blob: 7540c28cb1207eb8f53c34cad157faa872f09708 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
.. _forbidden_directive:
``forbidden``
-------------
When :mod:`repoze.bfg` can't authorize execution of a view based on
the :term:`authorization policy` in use, it invokes a :term:`forbidden
view`. The default forbidden response has a 401 status code and is
very plain, but it can be overridden as necessary using the
``forbidden`` ZCML directive.
Attributes
~~~~~~~~~~
``view``
The :term:`dotted Python name` to a :term:`view callable`. This
attribute is required unless a ``renderer`` attribute also exists.
If a ``renderer`` attribute exists on the directive, this attribute
defaults to a view that returns an empty dictionary (see
:ref:`views_which_use_a_renderer`).
``attr``
The attribute of the view callable to use if ``__call__`` is not
correct (has the same meaning as in the context of
:ref:`view_directive`; see the description of ``attr``
there).
.. note:: This feature is new as of :mod:`repoze.bfg` 1.1.
``renderer``
This is either a single string term (e.g. ``json``) or a string
implying a path or :term:`resource specification`
(e.g. ``templates/views.pt``) used when the view returns a
non-:term:`response` object. This attribute has the same meaning as
it would in the context of :ref:`view_directive`; see the
description of ``renderer`` there).
.. note:: This feature is new as of :mod:`repoze.bfg` 1.1.
``wrapper``
The :term:`view name` (*not* an object dotted name) of another view
declared elsewhere in ZCML (or via the ``@bfg_view`` decorator)
which will receive the response body of this view as the
``request.wrapped_body`` attribute of its own request, and the
response returned by this view as the ``request.wrapped_response``
attribute of its own request. This attribute has the same meaning
as it would in the context of :ref:`view_directive`; see the
description of ``wrapper`` there). Note that the wrapper view
*should not* be protected by any permission; behavior is undefined
if it does.
.. note:: This feature is new as of :mod:`repoze.bfg` 1.1.
Example
~~~~~~~
.. code-block:: xml
:linenos:
<forbidden
view="helloworld.views.forbidden_view"/>
Alternatives
~~~~~~~~~~~~
The :meth:`repoze.bfg.configuration.Configurator.set_forbidden_view`
method performs the same job as the ``forbidden`` ZCML directive.
See Also
~~~~~~~~
See also :ref:`changing_the_forbidden_view`.
|
