When Pyramid can’t authorize execution of a view based on the
authorization policy in use, it invokes a forbidden view.
The default forbidden response has a 401 status code and is very plain, but
it can be overridden as necessary using the forbidden ZCML directive.
The forbidden ZCML directive is deprecated in Pyramid
version 1.3. Instead, you should use the view
directive with a context that names the
pyramid.exceptions.Forbidden class. See
changing_the_forbidden_view form more information.
- The dotted Python name to a view callable. This
attribute is required unless a renderer attribute also exists.
If a renderer attribute exists on the directive, this attribute
defaults to a view that returns an empty dictionary (see
- The attribute of the view callable to use if __call__ is not
correct (has the same meaning as in the context of
view; see the description of attr
- This is either a single string term (e.g. json) or a string
implying a path or asset specification
(e.g. templates/views.pt) used when the view returns a
non-response object. This attribute has the same meaning as
it would in the context of view; see the
description of renderer there).
- The view name (not an object dotted name) of another view
declared elsewhere in ZCML (or via the @view_config decorator)
which will receive the response body of this view as the
request.wrapped_body attribute of its own request, and the
response returned by this view as the request.wrapped_response
attribute of its own request. This attribute has the same meaning
as it would in the context of view; see the
description of wrapper there). Note that the wrapper view
should not be protected by any permission; behavior is undefined
if it does.
Use the view directive with a context that names
the pyramid.exceptions.Forbidden class.
Use the pyramid.config.Configurator.add_view() method,
passing it a context which is the
See also changing_the_forbidden_view.