質問
I want to have two 403 Forbidden pages. If the user is unauthorized, show a page with a login form. If the user is authorized, show a page telling them they aren't allowed to view the page.
It seems like effective_principals from Pyramid's add_view is the way to go about this. However, I can't seem to figure out the proper way to utilize this. Here's what I'm doing:
https://stackoverflow.com/questions/21944084
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianfrom pyramid.security import Authenticated
@forbidden_view_config(containment=MyClass, renderer='login.pt')
def not_found(context, request):
return dict()
@forbidden_view_config(containment=MyClass, effective_principals=Authenticated)
def not_found(context, request):
return Response('Not allowed.')
However, I get an error with this:
PredicateMismatch: predicate mismatch for view not_found (effective_principals = ['system.Authenticated'])
解決
Inside forbidden view you can put a condition like this:
if authenticated_userid(request):
return HTTPFound(location=request.route_url('forbidden_logged_in'))
So both logged and not logged users are being redirected by Pyramid to this page, and then Pyramid redirects the logged one to another page for logged users, which by the way can be protected for example in that way:
@view_config(route_name='forbidden_logged_in', permission='user')
