When Pyramid can't authorize execution of a view based on the
authorization policy in use, it invokes a forbidden view.
The default forbidden response has a 401 status code and is very plain, but
it can be overridden as necessary using the
forbidden ZCML directive.
forbidden ZCML directive is deprecated in Pyramid
version 1.3. Instead, you should use the view
directive with a
context that names the
pyramid.exceptions.Forbidden class. See
Changing the Forbidden View form more information.
- The dotted Python name to a view callable. This
attribute is required unless a
rendererattribute also exists. If a
rendererattribute exists on the directive, this attribute defaults to a view that returns an empty dictionary (see Writing View Callables Which Use a Renderer).
- The attribute of the view callable to use if
__call__is not correct (has the same meaning as in the context of view; see the description of
- This is either a single string term (e.g.
json) or a string implying a path or asset specification (e.g.
templates/views.pt) used when the view returns a non-response object. This attribute has the same meaning as it would in the context of view; see the description of
- The view name (not an object dotted name) of another view
declared elsewhere in ZCML (or via the
@view_configdecorator) which will receive the response body of this view as the
request.wrapped_bodyattribute of its own request, and the response returned by this view as the
request.wrapped_responseattribute of its own request. This attribute has the same meaning as it would in the context of view; see the description of
wrapperthere). Note that the wrapper view should not be protected by any permission; behavior is undefined if it does.
Use the view directive with a
context that names
passing it a
context which is the