|
|
@@ -209,6 +209,17 @@ This view loads and renders the template ``403.html`` in your root template
|
|
|
directory, or if this file does not exist, instead serves the text
|
|
|
"403 Forbidden", as per :rfc:`2616` (the HTTP 1.1 Specification).
|
|
|
|
|
|
+``django.views.defaults.permission_denied`` is triggered by a
|
|
|
+:exc:`~django.core.exceptions.PermissionDenied` exception. To deny access in a
|
|
|
+view you can use code like this::
|
|
|
+
|
|
|
+ from django.core.exceptions import PermissionDenied
|
|
|
+
|
|
|
+ def edit(request, pk):
|
|
|
+ if not request.user.is_staff:
|
|
|
+ raise PermissionDenied
|
|
|
+ # ...
|
|
|
+
|
|
|
It is possible to override ``django.views.defaults.permission_denied`` in the
|
|
|
same way you can for the 404 and 500 views by specifying a ``handler403`` in
|
|
|
your URLconf::
|
Markus Zapke-Gründemann