Added forbidden view.

tailbone/views/__init__.py

@@ -47,8 +47,6 @@ def add_routes(config):
 def includeme(config):
     add_routes(config)
 
-    config.add_forbidden_view('edbob.pyramid.views.forbidden')
-
     config.add_view(home, route_name='home',
                     renderer='/home.mako')
 

tailbone/views/auth.py

@@ -27,7 +27,10 @@ Auth Views
 """
 
 from pyramid.httpexceptions import HTTPFound
-from pyramid.security import remember, forget
+from pyramid.security import remember, forget, authenticated_userid
+
+from webhelpers.html import literal
+from webhelpers.html import tags
 
 import formencode
 from pyramid_simpleform import Form
@@ -38,6 +41,26 @@ from ..db import Session
 from rattail.db.auth import authenticate_user, set_user_password
 
 
+def forbidden(request):
+    """
+    Access forbidden view.
+
+    This is triggered whenever access is not allowed for an otherwise
+    appropriate view.
+    """
+
+    msg = literal("You do not have permission to do that.")
+    if not authenticated_userid(request):
+        msg += literal("  (Perhaps you should %s?)" %
+                       tags.link_to("log in", request.route_url('login')))
+    request.session.flash(msg, allow_duplicate=False)
+
+    url = request.referer
+    if not url or url == request.current_route_url():
+        url = request.route_url('home')
+    return HTTPFound(location=url)
+
+
 class UserLogin(formencode.Schema):
     allow_extra_fields = True
     filter_extra_fields = True
@@ -143,6 +166,8 @@ def add_routes(config):
 def includeme(config):
     add_routes(config)
 
+    config.add_forbidden_view(forbidden)
+
     config.add_view(login, route_name='login',
                     renderer='/login.mako')