diff options
| author | Michael Merickel <michael@merickel.org> | 2016-09-19 23:52:05 -0500 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2016-09-28 20:33:27 -0500 |
| commit | e8c66a339e9f7d83bd2408952de53ef30dba0794 (patch) | |
| tree | 264643f1a6e45e0d3141c751b4724d51e49c0c5e /docs/narr/hooks.rst | |
| parent | 35209e4ac53520e1159bd8a6b47128f38a75db18 (diff) | |
| download | pyramid-e8c66a339e9f7d83bd2408952de53ef30dba0794.tar.gz pyramid-e8c66a339e9f7d83bd2408952de53ef30dba0794.tar.bz2 pyramid-e8c66a339e9f7d83bd2408952de53ef30dba0794.zip | |
derive exception views separately from normal views
- previously the multiview was shared for both exception and hot-route,
but now that we allow some exception-only views this needed to be
separated
- add ViewDeriverInfo.exception_only to detect exception views
- do not prevent http_cache on exception views
- optimize secured_view and csrf_view derivers to remove themselves from
the view pipeline for exception views
Diffstat (limited to 'docs/narr/hooks.rst')
| -rw-r--r-- | docs/narr/hooks.rst | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/docs/narr/hooks.rst b/docs/narr/hooks.rst index 49ef29d3f..7fbac2080 100644 --- a/docs/narr/hooks.rst +++ b/docs/narr/hooks.rst @@ -1639,7 +1639,8 @@ the user-defined :term:`view callable`: Enforce the ``permission`` defined on the view. This element is a no-op if no permission is defined. Note there will always be a permission defined if a default permission was assigned via - :meth:`pyramid.config.Configurator.set_default_permission`. + :meth:`pyramid.config.Configurator.set_default_permission` unless the + view is an :term:`exception view`. This element will also output useful debugging information when ``pyramid.debug_authorization`` is enabled. @@ -1649,7 +1650,8 @@ the user-defined :term:`view callable`: Used to check the CSRF token provided in the request. This element is a no-op if ``require_csrf`` view option is not ``True``. Note there will always be a ``require_csrf`` option if a default value was assigned via - :meth:`pyramid.config.Configurator.set_default_csrf_options`. + :meth:`pyramid.config.Configurator.set_default_csrf_options` unless + the view is an :term:`exception view`. ``owrapped_view`` @@ -1695,6 +1697,8 @@ around monitoring and security. In order to register a custom :term:`view deriver`, you should create a callable that conforms to the :class:`pyramid.interfaces.IViewDeriver` interface, and then register it with your application using :meth:`pyramid.config.Configurator.add_view_deriver`. +The callable should accept the ``view`` to be wrapped and the ``info`` object +which is an instance of :class:`pyramid.interfaces.IViewDeriverInfo`. For example, below is a callable that can provide timing information for the view pipeline: @@ -1745,6 +1749,21 @@ View derivers are unique in that they have access to most of the options passed to :meth:`pyramid.config.Configurator.add_view` in order to decide what to do, and they have a chance to affect every view in the application. +.. _exception_view_derivers: + +Exception Views and View Derivers +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +A :term:`view deriver` has the opportunity to wrap any view, including +an :term:`exception view`. In general this is fine, but certain view derivers +may wish to avoid doing certain things when handling exceptions. For example, +the ``csrf_view`` and ``secured_view`` built-in view derivers will not perform +security checks on exception views unless explicitly told to do so. + +You can check for ``info.exception_only`` on the +:class:`pyramid.interfaces.IViewDeriverInfo` object when wrapping the view +to determine whether you are wrapping an exception view or a normal view. + Ordering View Derivers ~~~~~~~~~~~~~~~~~~~~~~ |