Using MDP's example from here:
https://groups.google.com/d/msg/web2py/VBrm6B6-Pdk/sG_h9Ane8zQJ and the
manual's suggestion for digitally signed urls:
@auth.requires_membership('admin'):
def index()
link = URL('other',user_signature=True) #1
return dict(link=link)
@auth.requires_signature() #2
def other():
return dict(message='hello world')
I have added a SQLFORM.grid in other(). Everything works fine except for
the pagination links. The requires_signature decorator for other() won't
accept the signed URL from the grid, and the user is redirected to the
access denied/not authorized page.
Link from index():
...other/29?_signature=663347d7a36b4eb34f6f07607f4a3b396f76e1cd
page2 link from other()
grid: ...other/29?page=2&_signature=663347d7a36b4eb34f6f07607f4a3b396f76e1cd
I tried removing the requires_signature() decorator, and the pagination
works correctly. It appears as though both URL(user_signature=True) and
SQLFORM.grid(user_signature=True) hash the signature the same, but
@auth.requires_signature and SQLFORM.grid verify the signatures differently.
If that is a fair or accurate statement, how should I work around this?
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
