Release History

 Changes in LoginManager Version 0.8.7a1

  - This is an *ALPHA* patch release for compatability with ZPatterns 0.4.0a4.
    Don't use this unless you're know the consequences of using alpha
    software and are willing to do the stuff mentioned in the ZPatterns
    0.4.0a4 CHANGES.txt file.

  - Also in this release is an initial preview of new UserSource called
    simply UserSource.  For now, you should probably ignore it.
    It is not ready for prime time yet, and won't work correctly without
    some fixes to ZPatterns that are not yet released. 

 Changes in LoginManager Version 0.8.6

  - Generic User Source, like the GenericUserFolder product it was inspired
    by, gave all users the Anonymous role. This seems to be incorrect
    according to what other user folders do, including the standard Zope
    version, so GUS now no longer does this. If you're switching from GUF,
    beware that this is now a new incompatability.

  - A stab at Zope 2.2 compatability (unsure about getUserById --
    documentation on the interface is incomplete, and there is no good
    example to base it on, since the BasicUserFolder implementation is
    broken).  Note that GenericUserSource is not yet updated for the
    new 2.2 Security API, and may not work correctly.  Python-based
    UserSources are probably okay.

  - Horrible, horrible hack to make LoginManager able to co-operate with
    the normal Zope authentication back-search, be able to display
    loginForm and forbiddenPage, AND not have a circular reference memory
    leak in the process!

  - Simplified handling of 'already an acl_users' condition -- _setObject()
    already did that for us. The previous code was redundant, and also
    caught other errors and misleadingly reported them as a 'already an
    acl_users' when there wasn't one.

 Changes in LoginManager Version 0.8.5

  - Codewise, only minor updates for compatability with ZPatterns 0.3.0
    (mainly changing base classes on things).  Functionally, however,
    this is a leap forward.  Thanks to the changes in ZPatterns, by
    adding SheetProviders and AttributeProviders on LoginManager you can
    now have PropertySheets on users! Currently, only ZODB storage is
    supported. 

  - There is now essentially a PersistentUserSource implemented in
    this release, however the functionality is not exposed currently.  We
    hope to add a management interface in a later release to make it
    useable. 

  - *NOTE*: This release *requires* ZPatterns 0.3.0.  If you are
    upgrading from an earlier release of LoginManager, you *must* follow
    the upgrade procedures listed in the ZPatterns 0.3.0 CHANGES.txt file.
    Also, remember to follow the installation instructions for ZPatterns
    0.3.0 -- if you forget to build DynPersist, for example, nothing will
    work.

 Changes in LoginManager Version 0.8.1

  - This release fixes the PARENT_URL error message when trying to add a
    LoginManager to a folder that already had an acl_users. Now the correct
    error message is displayed for this case.  This is the only change
    in this release.  Hardly seems worth it, except I was getting *lots*
    of email about this bug :-) (which is a good sign...  I guess lots
    of people are trying LoginManager!)

 Changes in LoginManager Version 0.8.0

  - INCOMPATIBILITY: LoginManager now uses the new ZPatterns frameworks. 
    This *greatly* shortened and simplified LoginManager.  See the
    ZPatterns documentation and code for more information.  Unfortunately,
    existing UserSources and LoginMethods now need to be updated to work,
    by following the new registration protocols.  See LoginManager/__init__.py
    for examples of the new registration procedure.  Also, because of the
    new base classes, retrieveItem() is now the method to override in a
    UserSource to return a user object, and getUser is now only defined/used
    on the LoginManager itself.

  - INCOMPATIBILITY: the information passed to forbiddenPage has changed. 
    Now gets called with AUTHENTICATED_USER as the user who was
    authenticated.  "user" and "roles" are no longer passed (use
    REQUEST.AUTHENTICATED_USER, and REQUEST.AUTHENTICATED_USER.getRoles())
    but 'needroles' still is.  The default forbiddenPage has been updated to
    reflect this.  (Note that existing forbiddenPages may now contain
    incorrect docs, however.)  This change was implemented due to a suggestion
    by the folks at CodeIt.com that forbiddenPages be able to execute as the
    logged-in but underpriveleged user.

  - INCOMPATIBILITY: We removed the space from name of the UserSource
    created by default, to make it easier to reference from DTML, etc.
    This probably only affects the PTK itself, if anything.

  - At long last, hooks for SheetProviders exist, via ZPatterns frameworks

  - Added compatability with Zope 2.1.6 user watermarks change.

  - The persmission to add a LoginManager is now different than the
    permission for adding a User Folder, since the security
    considerations are quite different.

  - Changed to only provide the Anonymous user if it is a top-level
    LoginManager (to work around certain Zope manage_workspace peculiarities).

  - Workaround for bizarre circumstances surrounding recursive
    rolesForUser GUS calls that caused Zope to dump core when hitting
    manage_workspace, but only if that was the first thing hit.

  - Minor fixes and cleanup: Remove ZeroDivisionError that was just for
    debugging. Still need to log or report errors in those areas somehow.
    Remove a pointless sort of a list that would just be randomized by
    a dictionary insert/extract soon after. Reorganize LoginManager
    validate method a bit and make some unnecessarily complicated code
    cleaner. 

  - Permissions cleanups. Much of this came for free with the ZPatterns
    PlugIns framework. Most things now have permissions on them, and
    now LoginManager's add form and method will only list/use user
    sources and login methods that the creator has permission to add.

  - More and better documentation.  (Yay!)
