forbidden
¶
When Pyramid can't authorize execution of a view based on the
authorization policy in use, it invokes a forbidden view.
The default forbidden response has a 401 status code and is very plain, but
it can be overridden as necessary using the forbidden
ZCML directive.
Warning
The forbidden
ZCML directive is deprecated in Pyramid
version 1.3. Instead, you should use the view
directive with a context
that names the
pyramid.exceptions.Forbidden
class. See
Changing the Forbidden View form more information.
Attributes¶
view
The dotted Python name to a view callable. This attribute is required unless a
renderer
attribute also exists. If arenderer
attribute exists on the directive, this attribute defaults to a view that returns an empty dictionary (see Writing View Callables Which Use a Renderer).attr
The attribute of the view callable to use if
__call__
is not correct (has the same meaning as in the context of view; see the description ofattr
there).renderer
This is either a single string term (e.g.
json
) or a string implying a path or asset specification (e.g.templates/views.pt
) used when the view returns a non-response object. This attribute has the same meaning as it would in the context of view; see the description ofrenderer
there).wrapper
The view name (not an object dotted name) of another view declared elsewhere in ZCML (or via the
@view_config
decorator) which will receive the response body of this view as therequest.wrapped_body
attribute of its own request, and the response returned by this view as therequest.wrapped_response
attribute of its own request. This attribute has the same meaning as it would in the context of view; see the description ofwrapper
there). Note that the wrapper view should not be protected by any permission; behavior is undefined if it does.
Example¶
1<forbidden
2 view="helloworld.views.forbidden_view"/>
Alternatives¶
Use the view directive with a context
that names
the pyramid.exceptions.Forbidden
class.
Use the pyramid.config.Configurator.add_view()
method,
passing it a context
which is the
pyramid.exceptions.Forbidden
class.
See Also¶
See also Changing the Forbidden View.