[web2py] Re: crud permissions

Fri, 02 Aug 2013 00:36:32 -0700 

The problem is that you never give the current use the permission to 
create. You only run this line
    auth.add_permission(group_id, 'create', db.contacts)
after the call to create. You need to call it once before, or create the 
permission via appadmin.

This is fine but I want to point out that you can do it in another way:

You are basically saying a user can edit and select records he created. So..

db.define_table (
    'contacts',
    Field('FirstName'),
    ...
    Field('Company'),
    auth.signature,
    common_filter = lambda query: db.contacts.created_by == auth.user_id)

def create_contacts():
    form = SQLFORM(db.contacts).process()
    return dict(form=form)

You can disable the common filter when you do not want it:

    if auth.user.is_admin: db.contacts._common_filter = None

I would also replace "contacts" with "contact" everywhere. The code would 
be more readable.



On Thursday, 1 August 2013 11:55:56 UTC-5, GregD wrote:
>
> I've turned on auth and attempting to use crud.
>
> when I go to my app http://.../data/create/table_name
>
> I get "insufficient privileges"
> NOT Authorized
> Access Denied
>
> What am I missing?
>
> db.py is as follows:
>
> from gluon.tools import Auth
> from gluon.tools import Crud
>
> db = DAL('sqlite://storage.sqlite')
>
> db.define_table (
>     'contacts',
>     Field('FirstName'),
>     Field('LastName', requires=IS_NOT_EMPTY()),
>     Field('Address1'),
>     Field('Address2'),
>     Field('City'),
>     Field('State'),
>     Field('Zip'),
>     Field('Mobile'),
>     Field('Work'),
>     Field('Fax'),
>     Field('Home'),
>     Field('EmailAddr'),
>     Field('WebURL'),
>     Field('JobTitle'),
>     Field('Company'),
>     Field('CreateDate', 'datetime', default=request.now, writable=False) )
>
> auth = Auth(db)
> auth.define_tables(username=True)
>
> crud = Crud(db)
> crud.settings.auth = auth
> crud.settings.controller = 'default'
> crud.settings.create_next = URL('index')
>
> default.py <controller> includes the following:
>
> def give_create_permission(form):
>     group_id = auth.id_group('user_%s' % auth.user.id)
>     auth.add_permission(group_id, 'read', db.contacts)
>     auth.add_permission(group_id, 'create', db.contacts)
>     auth.add_permission(group_id, 'select', db.contacts)
>     
> crud.settings.auth = auth
>
> def create_contacts():
>     form = crud.create(db.contacts, onaccept=give_update_permission)
>     return dict(form=crud())
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to