forbidden

When Pyramid can't authorize execution of a view based on the authorization policy in use, it invokes a forbidden view. The default forbidden response has a 401 status code and is very plain, but it can be overridden as necessary using the forbidden ZCML directive.

Warning

The forbidden ZCML directive is deprecated in Pyramid version 1.3. Instead, you should use the view directive with a context that names the pyramid.exceptions.Forbidden class. See Changing the Forbidden View form more information.

Attributes

view

The dotted Python name to a view callable. This attribute is required unless a renderer attribute also exists. If a renderer attribute exists on the directive, this attribute defaults to a view that returns an empty dictionary (see Writing View Callables Which Use a Renderer).

attr

The attribute of the view callable to use if __call__ is not correct (has the same meaning as in the context of view; see the description of attr there).

renderer

This is either a single string term (e.g. json) or a string implying a path or asset specification (e.g. templates/views.pt) used when the view returns a non-response object. This attribute has the same meaning as it would in the context of view; see the description of renderer there).

wrapper

The view name (not an object dotted name) of another view declared elsewhere in ZCML (or via the @view_config decorator) which will receive the response body of this view as the request.wrapped_body attribute of its own request, and the response returned by this view as the request.wrapped_response attribute of its own request. This attribute has the same meaning as it would in the context of view; see the description of wrapper there). Note that the wrapper view should not be protected by any permission; behavior is undefined if it does.

Example

1<forbidden
2    view="helloworld.views.forbidden_view"/>

Alternatives

Use the view directive with a context that names the pyramid.exceptions.Forbidden class.

Use the pyramid.config.Configurator.add_view() method, passing it a context which is the pyramid.exceptions.Forbidden class.

See Also

See also Changing the Forbidden View.