * Fixed a failure when clearing extension info. Extensions that weren't properly set up yet were causing a crash when attempting to reload the list of extensions. * djblets.siteconfig: * When loading the stored timezone, we're now longer setting os.environ['TZ'] to that timezone. Instead, we're just activating that timezone for Django only. This works around some problems with auto-reload threads (which will still be on the default timezone instead of the loaded one) and importing certain Python eggs, which would end up causing file timestamps relative to different timezones. That would cause autoreload to kick in prematurely and break any spawned processes. * djblets.webapi: * Fixed a bug where list resources that had an unknown ID in the URL could end up throwing an exception instead of returning a 404. Patch by Niklas Hambuechen. version 0.7.8 final (19-December-2012): * JavaScript: * Fixed a crash when enabling/disabling an inlineEditor without an edit icon. version 0.7.7 final (16-December-2012): * djblets.datagrid: * Fixed a possible XSS exploit in datagrids. Patch by Alexander Artemenko. * Failures during rendering the datagrid now results in a traceback. * djblets.extensions: * Database evolutions are no longer applying using evolve --hint --execute. This fixes unintentional database changes elsewhere. * JavaScript: * The second display of an inlineEditor no longer breaks the size of the editor. version 0.7.6 final (8-December-2012): * JavaScript: * inlineEditor now supports changing an "enabled" option, allowing editors to start out enabled or disabled, or dynamically change that state. Patch by Jesus Zambrano. * djblets.siteconfig: * Siteconfig now handles old-style CACHE_BACKEND values and new-style CACHES[cachename] dictionaries in hte 'cache_backend' setting. * djblets.util.cache: * Added normalize_cache_backend. This can take either an old-style CACHE_BACKEND or new-style CACHES[cachename] and return a valid entry for CACHES['default']. * djblets.webapi: * Added unregister_resource_for_model. This is useful for extensions that called register_resource_for_model. Patch by Steven MacLeod. version 0.7.5 final (30-November-2012): * djblets.siteconfig: * Fixed a couple missing imports. version 0.7.4 final (29-November-2012): * djblets.siteconfig: * The stored cache_backend setting is now deserialized into settings.CACHES['backend']. This leaves other caches unaffected and stops accessing settings.CACHE_BACKEND. version 0.7.3 final (29-November-2012): * This version contains all the fixes and functionality of 0.6.27. * General: * Django 1.4.2 is now required. * All admin-related templates have been changed to better fit the admin template structure and styles. This includes siteconfig and logs. * djblets.extensions: * Extension lists and state are now synchronized across threads/processes/servers. * Extension subclasses now must capture all variable arguments (*args, **kwargs) and pass them to the parent constructor. * URLHook, admin URLs, and API resource URLs are all now added and removed properly when an extension is enabled or disabled. * djblets.util: * Cache keys are now bound to the SITE_ROOT, if one is set, to prevent leakage across instances. (Bug #2538) * Added DynamicURLResolver in djblets.util.urlresolvers. This can be added to a urlpatterns list to provide an entry point for dynamically adding or removing URLs on a site. This is used primarily for extensions. * djblets.webapi: * API handler functions that specify allow_unknown=True in @webapi_request_fields can now retrieve all extra fields as an 'extra_fields' argument. * JavaScript: * The jQuery dependency has been updated to 1.8.2, and jQuery-UI to 1.8.24. * inlineEditor's animation speed has increased, and is now customizable through options.fadeSpeedMS. * inlineEditor now does a better job of matching the parent container's bounds. * inlineEditor no longer activates when simply selecting text. Patch by Dave Druska. * Added a $.fn.retinaGravatar function that, on Retina-capable displays, requests a larger gravatar for the given URL specified in an <img/>. version 0.7.2 final (26-September-2012): * This version contains all the fixes and functionality of 0.6.24. * General: * Styled all admin UI templates to add a "title" class to <h1> page titles. This affects extensions, log viewer, and siteconfig. * djblets.log: * Fixed the columns to match the style of other admin UI columns. * djblets.pipeline: * Our 'bless' compiler is now compatible with the latest versions of pipeline. * JavaScript: * modalBox's positioning is now properly centered. It was previously just off-center a bit. version 0.7.1 final (3-August-2012): * Added the contrib directory to the source distribution. This solves a packaging problem when not using eggs. version 0.7.0 final (2-August-2012): * General: * Djblets now requires Django 1.4.1+. * Added localized timezone awareness. Datagrids, log generation, and various utility functions now operate in the user's pre-configured local timezone. * Djblets now uses Django's standard static media support. It looks for bundled media files using the static support. Applications must have STATIC_URL, STATIC_ROOT, etc. configured correctly. * djblets.datagrid: * DateTimeColumn and DateTimeSinceColumn are now timezone-aware. * djblets.extensions: * Added a framework for supporting loadable, configurable extensions in Django-based sites. Extensions can be used to augment the functionality of a webapp. Webapps can provide hooks in their codebase at any point they want to extend. These can come in the form of template hooks, URLs hooks, admin UI hooks, and other in-process hooks. A webapp will provide a single ExtensionManager, specifying the name of a Python setuptools entrypoint. This entrypoint will be scanned for any installed packages on the system that provide Extension subclasses. Integration in the Administration UI is provided by linking to the provided admin URLs. WebApps will typically only have a single ExtensionManager, but it is possible for it to have multiple ExtensionManagers, allowing different modules to provide their own extension mechanisms. Extensions themselves can depend on other extensions. Dependency resolution happens automatically when enabling extensions. Extensions also have easy support for configuration forms in the admin UI. All data is automatically loaded and stored in the database. This is an experimental feature, and at this point we are not guaranteeing compatibility between 0.7.x releases. 0.8 will have a stable API. * djblets.util: * ModificationTimestampField, http_date, and the the ageid filter have been made timezone-aware. * Added a TimeZoneField, which displays all known timezones for selection. The timezones come from the pytz module, which is now a dependency of djblets. version 0.6.31 final (11-October-2013): * djblets.webapi: * Added a has_list_access_permissions function, which is used to determine access to a list resource. version 0.6.30 final (10-October-2013); * Security updates: * JSONField now corrects incorrectly stored contents in a safer way, to remove the risk of any exploits in a JSON payload. This is CVE-2013-4409, and was reported and patched by Frederik Braun. version 0.6.29 final (27-July-2013): * djblets.datagrid: * Data pulled from the database and rendered into cells are always escaped now. Custom columns can still override this by providing their own rendering. This led to an XSS vulnerability. This is CVE-2013-4795. version 0.6.28 final (20-February-2013): * General: * Require Django 1.3.7 as a minimum. This is the latest security release of Django. For more information, see https://www.djangoproject.com/weblog/2013/feb/19/security/ * djblets.datagrid: * Fixed a possible XSS exploit in datagrids. Patch by Alexander Artemenko. * Failures during rendering the datagrid now results in a traceback. * djblets.util.fields: * CounterField was failing to use the initializers for brand new instances of a model, defaulting to None instead. Patch by Raja Venkataraman. verrsion 0.6.27 final (24-November-2012): * djblets.gravatars: * The gravatar URL used for HTTPS connections now uses https://secure.gravatar.com and not https://www.gravatar.com. * djblets.webapi: * The allowed_mimetypes list in WebAPIResource is no longer getting polluted with every WebAPIResource's allowed item and list mimetypes. version 0.6.26 final (5-November-2012): * djblets.gravatars: * Added a get_gravatar_url() function, which can be used to get the URL for a user's gravatar without generating HTML. * Made gravatar support smart enough to choose an HTTP vs. HTTPS URL, depending on what was used to access the page. (Bug #2768) * djblets.webapi: * generate_etag() and serialize_*_field() functions now take a request parameter. This requires that all callers update their serialize_*_field() functions to take a **kwargs parameter. This breaks backwards-compatibility, but is a necessary change. * Resource handler functions that provide default values for parameters can now expect those to be used. Previously, when a parameter to the API wasn't provided, the value passed would be None. version 0.6.25 final (27-October-2012): * General: * Require Django 1.3.4. This is a simple release that just bumps our Django requirement, in order to not have issues with consumers depending on the latest security release in the 1.3.x branch. version 0.6.24 final (25-September-2012): * djblets.feedview: * We now use the latest upstream of feedparser instead of an older bundled version. This keeps us updated and prevents a security issue with the version we shipped. version 0.6.23 final (24-September-2012): * General: * We now require Django 1.3.3. Previous versions claimed to work with Django 1.1.1 or higher, but for the remainder of the 0.6.x line, we plan to stay only on Django 1.3.x. For Django 1.4+ support, use the latest 0.7.x releases. * djblets.util: * Added djblets.util.humanize. This currently contains a humanize_list function. It's the same as the template filter we provide, but is a bit nicer to include and work with than a filter. * djblets.webapi: * Added an Item-Content-Type header to web API responses for list resources. This header contains the mimetype for the items in the list, making it possible to determine what to use when fetching the items. The documentation has been updated on how to use this. version 0.6.22 final (31-July-2012): * djblets.util: * User and AnonymousUser are no longer imported globally in the djblets_utils templatetags. This fixes some breakages in apps that imported this file to get access to filters, but weren't running in a Django settings environment. version 0.6.21 final (24-July-2012): * djblets.util: * Fixed a bug with ifuserorperm and non-int IDs. version 0.6.20 final (21-July-2012): * djblets.datagrid: * Improved performance of the datagrids. Datagrids now fetch all needed ForeignKey-related objects in one go, instead of having one query per unique object. This can reduce the query count substantially. * djblets.util: * The ifuserorperm template tag now accepts both IDs and User objects, allowing comparisons to be made without fetching the User. version 0.6.19 final (11-June-2012): * JavaScript: * inlineEditor no longer bubbles keypress events up. This helps prevent problems with global key handlers being greedy. version 0.6.18 final (5-June-2012): * djblets.siteconfig: * Settings form rows in the template now have IDs indicating the row (in the form of "row-{{fieldname}}") and CSS class names ("field-{{fieldname}}"). * Help text for fields are now marked as safe, so that the contents aren't escaped. * The form's disabled_reasons is no longer assumed to be populated. * The initial field values are now always set. Previously, they would only be set if the field type was a boolean, or the value didn't evaluate to false, which broke numeric fields set to 0. * djblets.util: * Added a json_dumps filter, which serialized a value to JSON. version 0.6.17 final (2-April-2012): * djblets.gravatars: * Gravatars are no longer hard-coded to be jpegs. This was breaking some gravatars. * JavaScript: * inlineEditor now has a showRequiredFlag option for indicating if a field is required. No validation is done on this, but an asterisk is displayed in order to indicate that it's required. Patch by Yazan Medanat. * inlineEditor now indicates when its dirty state changes. A new "dirtyStateChanged" signal is emitted whenever the dirty state changes, which happens as the result of a number of different events. Looking up the dirty state is now cheaper, as it's calculated when needed instead of on lookup. Patch by Jim Chen. version 0.6.16 final (26-February-2012): * djblets.datagrid: * Removed an extraneous </span> in the paginator. * Fixed a compatibility issue with Django 1.4 in the queries. * djblets.util: * Fix parsing of tokens in a blocktag in Django 1.4. We were failing to pass a tuple to parser.parse() when specifying the end tags for a block tag. Somehow this never bit us before, but a seemingly unrelated change in Django 1.4 triggered this broken behavior, making all custom blocktags break. This led to some false-positives in other fixes, where it seemed that removing custom tags starting with "if" solved things. In reality, it didn't solve anything. It just masked the problem. This change should be compatible with all versions of Django. * djblets.webapi: * Add support for resource-specific mimetypes. A common method for REST services is to have payloads returned with resource-specific mimetypes. These can help to identify the format of a payload (useful for automatic bindings) without having to inspect the URI. This adds support for easily telling a resource to return such mimetypes. If mimetype_vendor is specified, WebAPIResource can populate the accepted mimetypes list with some vendor/resource-specific mimetypes that will be used by default for any responses. When there's a vendor mimetype, the resources will use the resource names for the mimetypes, but these can be overridden using mimetype_list_resource_name and mimetype_item_resource_name. * Accept "true" as a valid boolean value in the web API. Patch by Jim Chen. version 0.6.15 final (13-December-2011): * djblets.pipeline: * Replaced the djblets.compress module with djblets.pipeline. django-compress was deprecated shortly after our 0.6.14 release, with django-pipeline being the successor. As such, we've decided to get rid of the djblets.compress support and just replace it with equivalent pipeline support. We're not aware of any projects this will break. * djblets.util: * Fixed Django 1.4 compatibility. djblets.util.misc was importing RegexURLPattern from a location that no longer worked. This has been updated to use the proper import path. version 0.6.14 final (9-November-2011): * djblets.compress: * Added a new filters for django-compress that handles lesscss (http://lesscss.org) files and automatically converts/deploys as CSS. * Added new templates for django-compress that handles the MEDIA_SERIAL suffix. * djblets.siteconfig: * The settings template now allows fields to not have a label by setting "fields_no_label" to True in the form class. Patch by Hongbin Lu. * djblets.webapi: * Fixed authentication failures when ":" was in the password. Patch by Dave Druska. (Bug #2334) * djblets.util: * The jQuery and jQuery-UI versions are now referenced in only one place, in js/jquery.html and js/jquery-ui.html. Other templates can include these and keep up-to-date with the versions Djblets provides. Projects can override these templates to provide their own hard-coded versions. In the next release, these will switch to the Google CDN by default. version 0.6.13 final (7-October-2011): * djblets.log: * Include the HTTP method in the new page request logs. * djblets.util: * Moved controlled_subprocess into djblets.util.contextmanagers. This makes it easier to selectively import on Python 2.4. * Fixed a syntax error in controlled_subprocess on Python 2.4 and 2.5. version 0.6.12 final (6-October-2011): * djblets.log: * Allow logging page access times. If settings.LOGGING_PAGE_TIMES is set to True, page access times (along with HTTP method, URL, and user) are logged. This can be handy in tracking performance problems and blocked page loads. * djblets.util: * Added a controlled_subprocess context manager for Python 2.5+. This is useful for using subprocess.Popen on a process that may end up blocking. It ensures that a blocked process will terminate. This is experimental and may change in behavior, or move to a new file. Patch by Mike Conley. * djblets.webapi: * API authorization failures, misparsed headers, and authorization attempts are now logged. version 0.6.11 final (10-September-2011): * djblets.testing: * Added a new TestCase class and @add_fixtures decorator for having fixtures specific to text functions. * djblets.util: * Fixed defaults on counter fields on new model instances. Counter fields on new model instances were being set to 0, preventing them from recomputing the next time they're accessed. This would cause any new models to be incorrect. They're now initialized to NULL instead. (Bug #2268) version 0.6.10 final (20-August-2011): * djblets.datagrid: * Log failed attempts at finding cell templates, in order to aid debugging. * djblets.feedview: * Don't fail with an uncaught exception if loading an RSS feed fails. (Bug #2189) If loading the RSS feed fails (if it's behind a proxy, for example), feedview would raise an error. Now it provides the error data for the caller to render. * djblets.log: * Fixed a date range calculation bug in the log viewer. (Bug #2218) The "This Month" view in the log viewer was broken due to it attempting to use the beginning of the date range calculated, which was 0, instead of 01. Since we can assume the start of the month will continue to be 1 for the foreseeable future, we can just hardcode this and be safe. Patch by Lee Loucks. * djblets.util: * Added a make_cache_key function for generating usable cache keys. The make_cache_key function generates a cache key guaranteed to be able to fit inside the memcached key length restrictions. It will generate a MD5 hash of the key if it exceeds the length. This is the same logic that cache_memoize uses to build the keys. It can be used to perform other operations on that key. Patch by Vlad Filippov. * Allow JSONField to store up to 4GB of data on MySQL. (Bug #1481) JSONField on MySQL was hard-coding the "TEXT" column type, allowing only 64KB of data. Now it uses the default for Django's TextField, which is 4GB. This won't break compatibility with existing fields, but those fields won't gain the benefits. To update an existing field on MySQL, you will need to perform the following: ALTER TABLE table_name MODIFY field_name LONGTEXT; * Fixed a storage problem with large cache data. (Bug #1660) Large cache data was encoded incorrectly, causing anything stored to become unloadable, meaning it'd have to be recomputed. This was due to a string being stored for all but the last chunk, instead of a string wrapped in a list. This affects any data that, after being picked and zlib-compressed, is over 1MB in size. * djblets.webapi: * Make it easier to debug invalid data types in @webapi_request_fields. If using an invalid data type in the @webapi_request_fields listing, you'd see a cryptic error being raised. Now the field is ignored and an error is logged. version 0.6.9 final (21-July-2011): * djblets.auth: * Add optional first and last name fields to RegistrationForm. * Prevent occasional errors when calling delete_test_cookie(). Sometimes validate_test_cookie() will work and then delete delete_test_cookie() will throw an error. If the test cookie is already gone from the session, we no longer care if it fails to be deleted. * djblets.datagrid: * Fixed an occasional crash due to id_list not being set. (Bug #1526) * Fixed an occasional rendering error caused by a 'None' object being rendered. * Changing datagrid columns no longer loses the current page you're on, or other view settings. Patch by Simon Wu. * djblets.util: * Added a ifnotuserandperm template tag, which is the negation of ifuserandperm. Patch by Hongbin Lu. * djblets.webapi: * Add support for browser-side caching of webapi resources. WebAPIResource now has a few new properties and methods for handling browser-side caching. Resources can handle Last Modified timestamps or ETags, and generate them either based on fields or through custom functions. This can speed up access to resources, improving performance both client-side and server-side. * JavaScript: * Prompt when canceling a dirty inlineEditor by default. (Bug #2096) inlineEditor now prompts the user if they cancel via Escape or the Cancel button when the editor is dirty. The user has a chance to change his mind instead of just losing everything he wrote. This can be turned off per-inlineEditor. * Support Control-S for saving on inlineEditors. (Bug #1958) When editing a long block of text on an edit field, it's handy to be able to save periodically. Now, pressing Control-S will now trigger a save without closing the field. Patch by Hongbin Lu. version 0.6.8 final (23-June-2011): * djblets.datagrid: * Fixed an occasional ValueError with the datagrid. On occasion, the "active" state of a column can sometimes be True when the column isn't in self.datagrid.columns, which meant it would throw a ValueError when trying to remove itself from the list. We're more bullet-proof now. * djblets.gravatars: * The gravatar templatetag no longer errors out if the provided user is anonymous. * djblets.log: * The "Logging to..." lines are now only logged when settings.DEBUG is on. * djblets.util: * JSONField no longer errors out if blank=False is used. (Bug #2015) * Fixed escaping of label names in label_tag() on newer versions of Django. * djblets.webapi: * Fixed a problem when settings.WEB_API_ENCODERS isn't set. Our fallback for when this setting wasn't set was broken, causing new errors. version 0.6.7 final (9-January-2011): * djblets.datagrid: * The datagrids now use a RequestContext when rendering cells, allowing the columns or templates to access data from context processors. * djblets.siteconfig: * The form body of a siteconfig settings page can now be replaced. It's now stored in the "form_content" block. * SiteConfigurationManager no longer crashes if trying to clear the cache for a SiteConfiguration that no longer exists. * djblets.testing: * The Selenium test suite has been updated to support Django 1.2's multi-database support. Previously, fixtures would fail to load if using the new settings.DATABASES variable. * djblets.util: * The @augment_method_from decorator wasn't properly calling up the decorator chain, preventing some decorators from being invoked. This has been fixed to ensure all decorators are called. * djblets.webapi: * Due to the @augment_method_from breakage listed above, webapi decorators could fail to add their own checks, causing various problems in field checking and authentication. This is now fixed. * The Permission Denied (HTTP 403) errors being returned weren't sufficient for clients that weren't authenticated. Now, an unauthenticated client will instead see Not Logged In (HTTP 401) errors. * The HTTP_AUTHORIZATION header is now checked on all requests. When provided by the client, it will be used for authentication. This means that clients can now force a login from their very first request on, instead of requiring a HTTP 401 Unauthorized being sent out first. This will also prevent multiple logins across different requests from the same client, when the HTTP_AUTHORIZATION header is passed on each request. This makes requests less heavy-weight and prevents the last_login timestamp on the User from being updated on each request. As part of this change, any webapps manually using the @webapi_login_required decorator without the new resource code will no longer support HTTP Basic auth. However, this was never a supported feature anyway, and was more there by accident. * The 'api_format' parameter in requests is now treated specially and doesn't trigger any invalid attribute errors during field validation. * WebAPIResource.delete now uses get_object instead of fetching the object directly, which simplifies the function and guarantees that the correct object is used (especially when a resource overrides get_object). * Redirects now preserve any special parameters ("callback", "_method", "expand", and "api_format") passed to the request. This works around problems in HTTP implementations that don't allow the caller to know that redirects occurred (such as major browsers), which would lead to this information being stripped and the wrong results being returned. * The "expand" parameter for expanding links in payloads is now supported for POST and PUT requests. version 0.6.6 final (22-November-2010): * djblets.util: * Fixed a compatibility problem with JSONField and Django 1.1. It was assuming support for Django 1.2's multi-database support. * Fixed multi-database support in Django 1.2 with JSONField, where the default connection was always being used in one case. version 0.6.5 final (20-November-2010): * djblets.datagrid: * MEDIA_SERIAL is now used for all the images in the datagrid template. Patch by Ben Hollis. * djblets.util: * Added a @root_url decorator for use with get_absolute_url implementations, which appends SITE-ROOT to any returned URLs. * Added a CounterField for atomically updating counters. CounterField can be used to atomically increment or decrement an integer stored in the database, on individual models or on many models at a time. It's intended to substitute for potentially expensive or numerous SQL queries that retrieve counts of objects. * Updated the custom fields for Django 1.2 multi-database compatibility. * djblets.webapi: * Fixed a bug in serializing 'long' values in XML. * Resources now Vary on HTTP Accept, meaning that the browser won't cache the wrong response type when accessing the same resource with two different requested mimetypes. * Reduced the SQL query count for resources. * Fixed problems that could occur with URLs when serializing objects in a list and when returning links. version 0.6.4 final (14-September-2010): * djblets.testing: * An undefined variable error when using the Selenium test support has been fixed. * djblets.util: * Added an augment_method_from decorator for augmenting existing functions. This allows a subclass to augment a parent class's function's documentation and decorators. The existing decorators are automatically inherited. Where this becomes useful is where you have several classes that share common logic, but may need further restrictions or new documentation. The defined function is meant to have an empty body (or 'pass'), but it can contain code wich will be executed after the parent function. No returned values will be used, however. * djblets.webapi: * When serializing a dictionary in a webapi response into XML, we now properly serialize keys that are integers. They are serialized as <int value="...">. * Fixed a circular dependency that occured between resources.py, encoders.py, and core.py (depending on which was first imported). * The User resource now accepts a '.' in the username. * List-only resources now always have their get_list function called, regardless of whether it had list_child_resources defined. * Singleton resources (resources that exist as a single child item with no object list) must now have the 'singleton' parameter set to 'True'. * HTTP Accept mimetypes and ?api_format= are now supported properly for resources. * Specifying api_format in POST requests now works. * Resource classes instances can now be queried by class, using the get_resource_from_class function. * Resource classes can now be introspected: * Functions can list which error classes the client can expect to receive using the @webapi_response_errors decorator. It can be queried using function.response_errors. * The list of fields that can or must be specified for HTTP GET/PUT/POST can now be queried. It can be queried using function.required_fields and function.optional_fields. * Usage of @webapi_login_required can now be checked by accessing function.login_required. * The list of fields on a resource should now be a dictionary, which can include a description of the field. * The custom links on a resource can now be explicitly listed by overriding the get_related_links function. version 0.6.3 final (4-July-2010): * djblets.testing: * Fixed Selenium unit testing to properly skip the tests when the Selenium server was down. * djblets.util: * Added utility functions for HTTP Accept-based content negotation. This adds new get_http_requested_mimetype and get_http_accept_lists functions for doing content negotiation using the HTTP Accept request header. This header allows clients to tell the server which mimetypes it accepts or explicitly forbids, based on priorities, so that the server can send the right data. This can allow a single URL to return various forms of data based on the client (HTML, PDF, JSON, etc.). The get_http_accept_lists() function parses the HTTP Accept request header and returns sorted lists of acceptable mimetypes and unacceptable mimetypes. These are sorted based on the priorities in the header. The get_http_requested_mimetype() function takes a HttpRequest and a list of supported mimetypes for that URL and then, based on the results of get_http_accept_lists() and the supported mimetypes, determines what mimetype the server should be using. If nothing is supported, it will return None, and the server is expected to return a HttpResponseNotAcceptable. * JavaScript: * This adds some stuff to gravy to make sites work better on the iPhone/iPad versions of Safari. A new $.proxyTouchEvents function has been added, which causes touch screen events to be forwarded to existing mouse event handlers. It's intended for basic use cases where multi-touch events really don't need to be handled. * $.browser has been updated with a 'mobileSafari' check, making it easier to determine whether we're running on the iPhone/iPad. * A workaround for jQuery bug #6446 has been implemented, which basically fixes an issue with the result from $.offset() being incorrect. * Tooltips are disabled on iPhone/Pad, as they're really not at all useful and their hover events manage to get in the way of other events. version 0.6.2 final (13-May-2010): * djblets.log: * Fix a compatibility error with Python 2.4 and 2.5. version 0.6.1 final (12-May-2010): * djblets.webapi: * Fixed a regression with the webapi auth handlers. They weren't accepting the right arguments. version 0.6.0 final (11-May-2010): * djblets.datagrid: * Fixed rendering issues with columns in the datagrids. Adding columns to a datagrid would cause odd rendering issues. This was due to not including the 'last' flag (indicating the last column, in order to position the Edit Columns column properly) in the cache key. We now add the key, which allows the datagrid to render properly when adding or removing columns. * Fixed over-caching of columns. There were a couple bugs where Djblets cached the rendered columns too aggressively, causing links on cells to point to the wrong addresses and columns to render incorrectly based on previous loads. (Bug #1582) * djblets.log: * Switched the logging setup code to use a WatchedFileHandler, which automatically reopens the log files for writing when they're deleting (such as after log rotation). * djblets.testing: * Added the new djblets.testing module, which houses our old unit testing helpers from djblets.util.testing. * Added new Selenium test suite support for automated browser testing. * djblets.webapi: * Added a new resource-based model for doing more RESTful APIs. This introduces a new class for easily creating RESTful URL resources that can handle standard HTTP methods and return meaningful data in a nicely constructed hierarchy. By using WebAPIResource, a site can offer a very clean set of URLs to work with any object. There's a lot to this object, but it's all covered in the extensive documentation in webapi/resources.py. version 0.5.9 final (28-March-2010): * djblets.util: * cache_memoize now converts all keys to plain strings, instead of allowing unicode to be passed to the backend. Not all cache backends allow for unicode keys. * djblets.siteconfig: * The same change for cache keys was made here as well. * djblets: * Added ez_setup.py to the source distribution. * Added djblets.__version__ and djblets.__version_info__. __version__ is a variable containing the results of djblets.get_package_version(), and __version_info__ contains the version parts in a tuple. version 0.5.8 final (27-March-2010): * djblets.datagrid: * Made many more speed improvements in the datagrids. This builds upon the previous set of improvements. We now parse and cache the cell and header templates before any rendering is done, instead of doing it once per cell. We also cache cells by their displayed content, so that two cells that would show the same rendered data will only render once. This is especially useful for cells showing such things as usernames. This can easily take seconds off the load of a heavy datagrid. * Objects in the datagrid with custom primary keys that aren't named 'id' now work. * The Edit Columns icon is now a pencil instead of just "...', making it easier to see it and figure out its purpose. (Bug #910) * djblets.feedview: * The feedparser library is now only imported when needed. This reduces startup time for requests by as much as a quarter of a second, as feedparser is a very large library and takes time to import. This should improve performance for any site that at all lists djblets.feedview in INSTALLED_APPS, even for pages not making use of feedview. * djblets.siteconfig: * The stale settings issue appears to be fixed in this release. It needs more testing in large deployments, but we've identified a couple cases that would cause this problem and have fixed them. * The mail authentication information is now saved as plain strings instead of unicode strings in order to fix a compatibility issue with Python 2.6's HMAC library. * The SiteConfiguration's settings field is now read-only in the Django administration UI in Django 1.2. * djblets.webapi: * WebAPIErrors can now take HTTP status codes that will be sent to the browser. These default to 400, though the built-in errors may define different codes. This change does break backwards-compatibility if a client calling the API makes the assumption that every result with a payload will be an HTTP 200 OK. Clients shouldn't make these assumptions, but it's possible that they do. * Added support for Basic HTTP Authentication. Clients making a call when not logged in to a restricted URL will now get an HTTP 401 Unauthorized, along with a WWW-Authentication header specifying that Basic Auth is to be used. Clients can use standard Basic Auth to pass credentials to any URL requiring such authorization in order to log in. This removes the need for special login URLs. This makes APIs more accessible to applications like wget or curl. * Added an easy way to do pagination with the web API. API calls returning lists of data can now paginate the results, returning only a certain amount of data. The results and the total number of items across all pages will be returned. URLs are provided in the resulting JSON payload that point to the previous or next queries. Callers can pass a 'start' parameter to the URL to specify the first item's index (0-based), and 'max-results' to specify the maximum number of items it wants in that request (which may be capped server-side). version 0.5.7 final (14-February-2010): * djblets.datagrid: * Columns in datagrids can now augment the queryset before actually querying the database. This allows them to prefetch information instead of having to do a query per-row. This also now by default globally caches the resulting data in Column.render_data if displaying a foreign key. This means that if several rows are all referencing the same User object, for instance, there will be only one query for that object instead of one per row. * djblets.log: * Add a title to the Server Log page. * djblets.util: * Fixed image cropping with the new Django storage support. Python Image Library was confused about the format to save the resulting image in when cropping. We now pass in the appropriate format in order to allow it to save. We also log any failures that may come up. (Bug #1396) * JavaScript: * Allow the classes in modalBox to be customized on a per-instance basis, allowing for more custom types of modalBoxes (such as a specially stylized help box). Patch by Hussain Bohra. * Added a new $.fn.scrollIntoView function. This will ensure that the target element is visible on-screen. version 0.5.6 final (15-November-2009): * djblets.auth: * RegistrationForm now takes in a request. * Extra context can be passed to the template for the registration form. version 0.5.5 final (22-October-2009): * JavaScript: * Fix a bug on Internet Explorer when setting the white-space property on an auto-size text area. (Bug #1349) version 0.5.4 final (4-October-2009): * djblets.datagrid: * Compatibility updates for the Django 1.2 development branch. * JavaScript: * On Google Chrome, the text areas would grow by a line with every key pressed. Patch by Cory McWilliams. (Bug #1145) * On Safari 4, the text areas wouldn't auto-resize based on text. * On Firefox, the text areas would shrink too much when deleting text. version 0.5.3 final (17-September-2009): * djblets.siteconfig: * Updated to work with Django 1.1's admin UI stylesheets. version 0.5.2 final (15-September-2009): * General: * Added copyright and MIT license headers to all files. * JavaScript: * inlineEditors now prevent the event from bubbling up when clicking their target element. This means that a target element inside of an <a href="..."> will no longer cause the page to change when clicking the element. (Bug #1221) * djblets.auth: * Deleted the password recovery code. It was intended for use in an old version of Django and has since been supplanted by Django. We don't believe anyone is using it or should be encouraged to use it. * djblets.log: * Added a Server Log view for administration UIs. This is used to display the server log (using the Python logging defaults from djblets.log). The log is filterable and sortable. * Exceptions are now logged when using LoggingMiddleware. When an exception occurs, the stack, username and URL are logged. * djblets.util.misc: * cache_memoize will now always ensure that cache keys will never exceed the maximum key length. If the key is larger, an md5sum of the key is used instead. Patch by Thilo-Alexander Ginkel. version 0.5.1 final (2-August-2009): * JavaScript: * Added a clear() function to $.funcQueue(), which clears the queue and prevents any further processing until it's next started. * djblets.util.filesystem: * Added the new djblets.util.filesystem for filesystem-related functionality. * This currently contains is_exe_in_path, which checks if an executale exists in the system path. This will do intelligent file extension determination. It expects an application name without a file extension (such as "cvs") and will append the ".exe" on Windows. This is an improvement over the method we used in Review Board before where we blindly searched for "cvs" (which could in theory exist yet not be an executable) on Windows, or "cvs.exe" (which could in theory exist yet not be an executable) on Linux. version 0.5 final (20-June-2009): * Final release of Djblets 0.5. This release was made to go alongside Review Board 1.0. While Djblets works its way to its own 1.0, we will attempt to not break any existing API. However, it is important to note that Djblets is not API frozen at all yet. We advise developers to continue to work against Djblets SVN/nightlies, but to base production applications on 0.5. version 0.5 rc2 (13-June-2009): * General: * Properly list the license as MIT, not GPL, in setup.py. (Bug #1120) * JavaScript: * Prevent funcQueue.start() from being called when the queue is already started. * djblets.datagrid: * Added speedups when sorting columns. We used to generate an SQL query that pulled in all information in the order specified by the columns, but this could be slow for large data sets. We now do the minimal query, retrieving only the object IDs, and then fetch data on those specific IDs in a second query. The end result is a significant speedup in rendering datagrids when used with large amounts of data. * djblets.log: * Fix logging when we're unable to write to the log file. We now fall back on stderr. Patch by Paolo Borelli. * djblets.util.fields: * Fixed a typo in a variable name that caused problems in JSONField when getting data in an unexpected format. version 0.5 rc1 (3-May-2009): * JavaScript: * Clicking the edit icons for inlineEditors no longer causes the page to scroll in some browsers. (Bug #1057) * djblets.datagrids: * Sped up the datagrids in some cases by always including related objects (up to one depth level) in the query for the datagrid. * djblets.siteconfig: * Prepended the site's domain to the siteconfig cache key, making it possible to use multiple siteconfig-based apps on the same server. (Bug #986) * Saving a SiteConfig didn't always cause other instances of that SiteConfig on the server to reload, meaning that people would sometimes have to restart the server to get settings to apply. This is now fixed. (Bug #734) * Removed a redundant key for the timezone. * djblets.util.templatetags.djblets_utils: * The ageid filter now returns an empty string if passed 'None' as the timestamp. version 0.5 beta 1 (28-March-2009): * JavaScript: * Moved to using jQuery 1.3.2. * Small performance improvements in tooltip and modalBox. * The edit icons in an inlineEditor are now accessible, so they can be activated by pressing the Enter key in Firefox. Patch by Brad Taylor. (Bug #965) * djblets.util.fields: * JSONField and Base64Field now properly serialize to a JSON file, so long as the patch at http://code.djangoproject.com/ticket/9522 is applied. * Objects saved in the admin UI that have a Base64Field no longer causes garbage in the field. The fields are now saved properly. (Bug #918) * djblets.gravatars: * Added an "alt" attribute for the generated gravatar image, in order to fix XHTML compliance. * djblets.datagrids: * Fixed some XHTML validation errors. Patch by Onkar Shinde. (Bug #932) version 0.5 alpha 3 (15-February-2009): * JavaScript Bugs Fixed: * Fixed some major performance issues in autoSizeTextArea. * Fixed a bug with Safari and inlineEditor where Safari would sometimes crash due to autoSizeTextArea. We now just disable the autoSizeTextArea functionality. * inlineEditor no longer allows startEdit to be called when editing is already enabled. * New Features: * Added new set_etag, etag_if_none_match, etag_if_match functions for working with ETags. * Added a new jQuery.fn.html() method that works around IE's broken innerHTML implementation. innerHTML in IE would strip whitespace, which was bad when inserting into <pre> and <textarea> tags. version 0.5 alpha 2 (3-February-2009): * JavaScript: * We now include and require jQuery 1.3.1 and jQueyr-ui 1.6rc5. * Added support for starting an inlineEditor in the opened state, and prevent animations when starting or forcing it to be open. * Disabled keypress propagation for inlineEditor. This fixes a bug in Review Board's diff viewer (bug #838). * djblets.gravatars (new): * Added basic support for gravatars. This provides a {% gravatars %} template tag for displaying a gravatar based on a User object. See http://www.gravatar.com/ for more information on Gravatars. * djblets.util: * Added a {% include_as_string %} tag for including a template as a JavaScript string. * Added the ability to generate media and AJAX serial numbers based on the media files and template files. These can be appended to the media and AJAX URLs which, in combination with aggressive Expires headers, can drastically speed up load times of sites. See djblets.util.context_processors and djblets.util.misc.generate_cache_serials. * djblets.webapi: * Set the mime type for JSON responses to application/json, except when responding to an upload, in which case text/plain is used. * Fixed a bug where WebAPIResponse._get_content was called too frequently and in some cases generated a 500 error.