I don't know about the future development plan for Auth. As I understand the current behavior, anyone change register for an account. In fact, a logged-in user cannot register another user. This arrangement is appropriate for some applications, but not for others.
For example, my current application, I want only authorized users to access the information. The current arrangement would circumvent that by allowing anyone to register for an account. In fact, I want only want only admin group users to be able to register new users. My current approach is simply to delete the register function. But I may wish to have the default auth functionality for other applications on the same host. Therefore, I would like to propose adding an attribute to Auth: register_requires_admin (or similar), and have the register function test for this attribute, and display the registration form only if the attribute is false, flashing an error message otherwise. What do you think about this proposal? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
