A micro web-framework with superpowers

## Morepath: Python web microframework with super powers

Morepath is a Python web framework. An application consists of models. Each type of model is published on a URL path. Content is exposed to the web using views.

## 0.19 (2020-01-30)

• Removed: Removed support for Python 2.

You have to upgrade to Python 3 if you want to use this version.

• Added support for Python 3.8 and PyPy 3.6.

• Make Python 3.7 the default.

• Update to new signature of reg.arginfo, which returns now a FullArgSpec tuple instead of an ArgSpec tuple.

• Add integration for the Black code formatter.

## 0.18.2 (2019-01-22)

• Fixes an infinite recursion error during morepath.autoscan.

The error that occurred when morepath.autoscan was run in an environment where two packages depended on each other, as well as depending on morepath through an intermediary.

See #536

• Added support for Python 3.6 and 3.7 and dropped support for Python 3.3

## 0.18.1 (2017-06-30)

• Link generation was unstable when supplied with multiple URL parameters. Sort URL parameters so that link generation is stable. This is convenient in tests.

This could potentially break tests which weren’t stable in the past. Fixing the tests to use the alphabetical sort order should fix the issue.

• The poisoned host header protection is no longer case-sensitive.

• Underscores are now allowed in host headers. Though they are not valid in domain names, they are valid in host names and offer no attack surface.

## 0.18 (2017-03-17)

• New: The load API, which allows you to define how incoming JSON (through a POST, PUT or PATH request) will be converted to a Python object and how it will be validated. This feature lets you plug in external serialization and validation libraries, such as Marshmallow, Colander, Cerberus, Jsonschema or Voluptuous.

• Removed: morepath.body_model_predicate is removed from the Morepath API together with the morepath.App.load_json directive and the morepath.request.body_obj property. If you use the load_json directive, this functionality has been moved to a separate more.body_model package. Use this package instead by subclassing your App from more.body_model.BodyModelApp.

• Uploading huge files lead to excessive memory consumption as the whole body was consumed for no good reason. This is now fixed.

See #504

• Fixes link prefix not applying to mounted applications.

See #516

## 0.17 (2016-12-23)

• Removed: The class morepath.ViewRegistry is gone.
• Upload universal wheels to pypi during release.
• Refactored and simplified implementation of ConverterRegistry.
• Bugfix: exception views in mounted apps weren’t looked up correctly anymore.
• Adds compatibility with WebOb 1.7.
• Removed extra spaces after the colon in json. For example: {“foo”: “bar”} is now {“foo”:”bar”}.
• Morepath now keeps track of what code was used to resolve a path and a view. You use more.whytool to get a command line tool that provides insight in what code was used for a request.

## 0.16.1 (2016-10-04)

• Adjust setup.py to require Reg 0.10 and Dectate 0.12, otherwise Morepath won’t work properly.

## 0.16 (2016-10-04)

### Release highlights

• A new, cleaner and faster implementation of Reg underlies this version of Morepath. It turns generic functions into methods on the App class, and removes implicit behavior entirely.

This has some impact if you used the low-level function directive or if you defined your own predicates with the predicate and predicate_fallback directives, see details below.

• A new build environment based around virtualenv and pip. We’ve removed the old buildout-based build environment. doc/developing.rst has much more.

• Performance work boosts performance of Morepath significantly.

### Removals & Deprecations

• Removed: morepath.remember_identity is removed from the Morepath API.

Use

request.app.remember_identity(response, request, identity)


remember_identity(response, request, identity, lookup=request.lookup)

• Removed: morepath.forget_identity is removed from the Morepath API.

Use

request.app.forget_identity(response, request)


morepath.forget_identity(response, request, lookup=request.lookup)

• Removed morepath.settings is removed from the Morepath API.

Use the morepath.App.settings property instead. You can access this through app.settings. You can access this through request.app.settings if you have the request. The following directives now get an additional optional first argument called app: permission_rule, verify_identity, dump_json, load_json, link_prefix and the variables function passed to the path directive.

• Removed morepath.enable_implicit and morepath.disable_implicit are both removed from the Morepath API.

Morepath now uses generic methods on the application class. The application class determines the context used.

• Removed We previously used buildout to install a development environment for Morepath. We now use pip. See doc/developing.rst for details, and also below.

### Features

• Breaking change Dectate used to support the directive pseudo-directive to let you define directives. But this could lead to import problems if you forgot to import the module where the pseudo-directives are defined before using them. In this release we define the directives directly on the App class using the new dectate.directive mechanism, avoiding this problem.

If you have code that defines new directives, you have to adjust your code accordingly; see the Dectate changelog for more details.

• Breaking change Previously Morepath used Reg’s dispatch functions directly, with a mechanism to pass in a lookup argument to a dispatch function to control the application context. The lookup was maintained on App.lookup. Tests were to pass the lookup explicitly. Reg also maintained this lookup in a thread-local variable, and any dispatch call that did not have a explicit lookup argument passed in used this implicit lookup directly.

Reg has undergone a major refactoring which affects Morepath. As a result, Morepath is faster and dispatch code becomes more Pythonic. The concept of lookup is gone: no more lookup argument, app.lookup or implicit lookup. Instead, Morepath now makes use of dispatch methods on the application. The application itself provides the explicit dispatch context. See #448 for the discussion leading up to this change.

Most Morepath application and library projects should continue to work unchanged, but some changes are necessary if you used some advanced features:

• If in your code you call a generic function from morepath.generic directly it won’t work anymore. Call the equivalent method on the app instance instead.

• If you pass through the lookup argument explicitly, remove this. Calling the dispatch method on the app instance is enough to indicate context.

• If you defined a generic function in your code, you should move it to a morepath.App subclass instead and use morepath.dispatch_method instead of reg.dispatch. Using reg.dispatch_method directly is possible but not recommended: morepath.dispatch_method includes caching behavior that speeds up applications. For example:

class MyApp(morepath.App):
@morepath.dispatch_method('obj')
def my_dispatch(self, obj):
pass

• The function directive has been replaced by the method directive, where you indicate the dispatch method on the first argument. For example:

@App.method(MyApp.my_dispatch, obj=Foo)
def my_dispatch_impl(app, obj):
return "Implementation for Foo"

• The predicate directive can be used to install new predicates for dispatch methods. The first argument should be a reference to the dispatch method, for instance:

@App.predicate(App.get_view, name='model', default=None,
index=ClassIndex)
def model_predicate(obj):
return obj.__class__


There is a new public method called App.get_view that you can install view predicates on.

• The predicate_fallback directive gets a reference to the method too. The decorated function needs to take the same arguments as the dispatch method; previously it could be a subset. So for example:

@App.predicate_fallback(App.get_view, model_predicate)
def model_not_found(self, obj, request):
raise HTTPNotFound()


Where self refers to the app instance.

### Bug fixes

• Fix code_examples path for doctests with tox.

### Build environment

• We now use virtualenv and pip instead of buildout to set up the development environment. The development documentation has been updated accordingly. Also see issues #473 and #484.
• Have the manifest file for source distribution include all files under VCS.
• As we reached 100% code coverage for pytest, coveralls integration was replaced by the --fail-under=100 argument of coverage report in the tox coverage test.

### Other

• Refactored traject routing code with an eye on performance.
• Use abstract base classes from the standard library for morepath.IdentityPolicy.
• Expand the test suite to cover morepath.Request.reset, loop detection for deferred class links, dispatching of @App.verify_identity-decorated functions on the identity argument (#464). Coverage ratio is now 100%.

## 0.15 (2016-07-18)

### Removals & Deprecations

• Removed: morepath.autosetup and morepath.autocommit are both removed from the Morepath API.

Use autoscan. Also use new explicit App.commit method, or rely on Morepath automatically committing during the first request. So instead of:

morepath.autosetup()
morepath.run(App())


you do:

morepath.autoscan()
App.commit()  # optional
morepath.run(App())

• Removed: the morepath.security module is removed, and you cannot import from it anymore. Change imports from it to the public API, so go from:

from morepath.security import NO_IDENTITY


to:

from morepath import NO_IDENTITY

• Deprecated morepath.remember_identity and morepath.forget_identity are both deprecated.

Use the morepath.App.remember_identity and morepath.App.forget_identity methods, respectively.

remember_identity(response, request, identity, lookup=request.lookup)
...
morepath.forget_identity(response, request, lookup=request.lookup)


you do:

request.app.remember_identity(response, request, identity)
...
request.app.forget_identity(response, request)

• Deprecated morepath.settings is deprecated.

• Deprecated morepath.enable_implicit and morepath.disable_implicit are both deprecated.

You no longer need to choose between implicit or explicit lookup for generic functions, as the generic functions that are part of the API have all been deprecated.

### Features

• Factored out new App.mounted_app_classes() class method which can be used to determine the mounted app classes after a commit. This can used to get the argument to dectate.query_tool if the commit is known to have already been done earlier.
• The morepath.run function now takes command-line arguments to set the host and port, and is friendlier in general.
• Add App.init_settings for pre-filling the settings registry with a python dictionary. This can be used to load the settings from a config file.
• Add a reset method to the Request class that resets it to the state it had when request processing started. This is used by more.transaction to reset request processing when it retries a transaction.

### Bug fixes

• Fix a bug where a double slash at the start of a path was not normalized.

### Cleanups

• Cleanups and testing of reify functionality.
• More doctests in the narrative documentation.
• A few small performance tweaks.
• Remove unused imports and fix pep8 in core.py.

### Other

• Add support for Python 3.5 and make it the default Python environment.

## 0.14 (2016-04-26)

• New We have a new chat channel available. You can join us by clicking this link:

https://discord.gg/0xRQrJnOPiRsEANa

Please join and hang out! We are retiring the (empty) Freenode #morepath channel.

• Breaking change: Move the basic auth policy to more.basicauth extension extension. Basic auth is just one of the authentication choices you have and not the default. To update code, make your project depend on more.basicauth and import BasicAuthIdentityPolicy from more.basicauth.

• Breaking change: Remove some exception classes that weren’t used: morepath.error.ViewError, morepath.error.ResolveError. If you try to catch them in your code, just remove the whole except statement as they were never raised.

• Deprecated Importing from morepath.security directly. We moved a few things from it into the public API: enable_implicit, disable_implicit, remember_identity, forget_identity, Identity, IdentityPolicy, NO_IDENTITY. Some of these were already documented as importable from morepath.security. Although importing from morepath.security won’t break yet, you should stop importing from it and import directly from morepath instead.

• Deprecated morepath.autosetup and morepath.autocommit are both deprecated.

Use autoscan. Also use new explicit App.commit method, or rely on Morepath automatically committing during the first request. So instead of:

morepath.autosetup()
morepath.run(App())


you do:

morepath.autoscan()
App.commit()  # optional
morepath.run(App())

• Breaking change Extensions that imported RegRegistry directly from morepath.app are going to be broken. This kind of import:

from morepath.app import RegRegistry


needs to become:

from morepath.directive import RegRegistry


This change was made to avoid circular imports in Morepath, and because App did not directly depend on RegRegistry anymore.

• Breaking change: the variables function for the path directive has to be defined taking a first obj argument. In the past it was possible to define a variables function that took no arguments. This is now an error.

• Introduce a new commit method on App that commits the App and also recursively commits all mounted apps. This is more explicit than autocommit and less verbose than using the lower-level dectate.commit.

• Automatic commit of the app is done during the first request if the app wasn’t committed previously. See issue #392.

• Introduce a deprecation warnings (for morepath.security, morepath.autosetup) and document how a user can deal with such warnings.

You can use morepath.HOST_HEADER_PROTECTION in your own tween factory to wrap before or under it.

• Refactor internals of publishing/view engine. Reg is used more effectively for view lookup, order of some parameters is reversed for consistency with public APIs.

• Document the internals of Morepath, see implementation document. This includes docstrings for all the internal APIs.

• The framehack module was merged into autosetup. Increased the coverage to this module to 100%.

• New cookiecutter template for Morepath, and added references in the documentation for it.

• Test cleanup; scan in many tests turns out to be superfluous. Issue #379

• Add a test that verifies we can instantiate an app before configuration is done. See issue #378 for discussion.

• Started doctesting some of the docs.

• Renamed RegRegistry.lookup to RegRegistry.caching_lookup as the lookup property was shadowing a lookup property on reg.Registry. This wasn’t causing bugs but made debugging harder.

• Morepath now has extension API docs that are useful when you want to create your own directive and build on one of Morepath’s registries or directives.

• A friendlier morepath.run that tells you how to quit it with ctrl-C.

• A new document describing how to write a test for Morepath-based applications.

• Document how to create a Dectate-based command-line query tool that lets you query Morepath directives.

• Uses the topological sort implementation in Dectate. Sort out a mess where there were too many TopologicalSortError classes.

## 0.13.2 (2016-04-13)

• Undid change in 0.13.1 where App could not be instantiated if not committed, as ran into real-world code where this assumption was broken.

## 0.13.1 (2016-04-13)

• Enable queries by the Dectate query tool.

• Document scan function in API docs.

• Work around an issue in Python where ~ (tilde) is quoted by urllib.quote & urllib.encode, even though it should not be according to the RFC, as ~ is considered unreserved.

https://www.ietf.org/rfc/rfc3986.txt

• Document some tricks you can do with directives in a new “Directive tricks” document.

• Refactor creation of tweens into function on TweenRegistry.

• Update the REST document; it was rather old and made no mention of body_model.

• Bail out with an error if an App is instantiated without being committed.

## 0.13 (2016-04-06)

• Breaking change. Morepath has a new, extensively refactored configuration system based on dectate and importscan. Dectate is an extracted, and heavily refactored version of Morepath’s configuration system that used to be in morepath.config module. It’s finally documented too!

Dectate and thus Morepath does not use Venusian (or Venusifork) anymore so that dependency is gone.

Code that uses morepath.autosetup should still work.

Code that uses morepath.setup and scans and commits manually needs to change. Change this:

from morepath import setup

config = morepath.setup()
config.scan(package)
config.commit()


into this:

import morepath

morepath.scan(package)
morepath.autocommit()


Similarly config.scan() without arguments to scan its own package needs to be rewritten to use morepath.scan() without arguments.

Anything you import directly now does not need to be scanned anymore; the act of importing a module directly registers the directives with Morepath, though as before they won’t be active until you commit. But scanning something you’ve imported before won’t do any harm.

The signature for morepath.scan is somewhat different than that of the old config.scan. There is no third argument recursive=True anymore. The onerror argument has been renamed to handle_error and has different behavior; the importscan documentation describes the details.

If you were writing tests that involve Morepath, the old structure of the test was:

import morepath

def test_foo():
config = morepath.setup()

class App(morepath.App):
testing_config = config

... use directives on App ...

config.commit()

... do asserts ...


This now needs to change to:

import morepath

def test_foo():
class App(morepath.App):
pass

... use directives on App ...

morepath.commit([App])

... do asserts ...


So, you need to use the morepath.commit() function and give it a list of the application objects you want to commit, explicitly. morepath.autocommit() won’t work in the context of a test.

If you used a test that scanned code you need to adjust it too, from:

import morepath
import some_package

def test_foo():
config = morepath.setup()

config.scan(some_package)

config.commit()

... do asserts ...


to this:

import morepath
import some_package

def test_foo():
morepath.scan(some_package)
morepath.commit([some_package.App])

... do asserts ...


Again you need to be explicit and use morepath.commit to commit those apps you want to test.

If you had a low-level reference to app.registry in your code it will break; the registry has been split up and is now under app.config. If you want access to lookup you can use app.lookup.

If you created custom directives, the way to create directives is now documented as part of the dectate project. The main updates you need to do are:

• subclass from dectate.Action instead of morepath.Directive.

• no more app first argument.

• no super call is needed anymore in __init__.

• add a config class variable to declare the registries you want to affect. Until we break up the main registry this is:

from morepath.app import Registry

...
config = { 'registry': Registry }

• reverse the arguments to perform, so that the object being registered comes first. So change:

def perform(self, registry, obj):
...


into:

def perform(self, obj, registry):
...


But instead of registry use the registry you set up in your action’s config.

• no more prepare. Do error checking inside the perform method and raise a DirectiveError if something is wrong.

If you created sub-actions from prepare, subclass from dectate.Composite instead and implement an actions method.

• group_key method has changed to group_class class variable.

If you were using morepath.sphinxext to document directives using Sphinx autodoc, use dectate.sphinxext instead.

• Breaking change If you want to use Morepath directives on @staticmethod, you need to change the order in which these are applied. In the past:

@App.path(model=Foo, path='bar')
@staticmethod
def get_foo():
....


But now you need to write:

@staticmethod
@App.path(model=Foo, path='bar')
def get_foo():
....

• Breaking change You cannot use a Morepath path directive on a @classmethod directly anymore. Instead you can do this:

class Foo(object):
@classmethod
def get_something():
pass

@App.path('/', model=Something)(Foo.get_something)

• Breaking change. Brought app.settings back, a shortcut to the settings registry. If you use settings, you need to replace any references to app.registry.settings to app.settings.

• Add request.class_link. This lets you link using classes instead of instances as an optimization. In some cases instantiating an object just so you can generate a link to it is relatively expensive. In that case you can use request.class_link instead. This lets you link to a model class and supply a variables dictionary manually.

• Breaking change. In Morepath versions before this there was an class attribute on App subclasses called registry. This was a giant mixed registry which subclassed a lot of different registries used by Morepath (reg registry, converter registry, traject registry, etc). The Dectate configuration system allows us to break this registry into a lot of smaller interdependent registries that are configured in the config of the directives.

While normally you shouldn’t be, if you were somehow relying on App.registry in your code you should now rewrite it to use App.config.reg_registry, App.config.setting_registry, App.config.path_registry etc.

## 0.12 (2016-01-27)

• Breaking change. The request.after function is now called even if the response was directly created by the view (as opposed to the view returning a value to be rendered by morepath). Basically, request.after is now guaranteed to be called if the response’s HTTP status code lies within the 2XX-3XX range.

• Fixed a typo in the defer_link documentation.

• Morepath’s link generation wasn’t properly quoting paths and parameters in all circumstances where non-ascii characters or URL-quoted characters were used. See issue #337.

• Morepath could not handle varargs or keyword arguments properly in path functions. Now bails out with an error early during configuration time. To fix existing code, get rid of any *args or **kw.

• Morepath could not properly generate links if a path directive defines a path variable for the path but does not actually use it in the path function. Now we complain during configuration time. To fix existing code, add all variables that are defined in the path (i.e. {id}) to the function signature.

• Certain errors (ConfigError) were not reporting directive line number information. They now do.

• Better ConfigError reporting when setting_section is in use.

• Removed the unused request parameter from the link method in morepath.request. See issue #351.

• Require venusifork 2.0a3. This is a hacked version which works around some unusual compatibility issues with six.

## 0.11.1 (2015-06-29)

• setuptools has the nasty habit to change underscores in project names to minus characters. This broke the new autoscan machinery for packages with an underscore in their name (such as morepath_sqlalchemy). This was fixed.

## 0.11 (2015-06-29)

• Breaking change. The morepath.autoconfig and morepath.autosetup methods had to be rewritten. Before, Morepath was unable to autoload packages installed using pip.

As a result, Morepath won’t be able to autoload packages if the setup.py name differs from the name of the distributed package or module.

For example: A package named my-app containing a module named myapp won’t be automatically loaded anymore.

Packages like this need to be loaded manually now:

import morepath
import myapp

config = morepath.setup()
config.scan(myapp)
config.commit()

• The config.scan method now excludes ‘test’ and ‘tests’ directories by default.

• The template_directory directive will no longer inspect the current module if the template directory refers to an absolute path. This makes it easier to write tests where the current module might not be available.

• The identity_policy passes settings to the function if it defines such an argument. This way an identity policy can be created that takes settings into account.

• Dots in the request path are now always normalized away. Before, Morepath basically relied on the client to do this, which was a potential security issue.

• Move undocumented pdb out of __init__.py as it could sometimes trip up things. Instead documented it in the API docs in the special morepath.pdbsupport module.

https://github.com/morepath/morepath/issues/328

## 0.10 (2015-04-09)

• Server-side templating language support: there is now a template argument for the html directive (and view and json). You need to use a plugin to add particular template languages to your project, such as more.chameleon and more.jinja2, but you can also add your own.

• Add a new “A Review of the Web” document to the docs to show how Morepath fits within the web.

• The publisher does not respond to a None render function anymore. Instead, the view directive now uses a default render_view if None is configured. This simplifies the publisher guaranteeing a render function always exists.

• Introduce a request.resolve_path method that allows you to resolve paths to objects programmatically.

• Modify setup.py to use io.open instead of open to include the README and the CHANGELOG and hardcode UTF-8 so it works on all versions of Python with all default encodings.

• Various documentation fixes.

## 0.9 (2014-11-25)

• Breaking change. In previous releases of Morepath, Morepath did not include the full hostname in generated links (so /a instead of http://example.com/a). Morepath 0.9 does include the full hostname in generated links by default. This to support the non-browser client use case better. In the previous system without fully qualified URLs, client code needs to manually add the base of links itself in order to be able to access them. That makes client code more complicated than it should be. To make writing such client code as easy as possible Morepath now generates complete URLs.

This should not break any code, though it can break tests that rely on the previous behavior. To fix webtest style tests, prefix the expected links with http://localhost/.

If for some reason you want the old behavior back in an application, you can use the link_prefix directive:

@App.link_prefix()
return '' # prefix nothing again

• Directives are now logged to the morepath.directive log, which is using the standard Python logging infrastructure. See http://morepath.readthedocs.org/en/latest/logging.html

• Document behavior of request.after in combination with directly returning a response object from a view.

• Expose body_model_predicate to the public Morepath API. You can now say your predicate comes after it.

• Expose LAST_VIEW_PREDICATE to the Morepath API. This is the last predicate defined by the Morepath core.

• Update the predicate documentation.

• Updated the more.static doc to reflect changes in it.

• Fix doc for grouping views with the with statement.

• Suggest a few things to try when your code doesn’t appear to be scanned properly.

• A new view predicate without a fallback resulted in an internal server error if the predicate did not match. Now it results in a 404 Not Found by default. To override this default, define a predicate fallback.

## 0.8 (2014-11-13)

• Breaking change. Reg 0.9 introduces a new, more powerful way to create dispatch functions, and this has resulted in a new, incompatible Reg API.

Morepath has been adjusted to make use of the new Reg. This won’t affect many Morepath applications, and they should be able to continue unchanged. But some Morepath extensions and advanced applications may break, so you should be aware of the changes.

• The @App.function directive has changed from this:

class A(object):
pass

class B(object):
pass

@reg.generic
def dispatch_function(a, b):
pass

@App.function(dispatch_function, A, B)
def dispatched_to(a, b):
return 'dispatched to A and B'


to this:

class A(object):
pass

class B(object):
pass

@reg.dispatch('a', 'b')
def dispatch_function(a, b):
pass

@App.function(dispatch_function, a=A, b=B)
def dispatched_to(a, b):
return 'dispatched to A and B'


The new system in Reg (see its docs) is a lot more flexible than what we had before. When you use function you don’t need to know about the order of the predicates anymore – this is determined by the arguments to @reg.dispatch(). You can now also have function arguments that Reg ignores for dispatch.

• The @App.predicate and @App.predicate_fallback directive have changed. You can now install custom predicates and fallbacks for any generic function that’s marked with @reg.dispatch_external_predicates(). The Morepath view code has been simplified to be based on this, and is also more powerful as it can now be extended with new predicates that use predicate-style dispatch.

• Introduce the body_model predicate for views. You can give it the class of the request.body_obj you want to handle with this view. In combination with the load_json directive this allows you to write views that respond only to the POSTing or PUTing of a certain type of object.

• Internals refactoring: we had a few potentially overridable dispatch functions in morepath.generic that actually were never overridden in any directives. Simplify this by moving their implementation into morepath.publish and morepath.request. generic.link, generic.consume and generic.response are now gone.

• Introduce a link_prefix directive that allows you to set the URL prefix used by every link generated by the request.

• A bug fix in request.view(); the lookup on the request was not properly updated.

• Another bug fix in request.view(); if deferred_link_app app is used, request.app should be adjusted to the app currently being deferred to.

• request.after behavior is clarified: it does not run for any exceptions raised during the handling of the request, only for the “proper” response. Fix a bug where it did sometimes run.

• Previously if you returned None for a path in a variables function for a path, you would get a path with None in it. Now it is a LinkError.

• If you return a non-dict for variables for a path, you get a proper LinkError now.

• One test related to defer_links did not work correctly in Python 3. Fixed.

• Add API doc for body_obj. Also fix JSON and objects doc to talk about request.body_obj instead of request.obj.

• Extend API docs for security: detail the API an identity policy needs to implement and fix a few bugs.

• Fix ReST error in API docs for autoconfig and autosetup.

• Fix a few ReST links to the API docs in the app reuse document.

## 0.7 (2014-11-03)

• Breaking change. There has been a change in the way the mount directive works. There has also been a change in the way linking between application works. The changes result in a simpler, more powerful API and implementation.

The relevant changes are:

• You can now define your own custom __init__ for morepath.App subclasses. Here you can specify the arguments with which your application object should be mounted. The previous variables class attribute is now ignored.

It’s not necessary to use super() when you subclass from morepath.App directly.

class MyApp(morepath.App):
variables = ['mount_id']


You should now write this:

class MyApp(morepath.App):
def __init__(self, mount_id):
self.mount_id = mount_id

• The mount directive should now return an instance of the application being mounted, not a dictionary with mount parameters. The application is specified using the app argument to the directive. So instead of this:

@RootApp.mount(app=MyApp, path='sub/{id}')
def mount_sub(id):
return {
'mount_id': id
}


You should now use this:

@RootApp.mount(app=MyApp, path='sub/{id}')
def mount_sub(id):
return MyApp(mount_id=id)

• The mount directive now takes a variables argument. This works like the variables argument to the path directive and is used to construct links.

It is given an instance of the app being mounted, and it should reconstruct those variables needed in its path as a dictionary. If omitted, Morepath tries to get them as attributes from the application instance, just like it tries to get attributes of any model instance.

MyApp above is a good example of where this is required: it does store the correct information, but as the mount_id attribute, not the id attribute. You should add a variables argument to the mount directive to explain to Morepath how to obtain id:

@RootApp.mount(app=MyApp, path='sub/{id}',
variables=lambda app: dict(id=app.mount_id))
def mount_sub(id):
return MyApp(mount_id=id)


The simplest way to avoid having to do this is to name the attributes the same way as the variables in the paths, just like you can do for model classes.

• In the past you’d get additional mount context variables as extra variables in the function decorated by the path decorator. This does not happen anymore. Instead you can add a special app parameter to this function. This gives you access to the current application object, and you can extract its attributes there.

@MyApp.path(path='models/{id}', model=Model)
def get_root(mount_id, id):
return Model(mount_id, id)


where mount_id is magically retrieved from the way MyApp was mounted, you now write this:

@MyApp.path(path='models/{id}', model=Model)
def get_root(app, id):
return Model(app.mount_id, id)

• There was an request.mounted attribute. This was a special an instance of a special Mounted class. This Mounted class is now gone – instead mounted applications are simply instances of their class. To access the currently mounted application, use request.app.

• The Request object had child and sibling methods as well as a parent attribute to navigate to different “link makers”. You’d navigate to the link maker of an application in order to create links to objects in that application. These are now gone. Instead you can do this navigation from the application object directly, and instead of link makers, you get application instances. You can pass an application instance as a special app argument to request.link and request.view.

request.child(foo).link(obj)


You now write this:

request.link(obj, app=request.app.child(foo))


request.parent.link(obj)


You now write this:

request.link(obj, app=request.app.parent)


Note that the new defer_links directive can be used to automate this behavior for particular models.

• The .child method on App can the app class as well as the parameters for the function decorated by the mount directive:

app.child(MyApp, id='foo')


This can also be done by name. So, assuming MyApp was mounted under my_app:

app.child('my_app', id='foo')


This is how request.child worked already.

As an alternative you can now instead pass an app instance:

app.child(MyApp(mount_id='foo'))


Unlike the other ways to get the child, this takes the parameters need to create the app instance, as opposed to taking the parameters under which the app was mounted.

Motivation behind these changes:

Morepath used to have a Mount class separate from the App classes you define. Since Morepath 0.4 application objects became classes, and it made sense to make their instances the same as the mounted application. This unification has now taken place.

It then also made sense to use its navigation methods (child and friend) to navigate the mount tree, instead of using the rather complicated “link maker” infrastructure we had before.

This change simplifies the implementation of mounting considerably, without taking away features and actually making the APIs involved more clear. This simplification in turn made it easier to implement the new defer_links directive.

• Breaking change. The arguments to the render function have changed. This is a function you can pass to a view directive. The render function now takes a second argument, the request. You need to update your render functions to take this into account. This only affects code that supplies an explicit render function to the view, json and html directives, and since not a lot of those functions exist, the impact is expected to be minimal.

• Breaking change. In certain circumstances it was useful to access the settings through an application instance using app.settings. This does not work anymore; access the settings through app.registry.settings instead.

• dump_json and load_json directives. This lets you automatically convert an object going to a response to JSON, and converts JSON coming in as a request body from JSON to an object. See http://morepath.readthedocs.org/en/latest/json.html for more information.

• defer_links directive. This directive can be used to declare that a particular mounted application takes care of linking to instances of a class. Besides deferring request.link() it will also defer request.view. This lets you combine applications with more ease. By returning None from it you can also defer links to this app’s parent app.

• app.ancestors() method and app.root attribute. These can be used for convenient access to the ancestor apps of a mounted application. To access from the request, use request.app.root and request.app.ancestors().

• The App class now has a request_class class attribute. This determines the class of the request that is created and can be overridden by subclasses. more.static now makes use of this.

• Several generic functions that weren’t really pulling their weight are now gone as part of the mount simplification: generic.context and generic.traject are not needed anymore, along with generic.link_maker.

• Change documentation to use uppercase class names for App classes everywhere. This reflects a change in 0.4 and should help clarity.

• No longer silently suppress ImportError during scanning: this can hide genuine ImportError in the underlying code.

We were suppressing ImportError before as it can be triggered by packages that rely on optional dependencies.

This is a common case in the .tests subdirectory of a package which may import a test runner like pytest. pytest is only a test dependency of the package and not a mainline dependencies, and this can break scanning. To avoid this problem, Morepath’s autosetup and autoconfig now automatically ignore .tests and .test sub-packages.

Enhanced the API docs for autosetup and autoconfig to describe scenarios which can generate legitimate ImportError exceptions and how to handle them.

• Fix of examples in tween documentation.

• Minor improvement in docstrings.

## 0.6 (2014-09-08)

• Fix documentation on the with statement; it was not using the local view variable correctly.

• Add #morepath IRC channel to the community docs.

• Named mounts. Instead of referring to the app class when constructing a link to an object in an application mounted elsewhere, you can put in the name of the mount. The name of the mount can be given explicitly in the mount directive but defaults to the mount path.

This helps when an application is mounted several times and needs to generate different links depending on where it’s mounted; by referring to the application by name this is loosely coupled and will work no matter what application is mounted under that name.

This also helps when linking to an application that may or may not be present; instead of doing an import while looking for ImportError, you can try to construct the link and you’ll get a LinkError exception if the application is not there. Though this still assumes you can import the model class of what you’re linking to.

(see issue #197)

• Introduce a sibling method on Request. This combines the .parent.child step in one for convenience when you want to link to a sibling app.

## 0.5.1 (2014-08-28)

• Drop usage of sphinxcontrib.youtube in favor of raw HTML embedding, as otherwise too many things broke on readthedocs.

## 0.5 (2014-08-28)

• Add more.static documentation on local components.

• Add links to youtube videos on Morepath: the keynote at PyCon DE 2013, and the talk on Morepath at EuroPython 2014.

• Add a whole bunch of extra code quality tools to buildout.

• verify_identity would be called even if no identity could be established. Now skip calling verify_identity when we already have NO_IDENTITY. See issue #175.

• Fix issue #186: mounting an app that is absorbing paths could sometimes generate the wrong link. Thanks to Ying Zhong for the bug report and test case.

• Upgraded to a newer version of Reg (0.8) for @reg.classgeneric support as well as performance improvements.

• Add a note in the documentation on how to deal with URL parameters that are not Python names (such as foo@, or blah[]). You can use a combination of extra_parameters and get_converters to handle them.

• Document the use of the with statement for directive abbreviation (see the Views document).

• Created a mailing list:

Add a new page on community to document this.

## 0.4.1 (2014-07-08)

• Compatibility for Python 3. I introduced a meta class in Morepath 0.4 and Python 3 did not like this. Now the tests pass again in Python 3.
• remove generic.lookup, unused since Morepath 0.4.
• Increase test coverage back to 100%.

## 0.4 (2014-07-07)

• BREAKING CHANGE Move to class-based application registries. This breaks old code and it needs to be updated. The update is not difficult and amounts to:

• subclass morepath.App instead of instantiating it to create a new app. Use subclasses for extension too.
• To get a WSGI object you can plug into a WSGI server, you need to instantiate the app class first.

Old way:

app = morepath.App()


So, the app object that you use directives on is an instance. New way:

class app(morepath.App):
pass


So, now it’s a class. The directives look the same as before, so this hasn’t changed:

@app.view(model=Foo)
def foo_default(self, request):
...


To extend an application with another one, you used to have to pass the extends arguments. Old way:

sub_app = morepath.App(extends=[core_app])


This has now turned into subclassing. New way:

class sub_app(core_app):
pass


There was also a variables argument to specify an application that can be mounted. Old way:

app = morepath.App(variables=['foo'])


This is now a class attribute. New way:

class app(morepath.App):
variables = ['foo']


The name argument to help debugging is gone; we can look at the class name now. The testing_config argument used internally in the Morepath tests has also become a class attribute.

In the old system, the application object was both configuration point and WSGI object. Old way:

app = morepath.App()

# configuration
@app.path(...)
...

# wsgi
morepath.run(app)


In the Morepath 0.4 this has been split. As we’ve already seen, the application class serves. To get a WSGI object, you need to first instantiate it. New way:

class app(morepath.App):
pass

# configuration
@app.path(...)
...

# wsgi
morepath.run(app())


To mount an application manually with variables, we used to need the special mount() method. Old way:

mounted_wiki_app = wiki_app.mount(wiki_id=3)


In the new system, mounting is done during instantiation of the app:

mounted_wiki_app = wiki_app(wiki_id=3)


Class names in Python are usually spelled with an upper case. In the Morepath docs the application object has been spelled with a lower case. We’ve used lower-case class names for application objects even in the updated docs for example code, but feel free to make them upper-case in your own code if you wish.

Why this change? There are some major benefits to this change:

• both extending and mounting app now use natural Python mechanisms: subclassing and instantation.
• it allows us to expose the facility to create new directives to the API. You can create application-specific directives.
• You can define your own directives on your applications using the directive directive:

@my_app.directive('my_directive')


This exposes details of the configuration system which is underdocumented for now; study the morepath.directive module source code for examples.

• Document how to use more.static to include static resources into your application.

• Add a recursive=False option to the config.scan method. This allows the non-recursive scanning of a package. Only its __init__.py will be scanned.

• To support scanning a single module non-recursively we need a feature that hasn’t landed in mainline Venusian yet, so depend on Venusifork for now.

• A small optimization in the publishing machinery. Less work is done to update the generic function lookup context during routing.

## 0.3 (2014-06-23)

• Ability to absorb paths entirely in path directive, as per issue #132.

• Refactor of config engine to make Venusian and immediate config more clear.

• Typo fix in docs (Remco Wendt).

• Get version number in docs from setuptools.

• Fix changelog so that PyPI page generates HTML correctly.

• Fix PDF generation so that the full content is generated.

• Ability to mark a view as internal. It will be available to request.view() but will give 404 on the web. This is useful for structuring JSON views for reusability where you don’t want them to actually show up on the web.

• A request.child(something).view() that had this view in turn call a request.view() from the context of the something application would fail – it would not be able to look up the view as lookups still occurred in the context of the mounting application. This is now fixed. (thanks Ying Zhong for reporting it)

Along with this fix refactored the request object so it keeps a simple mounted attribute instead of a stack of mounts; the stack-like nature was not in use anymore as mounts themselves have parents anyway. The new code is simpler.

## 0.2 (2014-04-24)

• Python 3 support, in particular Python 3.4 (Alec Munro - fudomunro on github).
• Link generation now takes SCRIPT_NAME into account.
• Morepath 0.1 had a security system, but it was undocumented. Now it’s documented (docs now in Morepath Security), and some of its behavior was slightly tweaked:
• new verify_identity directive.
• permission directive was renamed to permission_rule.
• default unauthorized error is 403 Forbidden, not 401 Unauthorized.
• morepath.remember and morepath.forbet renamed to morepath.remember_identity and morepath.forget_identity.
• Installation documentation tweaks. (Auke Willem Oosterhoff)
• .gitignore tweaks (Auke Willem Oosterhoff)

## 0.1 (2014-04-08)

• Initial public release.

## Project details

Uploaded source
Uploaded py2 py3`