Hi, This is my first post so first i wanna say thanks for all the hard work on web2py. I've been using it and its really a nice framework and usually I can find a way to get it to do anything I need done but this time I'm a bit stumped. I have what I think is a relatively standard requirements but I'm not sure how to implement it. A simple example of what I'm trying to do would be a website to manage projects, users, and documents. Documents can belong to multiple projects as can users and I want to require that:
1 - users can access any document in a project they are a member of 2 - users can edit only documents they've created For my purposes the documents are DB records (I'm not asking about upload/download). I know how to do (2) using common filters like: db.document._common_filter = lambda query: db.document.created_by == auth.user.id Is there a similar way to implement (1) using common filters? I don't see an obvious way to do this in particular because the users-projects and docs-projects relationships are both many-to-many. I'm open to doing this another way but I want to avoid manually enforcing permissions everywhere in the code where I access the DB as I'm sure this will lead to bugs. A natural approach would be to create a group for every project and then assign read access to the docs belonging to the project (and make users members of the relevant project groups). But I'm not sure how to enforce these privileges in web2py. I gather this is possible if I only use CRUD but I'd rather enforce this at the level data model or DAL (as with the common filter) since I may not always use crud. Is that not possible? Thanks for the help (and the patience to read through the question). -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
