Cliquet

------------------

**Protocol**

- Fix consistency in API to modify permissions with PATCH (437, ref Kinto/kinto155).
The list of principals for each specified permission is now replaced by the one
provided.

**New features**

- Partial collection of records for ``ProtectedResource`` when user has no ``read``
permission (fixes 354). Alice can now obtain a list of Bob records on which she
has read/write permission.

**Internal changes**

- Fix Wheel packaging for Pypy (fixes Kinto/kinto177)
- Add additional test to make sure 400 errors returns CORS Allowed Headers

------------------

**Protocol**

- Collection records can now be filtered using multiple values (``?in_status=1,2,3``) (fixes 39)
- Collection records can now be filtered excluding multiple values (``?exclude_status=1,2,3``) (fixes mozilla-services/readinglist68)

**Internal changes**

- We can obtains accessible objects_id in a collection from user principals (fixes 423)

------------------

**Bug fixes**

- Fix the packaging for cliquet (430)

------------------

**Internal changes**

- Remove the symlink to cliquet_docs and put the documentation inside
`cliquet_docs` directly (426)

------------------

**Internal changes**

- Make documentation available from outside by using `cliquet_docs` (413)

------------------

**Protocol**

- Userid is now provided when requesting the hello endpoint with an ``Authorization``
header (319)
- UUID validation now accepts any kind of UUID, not just v4 (fixes 387)
- Querystring parameter ``_to`` was renamed to ``_before`` (*the former is now
deprecated*) (391)

**New features**

- Cliquet ``Service`` class now has the default error handler attached (388)
- Allow to configure info link in error responses with ``cliquet.error_info_link``
setting (395)
- Storage backend now has a ``purge_deleted()`` to get rid of `tombstones <http://cliquet.readthedocs.io/en/latest/reference/glossary.html>`_ (400)

**Bug fixes**

- Fix missing ``Backoff`` header for 304 responses (fixes 416)
- Fix Python3 encoding errors (328)
- ``data`` is not mandatory in request body if the resource does not define
any schema or if no field is mandatory (fixes mozilla-services/kinto63)
- Fix no validation error on PATCH with unknown attribute (fixes 374)
- Fix permissions not validated on PATCH (fixes 375)
- Fix CORS header missing in 404 responses for unknown URLs (fixes 414)

**Internal changes**

- Renamed main documentation sections to *HTTP Protocol* and *Internals* (394)
- Remove mentions of storage in documentation to avoid confusions with the
*Kinto* project.
- Add details in timestamp documentation.
- Mention talk at Python Meetup Barcelona in README
- Fix documentation about postgres-contrib dependancy (409)
- Add ``cliquet.utils`` to *Internals* documentation (407)
- Default id generator now accepts dashes and underscores (411)