Ability to customize what happens when a view permission fails

[simonw]

Currently view permission failures raise a Forbidden error which is transformed into a 403.

It would be good if this page could offer a way forward - maybe just by linking to (or redirecting to) a login screen. This behaviour will vary based on authentication plugins, so a new plugin hook is probably the best way to do this.

[simonw]

I'm going to figure this out by working with simonw/datasette-auth-github#62

[simonw]

This can be a plugin hook:

@hookspec
def forbidden(datasette, request, message, send):
    "Custom response for a 403 forbidden error"

If the hook returns a Response object, it will be returned to the user. Plugins are likely to want to return a redirect response.

Maybe the hook can instead use the send argument to respond to the request and return True which means "I've responded to this"?

I'm going to leave send off for the moment - I can add that in the future if it turns out it would have been a good idea.

[simonw]

This case may not be covered without extra work:

datasette/datasette/views/database.py

Lines 122 to 123 in 3ec5b1a

	if not self.ds.config("allow_download") or db.is_mutable:
	raise DatasetteError("Database download is forbidden", status=403)