blob: 330df3c2e79233f81f90a2eecf1220ba9046c337 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
.. _forbidden_directive:
``forbidden``
-------------
When :mod:`pyramid` can't authorize execution of a view based on
the :term:`authorization policy` in use, it invokes a :term:`forbidden
view`. The default forbidden response has a 401 status code and is
very plain, but it can be overridden as necessary using the
``forbidden`` ZCML directive.
.. warning::
The ``forbidden`` ZCML directive is deprecated in :mod:`pyramid`
version 1.3. Instead, you should use the :ref:`view_directive`
directive with a ``context`` that names the
:exc:`pyramid.exceptions.Forbidden` class. See
:ref:`changing_the_forbidden_view` form more information.
Attributes
~~~~~~~~~~
``view``
The :term:`dotted Python name` to a :term:`view callable`. This
attribute is required unless a ``renderer`` attribute also exists.
If a ``renderer`` attribute exists on the directive, this attribute
defaults to a view that returns an empty dictionary (see
:ref:`views_which_use_a_renderer`).
``attr``
The attribute of the view callable to use if ``__call__`` is not
correct (has the same meaning as in the context of
:ref:`view_directive`; see the description of ``attr``
there).
``renderer``
This is either a single string term (e.g. ``json``) or a string
implying a path or :term:`resource specification`
(e.g. ``templates/views.pt``) used when the view returns a
non-:term:`response` object. This attribute has the same meaning as
it would in the context of :ref:`view_directive`; see the
description of ``renderer`` there).
``wrapper``
The :term:`view name` (*not* an object dotted name) of another view
declared elsewhere in ZCML (or via the ``@view_config`` decorator)
which will receive the response body of this view as the
``request.wrapped_body`` attribute of its own request, and the
response returned by this view as the ``request.wrapped_response``
attribute of its own request. This attribute has the same meaning
as it would in the context of :ref:`view_directive`; see the
description of ``wrapper`` there). Note that the wrapper view
*should not* be protected by any permission; behavior is undefined
if it does.
Example
~~~~~~~
.. code-block:: xml
:linenos:
<forbidden
view="helloworld.views.forbidden_view"/>
Alternatives
~~~~~~~~~~~~
Use the :ref:`view_directive` directive with a ``context`` that names
the :exc:`pyramid.exceptions.Forbidden` class.
Use the :meth:`pyramid.configuration.Configurator.add_view` method,
passing it a ``context`` which is the
:exc:`pyramid.exceptions.Forbidden` class.
See Also
~~~~~~~~
See also :ref:`changing_the_forbidden_view`.
|
