Protocol
- Add new experimental endpoint
GET /v1/permissionsto retrieve the list of permissions
granted on every kind of object (#600).
Requires settingkinto.experimental_permissions_endpointto be set totrue.
Protocol is now at version 1.8. See API changelog.
Bug fixes
- Fix crash in authorization policy when requesting
GET /buckets/collections(fixes #695) - Fix crash with PostgreSQL storage backend when provided id in POST is an integer (#688).
Regression introduced in 3.2.0 with #655. - Fix crash with PostgreSQL storage backend is configured as read-only and reaching
the records endpoint of an unknown collection (fixes #693, related #558) - Fix events payloads for actions in the default bucket (fixes #704)
- Fix bug in object permissions with memory backend
- Make sure the tombstone is deleted when the record is created with PUT. (#715)
- Allow filtering and sorting by any attribute on buckets, collections and groups list endpoints
- Fix crash in memory backend with Python3 when filtering on unknown field
Internal changes
- Resource events constructors signatures were changed. The event payload is now
built immediately when event is fired instead of during transactoin commit (#704). - Fix crash when a resource is registered without record path.
- Changed behaviour of accessible objects in permissions backend when list of
bound permissions is empty. - Bump
last_modifiedon record when provided value is equal to previous
in storageupdate()method (#713) - Add ability to delete records and purge tombstones with just the
parent_id
parameter (#711) - Buckets deletion is now a lot more efficient, since every sub-objects are
deleted with a single operation on storage backend (#711) - Added
get_objects_permissions()method inpermissionbackend (#714) - Changed
get_accessible_objects(),get_authorized_principals()methods
inpermissionbackend (#714) - Simplified and improved the code quality of
kinto.core.authorization,
mainly by keeping usage ofget_bound_permissionscallback in one place only.