PyUp Safety actively tracks 268,006 Python packages for vulnerabilities and notifies you when to upgrade.
**Features** - Introduced endpoints that produce SQL for a given context, view, or query. See 292 and 293 for details. **Bugs** - 281
- Fixed `formatter_name` in resource template to `formatter`. - Ensure `request` is passed into query processor options.
Features - 258 Field and concept resources support the `tree` parameter to filter out unrelated fields relative to the root model. - 123 Added support for Django 1.6 - 274 Added support for Django 1.7 - Optimized results endpoint. See discussion here: chop-dbhi/avocado274 - dc26db7 Result page count is now cached - 252 Application model counts are now executed in parallel. - 265 Add support for canceling a data preview or export request using a DELETE request. - 282 Implement set of endpoints for executing asynchronous queries which utilizes Avocado's new async API. Changes **High Impact** - 259 Dropped support for Django 1.4 **Medium Impact** - 205 The embedded `_links` object has been removed in favor of using the `Link` and `Link-Template` HTTP headers.
Fixes a bug in the cache methods added in 2.3.13 when accessing the `/fields/<pk>/dist/` endpoint.
This release contains a few fixes and features backported from the 2.4.x series. - 4b0652d & d663f39 Cache the result count in the preview resource. - f987e28 Cache model counts. - a9fc02d Pass the `queryset` into `QueryProcessor.get_iterable`.
The original discussion can be read here: chop-dbhi/avocado274
**Bugs** - 229 - Fix (add) support for query processor on the contexts endpoint - 9c72382 - Ensure request is passed into `processor.get_iterable` in preview endpoint
**Bugs** - 221 - The requesting user was not be supplied when determining which data fields and concepts should be returned to be viewed. This fix depended on cbmi/avocado253 which incorporates a new setting to toggle the behavior of object-level permissions.
**Changes** - Update minimum version of restlib2 to 0.4.2 which ensures JSON is decoded from the request body as UTF-8 rather than ASCII. **Bugs** - 213 - Fixes an issue that improperly decoded UTF-8 data as ASCII when sharing a query.
**Changes** - Serrano now overrides the default `DataConcept` formatter with one that includes a `to_html` method which works better with the `/api/data/preview/` endpoint. **Bugs** - Fixed a bug when requesting all values for a field when no values existed.
**Enhancements** - 200 - Add support for the `processor` GET parameter (introduced in 2.3.6) for the `CountStats` resource - 199 - Introduce `STATS_CAPABLE` setting which is a function that takes a `DataField` instance and return true is links to the stats resources should be made available to clients. - 207 - Add support for a message when sharing a query.
**Features** - 190 - Add new _stats_ root endpoint and default _count_ endpoint for calculating the number of distinct records for all visible models - This is useful for reporting on the of records per type available in the application - 192 - Add support for the `processor` URL parameter for choosing which Avocado query processor to use in the resource **Enhancements** - 185 - Improve performance for getting random set of data field values - 193 - Add support for a `STATS_CAPABLE` setting which is a function that takes a `DataField` instance and returns a boolean to whether it should support the `/field/<pk>/stats/` endpoints. - 195 - Write operations now mark the session as modified to prevent active sessions from expiring **Bugs** - 184 - Account for non-root deployments for shared query URLs
**Enhancements** - The field values resource has a tiny tweak that boosted performance significantly for large data sets. See the [commit message](https://github.com/cbmi/serrano/commit/679205740655e0cd79be6424bee8352016f97b68) for details. **Changes** - DataView and DataContext objects are now fetched by the latest modified session rather than assuming there is only one present. This is to prevent completely breaking the endpoint in case a race condition leads to this situation. - Update to a minimum requirement of Avocado 2.3.4
**Enhancements** - The `name` field on `Field` and `Concept` preserialize templates now maps to the `__unicode__` method of the instance. This _pushes down_ the logic for returning non-empty name to Avocado. - The `FieldValuesResource` now takes advantage of the supplementary field APIs in Avocado 2.3.1 for properly validation values vs. labels. (172) **Changes**
In an effort to make the contributing to Serrano more transparent and safer for all, a Developer Certificate of Origin (DCO) has been added to the [CONTRIBUTING.md](https://github.com/cbmi/serrano/blob/master/CONTRIBUTING.md). As a contributor, this certifies that you are legally allowed to contribute the code submitted as patches (in pull requests or otherwise). This requires that all contributors to the repository now sign off their commits using the `git commit --signoff` (or `-s` for short). A script has been added to the Travis-CI config to check for the presence of the `Signed-off-by:` line. If any commit does not contain this, the build will error which will prevent core contributors from merging your code. **Enhancements** - The `check_auth` decorator has been removed in favor of authenticating in the `is_unauthorized` method on the resource (155) - Note, Any resources that overrode this method must be updated to override the `is_unauthorized` method. Although this is technically a breaking change, overriding the `__call__` method where this decorator was applied was not public API, but being noted here since it may have occurred. - `ApiToken` model admin now generates a token on save rather than requiring one to be manually entered (156) - Includes better list display of tokens for revoking - Add support for setting `context_json` on ObjectSet instances (159) - Add context and query stats endpoints (143) - This will eventually supersede recomputing the count when a context or query is saved.
**Enhancement** The `/api/fields/<pk>/values/` endpoint now supports validating a field value based on the label. This typically only affects non-primitive data fields such as lexicon and object sets.
**Enhancements** - Support for setting `limit=0` for pagination-based resources to return all results (150) - Currently includes the `/api/fields/<pk>/values/` and `/api/data/preview/` endpoints
**Features** - Optional support for Object Sets (136) - New "ping" resource returns the server and session status, such as when a user's session times out (86) - For client's that poll the ping endpoint (such as Cilantro), the project settings `SESSION_SAVE_EVERY_REQUEST` must be set to false so the session does not refresh indefinitely **Enhancements** - Resources and endpoints are now defined for categories (133) **Changes** - The default sort order for concepts is relative to the category they are contained in (132) - Unpublished fields and concepts are no longer exposed by default for users with permission to view them (such as superusers) **Bugs** - The `order` field is now exposed in the field and concept field resources (134)
**Features** - Add public queries endpoint `/api/queries/public/` - Add support _forking_ shared queries - Add `ApiToken` model for creating user-associated tokens for authenticated API access - This will only be available if `serrano` in added to `INSTALLED_APPS` **Enhancements** - Improve shared query email message **Bugs** - Unset the `limit` when a page range is not specified for export - This prevents implicitly exporting only the first page
1842cac - Add `viewable` field to concept resource template
- da97a7ec - Unset limit when page or page range is not specified
The Access-Control-Allow-Credentials response header must be set to inform browsers that cookies may be supplied on the request.
This point release fixes a few issues in the CORS support when working with persisted sessions.
**Changes** - Distribution endpoints were incorrectly assumed to not be useful for auto and key-based fields. This has been removed and now expose a distribution endpoint. - `SharedQueriesResource` and `/api/queries/shared/` endpoint has been removed and the behavior has been merged in with `QueriesResource`. This simplifies things since a GET now returns all queries the user created as well as queries that have been shared with the user. Likewise, a POST will create a query and optionally share it. A DELETE can only be performed on queries the user creates.
**Features** - Resources for saving and sharing queries - Resources for accessing `DataContext`, `DataView`, and `DataQuery` revisions **Enhancements** - Update `accessed` timestamp when individual `DataContext`, `DataView`, and `DataQuery` resources are requested (see 55) - Add support for rate-limiting (see 31 and 65) - Add min and max stats for date and time-based fields - A whole lot of tests thanks **Changes** - Rename `per_page` GET parameter to `limit`
- Fix undefined reference in Context/View/Query\* resources
- 50 Add `DataQuery` endpoints - 52 Various Python 2.6 fixes - 60 Fix `FieldDistribution` count to be relative to specified tree
- Fix `FieldDistribution` to count relative to specified tree - See 3c710e7 for details - Update dependency versions - Avocado 2.0.24 - django-preserialize 1.0.4 - restlib2 0.3.7 - Overhaul internal implementation of resource classes - Integrate SciPy-free k-means implementation from Avocado - Add support for Django 1.5 - Support for sending POST request to `/api/fields/:pk/values/` for validating values - Field value pagination 45 - Integrate Avocado's Events package for logging access to various resources - Update field and concept search to support partial matches - Support for single page or page range exports 30 - Moved references of settings inside function calls - This is primarily for testing purposes - Add support for context-aware field distribution and values - Minor breaking changes - The `data` prefix from URL reverse names have been removed - Internal resource classes and modules have been renamed - Lots o' bugs
- Change URLs to be absolute URIs rather than relative to host - For cross-origin sharing, absolute URIs are needed
- Fix incorrect base class name for Export- and Preview- resources