~~~~~~~~~~~~~
Released on February 25th 2013.
- Consistent ETag computation between runs/instances. Closes 16.
- Support for Basic Authentication (RFC2617).
- Support for fine-tuning authentication with ``PUBLIC_METHODS`` and
``PUBLIC_ITEM_METHODS``. By default, access is restricted to *all* endpoints,
for *all* HTTP verbs (methods), effectively locking down the whole API.
- Supporto for role-based access control with ``ALLOWED_ROLES`` and
``allowed_roles``.
- Support for all standard Flask initialization parameters.
- Support for default values in resource fields. The new ``default`` keyword
can now be used when defining a field rule set. Please note: currently
default values are supported only for main document fields. Default values
for fields in embedded documents will be ignored.
- Multiple API endpoints can now target the same database collection. For
example now you can set both ``/admins/`` and ``/users/`` to read and write
from the same collection on the db, *people*. The new ``datasource`` setting
allows to explicitly link API resources to database collections. It is
a dictionary with two allowed keys: *source* and *filter*. *source* dictates
the database collection consumed by the resource. *filter* is the underlying
query, applied by the API when retrieving and validating data for the
resource. Previously, the resource name would dictate the linked datasource
(and of course you could not have two resources with the same name). This
remains the default behaviour: if you omit the ``datasource`` setting for
a resource, its name will be used to determine the database collection.
- It is now possibile to set predefined db filters for each resource.
Predefined filters run on top of user queries (GET requests with ``where``
clauses) and standard conditional requests (``If-Modified-Since``, etc.)
Please note that datasource filters are applied on GET, PATCH and DELETE
requests. If your resource allows for POST requests (document insertions),
then you will probably want to set the validation rules accordingly (in our
example, 'username' should probably be a required field).
- JSON-Datetime dependency removed.
- Support for Cerberus v0.0.3 and later.
- Support for Flask-PyMongo v0.2.0 and later.
- Repeated XML requests to the same endpoint could occasionally return an
Internal Server Error (Fixes 8).