If a user knows the id of a record then, by default, there is nothing to stop them deleting a record from the database irrespective of the delete checkbox being displayed. For example:
http://my_server:my_port/my_application/my_controller/my_action?id=the_id&delete_this_record=on I know this is unlikely but in a business situation it seems a bit lax. In SQLFORM, deleteable is just used to decide whether to create the checkbox or not. Perhaps it should be saved in the form or session and checked before actually deleting. Bill --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
