Ok, read very fast... didn't understand the context...
For user_profile kind of stuff, I would go with permission... You create a
role that has access to user_profile_update_form, like, manage_user
group... And you have 2 functions/pages one that only show user profile
data... You can filter what you want to expose or not... And the other
controler with a update form allow to "admin" or "user_manager" role to
alter user profile of the orther users...
In both controller you check role like that :
def manage_user():
if not auth.has_membership('manage_user'):
redirect("ON PERMISSION ISSUE PAGE DETAILING HOW TO ASK FOR MORE
PERMISSION")
...
regular controller suff
Or if you don't want user to see each other profile at all you can just
check that user id passed as args is the user id :
def user_profile():
if not request.args(0) == auth.user_id:
redirect("ON PERMISSION ISSUE PAGE DETAILING HOW TO ASK FOR MORE
PERMISSION")
...
regular controller suff
Richard
On Tue, Feb 3, 2015 at 4:22 PM, Richard Vézina <ml.richard.vez...@gmail.com>
wrote:
> Or, if you just want to check if args passed has been change you can store
> the programmatically passed args in session and ckeck in session before
> process form or accessed page....
>
> Richard
>
> On Tue, Feb 3, 2015 at 4:20 PM, Richard Vézina <
> ml.richard.vez...@gmail.com> wrote:
>
>> request.args(0)...
>>
>> If user input 4 instead of 1 and access the page you can get the args the
>> same way you do it if you pass args value programmatically...
>>
>> Is you question to know how you can avoid that or kind of double check if
>> programmatically passed args doens't change?
>>
>> If so, maybe it is not exactly what you want, but maybe signing url can
>> help :
>> http://web2py.com/books/default/chapter/29/04/the-core?search=signed+url#Digitally-signed-urls
>>
>> This suppose to avoid modification of url by user because if url
>> signature change processing is trunked somehow, I gues you can implement
>> your own logic about that...
>>
>> Richard
>>
>> On Tue, Feb 3, 2015 at 3:58 PM, Alex Glaros <alexgla...@gmail.com> wrote:
>>
>>> how to catch args typed in by user into address window
>>>
>>> example of URL at top of browser:
>>>
>>> view_user_profile/4
>>>
>>> user goes to address window and changes 4 to 1 so now, #1 person's data
>>> appears instead of #4 person
>>>
>>> view_user_profile/1
>>>
>>> what is the syntax for capturing that URL arg typed in by user? I want
>>> to redirect if that happens.
>>>
>>> thanks
>>>
>>> Alex Glaros
>>>
>>> --
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to web2py+unsubscr...@googlegroups.com.
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
