I subscribe to "obscurity is no security". That means that the security of
your app should not depend in ANY way on 'cryptic' URLs (exception might be
a one-time generated URL, and even that is questionable).
If you set up you app to check for authorization, permission, membership,
then there
not having worked with GAE, so I might be completely off base, but try to
build an absolute path like
os.path.join(request.folder, file_path)
just an idea.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://c
Thanks.
Hope it works for you.
Let me know if you have any questions.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because
Glad I could help. I found that you better use absolute paths as soon as
you want to go down to sub directories. Using '.' as the begin of the path
might work, but I have not tested that.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2p
Not sure if that's the issue, but first you should use os.path.join to join
every part:
os.path.join(request.folder, 'databases', 'clients',
'client_{0}'.format(tenant))
otherwise you introduce a OS dependency.
I would try
con='sqlite://' + os.path.join(request.folder, 'databases', 'clients'
Might not be the most efficient, but if you put the from date and to date
as arguments and then redirect in the form.accepts:
if form.accepts(request,session):
#calculate the new dates...
session.flash='Updated date range'
redirect(URL('report',args=[from_date,to_date]))
--
Resourc
I use the following to display the contents of a MARKDOWN.
from
https://github.com/bradermacher/web2py-plugin-authman/blob/master/controllers/plugin_authman.py
def index():
# Read plugin description and display.
# Some logic in view (status of plugin and authorization
from os.path
AAAWs/sg3JAe6vh4I2HXRVb_x5qm0wwGmrRaL8QCLcBGAs/s1600/subroles.png>
On Sunday, October 15, 2017 at 5:30:09 PM UTC+2, Bernhard Radermacher wrote:
>
> That is correct. But this accesses the respective auth tables directly.
>
> authman adds additional tables, that allow
>
> - extensive editing before activatio
er_role has been set.
>
> This is a special case of the more general auth.settings.manager_actions
> functionality described at
> http://web2py.com/books/default/chapter/29/09/access-control#Application-Management-via-privileged-users--Experimental-
> .
>
> Anthony
>
> On Sunday, October 15
I developed a little plugin to facilitate authorization management. It can
be found at:
https://github.com/bradermacher/web2py-plugin-authman
I appreciate any comments.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
-
I tried to upload a small correction to the book as described in chapter 15
but got the following error:
$ git push origin [...]
ERROR: Permission to web2py/web2py-book.git denied to [...].
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the
works for
> me in one of my apps.
>
>
>
>
> (the non-Appadmin example points to a separate server)
>
> /dps
>
>
>
>
>
>>
>> On Monday, September 29, 2014 10:59:46 PM UTC+2, Bernhard Radermacher
>> wrote:
>>>
>>> Would that
*button *is better suited with a normal *a*
>
>
> On Sunday, September 28, 2014 10:37:33 PM UTC+2, Bernhard Radermacher
> wrote:
>>
>> I was always a bit disappointed with the features, or rather non-features
>> of the html button, basically that all functionality
I was always a bit disappointed with the features, or rather non-features
of the html button, basically that all functionality has to be programmed
by hand.
I created a small class (and patched it into gluon.html) to make a button
and the respective JQuery script automatically. At this time th
14 matches
Mail list logo
