When Pyramid
can't authorize execution of a view based on the authorization policy
in use, it invokes a forbidden
view
. The default forbidden response has a 401 status code and is very plain, but it can be overridden as necessary using the forbidden
ZCML directive.
Warning
The forbidden
ZCML directive is deprecated in Pyramid
version 1.3. Instead, you should use the view_directive
directive with a context
that names the pyramid.exceptions.Forbidden
class. See changing_the_forbidden_view
form more information.
view
The
dotted Python name
to aview callable
. This attribute is required unless arenderer
attribute also exists. If arenderer
attribute exists on the directive, this attribute defaults to a view that returns an empty dictionary (seeviews_which_use_a_renderer
).attr
The attribute of the view callable to use if
__call__
is not correct (has the same meaning as in the context ofview_directive
; see the description ofattr
there).renderer
This is either a single string term (e.g.
json
) or a string implying a path orasset specification
(e.g.templates/views.pt
) used when the view returns a non-response
object. This attribute has the same meaning as it would in the context ofview_directive
; see the description ofrenderer
there).wrapper
The
view name
(not an object dotted name) of another view declared elsewhere in ZCML (or via the@view_config
decorator) which will receive the response body of this view as therequest.wrapped_body
attribute of its own request, and the response returned by this view as therequest.wrapped_response
attribute of its own request. This attribute has the same meaning as it would in the context ofview_directive
; see the description ofwrapper
there). Note that the wrapper view should not be protected by any permission; behavior is undefined if it does.
<forbidden
view="helloworld.views.forbidden_view"/>
Use the view_directive
directive with a context
that names the pyramid.exceptions.Forbidden
class.
Use the pyramid.config.Configurator.add_view
method, passing it a context
which is the pyramid.exceptions.Forbidden
class.
See also changing_the_forbidden_view
.