# HG changeset patch
# User Peter Sanchez <peter@netlandish.com>
# Date 1676920463 21600
#      Mon Feb 20 13:14:23 2023 -0600
# Node ID 8c50a7bc163268344a2137af16713bb431a3a904
# Parent  a70be42b2e05d6a6a67cc93eae3f3b1b812122ff
Changes for 1.9.0 release

diff --git a/CHANGELOG b/CHANGELOG
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,7 +1,7 @@
 Changes
 -------
 
-1.9.0 (unreleased)
+1.9.0 (2023-02-20)
 
 - Prevent redirect loop when MAX_DURATION is used. Refs ~petersanchez/django-impersonate#67
 - Allow OPTIONS requests when READ_ONLY is True. Refs ~petersanchez/django-impersonate#69
diff --git a/README.rst b/README.rst
--- a/README.rst
+++ b/README.rst
@@ -82,8 +82,10 @@
 ===
 
 #. Add ``impersonate`` to your INSTALLED_APPS
+
 #. Add ``impersonate.middleware.ImpersonateMiddleware`` to your
    ``MIDDLEWARE`` setting.
+
 #. Add ``impersonate.urls`` somewhere in your url structure. Example:
 
    ::
@@ -278,6 +280,22 @@
 
 Value should be a boolean, defaults to ``False``
 
+If the ``CUSTOM_READ_ONLY`` is set, then that custom function is used,
+and this setting is ignored.
+
+::
+
+   CUSTOM_READ_ONLY
+
+A string that represents a function (e.g.
+``module.submodule.mod.function_name``) that allows more fine grained
+control over who has read only access. It takes one argument, the
+request object, and should return True to restrict the user to only
+allow ``GET``, ``HEAD`` and ``OPTIONS`` requests.
+
+It is optional, and if it is not present, ``READ_ONLY`` setting value
+applies.
+
 ::
 
    USE_HTTP_REFERER
diff --git a/impersonate/__init__.py b/impersonate/__init__.py
--- a/impersonate/__init__.py
+++ b/impersonate/__init__.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-VERSION = (1, 8, 2, 'final', 0)
+VERSION = (1, 9, 0, 'final', 0)
 
 
 # taken from django-registration