defaults.permission_denied(request, exception, template_name='403.html')
In the same vein as the 404 and 500 views, Django has a view to handle 403 Forbidden errors. If a view results in a 403 exception then Django will, by default, call the view django.views.defaults.permission_denied
.
This view loads and renders the template 403.html
in your root template directory, or if this file does not exist, instead serves the text “403 Forbidden”, as per RFC 7231#section-6.5.3 (the HTTP 1.1 Specification). The template context contains exception
, which is the unicode representation of the exception that triggered the view.
django.views.defaults.permission_denied
is triggered by a PermissionDenied
exception. To deny access in a view you can use code like this:
from django.core.exceptions import PermissionDenied def edit(request, pk): if not request.user.is_staff: raise PermissionDenied # ...
The signature of permission_denied()
changed in Django 1.9. The function now accepts a second parameter, the exception that triggered the error. The unicode representation of the exception is also passed in the template context.
Passing a nonexistent template_name
will raise TemplateDoesNotExist
.
Please login to continue.