This is wrong
record_id=request.args[0]
record=db(db.adres.id==record_id).select(db.adres.bedrijf)[0]
if not record:
redirect(URL(r=request,f='crud_address'))
elif not record.bedrijf==auth.user.bedrijf:
redirect(URL(r=request,f='crud_address'))
because the result of the select may be empty and thus not row[0]. I
suggest replacing those lines with
record=db.adres[request.args[0]]
if not record or not record.bedrijf==auth.user.bedrijf:
redirect(URL(r=request,f='crud_address'))
On May 27, 7:37 am, annet <annet.verm...@gmail.com> wrote:
> In this post:
>
> http://groups.google.com/group/web2py/browse_thread/thread/8d78f8f9a7...
>
> I described the following problem:
>
> When the user clicks the link in the view:
>
> <td>
> {{=A(T('update/delete'),_href=URL(r=request,f='update_address',args=
> [record.id]))}}
> </td>
>
> the correct record is displayed, when the user tampers the arg in the
> URL two things happen: if he changes the arg to a record_id of an
> existing record the elif redirects to the crud_address function,
> however, when he changes the arg to a record_id that is not in the
> database the following error ticket is issued:
>
> Traceback (most recent call last):
> File "/Library/Python/2.5/site-packages/mockpy/gluon/restricted.py",
> line 98, in restricted
> File "/Users/iannet/mockpy/applications/mock/controllers/crud.py",
> line 41, in <module>
> File "/Library/Python/2.5/site-packages/mockpy/gluon/globals.py",
> line 75, in <lambda>
> File "/Users/iannet/mockpy/gluon/tools.py", line 1049, in f return
> action(*a, **b)
> File "/Users/iannet/mockpy/applications/mock/controllers/crud.py",
> line 31,
>
> in update_address
> elif not record[0].bedrijf==auth.user.bedrijf:
>
> File "/Library/Python/2.5/site-packages/mockpy/gluon/sql.py", line
> 2109,
> in __getitem__
> SyntaxError: SQLRows: no such row
>
> I thought I solved the problem:
>
> @auth.requires_membership('core_manager')
> def update_address():
> response.view='core/update.html'
> response.flash=T('update or delete record')
> db.adres.bedrijf.writable=False
> record_id=request.args[0]
> record=db(db.adres.id==record_id).select(db.adres.bedrijf)[0]
>
> if not record:
> redirect(URL(r=request,f='crud_address'))
>
> elif not record.bedrijf==auth.user.bedrijf:
> redirect(URL(r=request,f='crud_address'))
> form=crud.update(db.adres,request.args[0],next=(URL
> (r=request,f='crud_address')))
> return dict(form=form)
>
> However, today I found out that this only solves the problem if the
> record_id is within the range of 0 and the current record_id, when the
> record_id exceeds the current record's id a similar error ticket is
> issued:
>
> Traceback (most recent call last):
> File "/Library/Python/2.5/site-packages/web2pyfitwise/gluon/
> restricted.py", line 98, in restricted
> exec ccode in environment
> File "/Library/Python/2.5/site-packages/web2pyfitwise/applications/
> cms/controllers/core.py", line 82, in <module>
> File "/Library/Python/2.5/site-packages/web2pyfitwise/gluon/
> globals.py", line 75, in <lambda>
> self._caller = lambda f: f()
> File "/Library/Python/2.5/site-packages/web2pyfitwise/gluon/
> tools.py", line 1045, in f
> return action(*a, **b)
> File "/Library/Python/2.5/site-packages/web2pyfitwise/applications/
> cms/controllers/core.py", line 37,
>
> in update_address
> record=db(db.adres.id==record_id).select(db.adres.bedrijf)[0]
>
> File "/Library/Python/2.5/site-packages/web2pyfitwise/gluon/sql.py",
> line 2109, in __getitem__
> raise SyntaxError, 'SQLRows: no such row'
> SyntaxError: SQLRows: no such row
>
> I think I have to move:
>
> if not record:
> redirect(URL(r=request,f='crud_address'))
>
> up in de code, but I am not sure where it should go to finally solve
> this problem. If so, why did the current code partially solve my
> problem.
>
> Kind regards,
>
> Annet.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
