Revert all work towards creating a "forbidden" API on the security policy; I'll do this work on the authchanges branch first.

1 files changed, 7 insertions, 39 deletions

diff --git a/repoze/bfg/interfaces.py b/repoze/bfg/interfaces.py
index 78311962f..cecc3a397 100644
--- a/repoze/bfg/interfaces.py
+++ b/repoze/bfg/interfaces.py
@@ -131,27 +131,6 @@ class ISecurityPolicy(Interface):
         implementation, in which case, it should raise a
         ``NotImplementedError`` exception."""
 
-    def forbidden(context, request):
-        """ This method should return an IResponse object (an object
-        with the attributes ``status``, ``headerlist``, and
-        ``app_iter``) as a result of a view invocation denial.  The
-        ``forbidden`` method of a security policy will be called by
-        ``repoze.bfg`` when view invocation is denied (usually as a
-        result of the ``permit`` method of the same security policy
-        returning False to the Router).
-
-        The ``forbidden`` method of a security will not be called when
-        an ``IForbiddenResponseFactory`` utility is registered;
-        instead the ``IForbiddenResponseFactory`` utility will serve
-        the forbidden response.
-
-        Note that the ``repoze.bfg.message`` key in the environ passed
-        to the WSGI app will contain the 'raw' reason that view
-        invocation was denied by repoze.bfg.  The ``context`` object
-        passed in will be the context found by ``repoze.bfg`` when the
-        denial was found and the ``request`` will be the request which
-        caused the denial."""
-
 class IViewPermission(Interface):
     def __call__(security_policy):
         """ Return True if the permission allows, return False if it denies. """
@@ -218,26 +197,15 @@ class INotFoundAppFactory(Interface):
         a``message`` key in the WSGI environ provides information
         pertaining to the reason for the notfound."""
 
-class IForbiddenResponseFactory(Interface):
-    """ A utility which returns an IResponse as the result of the
-    denial of a view invocation by a security policy."""
-    def __call__(context, request):
-        """ Return an object implementing IResponse (an object with
-        the status, headerlist, and app_iter attributes) as a result
-        of a view invocation denial by a security policy.
-        
-        Note that the ``message`` key in the WSGI environ
-        (request.environ) provides information pertaining to the
-        reason for the view invocation denial.  The ``context`` passed
-        to the forbidden app factory will be the context found by the
-        repoze.bfg router during traversal or url dispatch.  The
-        ``request`` will be the request object which caused the deny."""
-
 class IUnauthorizedAppFactory(Interface):
     """ A utility which returns an Unauthorized WSGI application
-    factory (deprecated in repoze.bfg 0.8.2) in favor of
-    IForbiddenResponseFactory """
-    
+    factory"""
+    def __call__():
+        """ Return a callable which returns an unauthorized WSGI
+        application.  When the WSGI application is invoked, a
+        ``message`` key in the WSGI environ provides information
+        pertaining to the reason for the unauthorized."""
+
 class IContextURL(Interface):
     """ An adapter which deals with URLs related to a context.
     """