Still not sure what the problem is. Are you saying all users have the same permissions? If so, then you don't need to bother with roles or permissions at all -- just verify that the user is logged in in order to control access. If something in the session is needed to determine access, then you can just test for that using a simply if statement, or if you prefer, you can use the @auth.requires() decorator, which takes any arbitrary expression as the condition to be required. See http://web2py.com/books/default/chapter/29/09#Authorization, and more specifically, http://web2py.com/books/default/chapter/29/09#Combining-requirements.
Anthony On Sunday, December 9, 2012 4:35:07 AM UTC-5, dbv wrote: > > Need email + password only for authentication and authorization. Each > user represents an entity (organization) defined by their unique email + > password combination. A user has no role defined and if there were a > default role defined internally in web2py it would be the same for all > users. While logged in (or signed in) a user has their own session created > that allows them to perform/view certain actions until they log out. Does > that help? > > --
