Thanks, Marlysson. I understand why it's going wrong when the user changes
their own level. My question was aimed a finding out if web2py had a
convenience function to refresh auth.user from db.auth_user. Otherwise I
have to use an ugly construct like:
try:
aid = auth.user.id # raises AttributeError if not logged in.
authlevel = db(db.auth_user.id == aid).select()[0].userlevel
except AttributeError:
authlevel = 0
On Friday, October 7, 2016 at 8:27:10 AM UTC-4, Marlysson Silva wrote:
>
> Isn't because you are putting the level user hardcoded? There after that
> user change own level , the verification don't works more.
>
> 1. If you want that user name are unique mark at table the field with
> validator unique=True
> 2. The size of rows returned could be made with count() , db(query).count()
>
>
> Em quinta-feira, 6 de outubro de 2016 19:15:02 UTC-3, Michael Ellis
> escreveu:
>>
>>
>> I have the following code as a json service for changing user
>> privileges. This app doesn't need the fine-grained control of Web2py RBAC
>> so I've added an integer userlevel field to auth_user. It mostly works as
>> intended except when a logged in user alters her own userlevel. The change
>> isn't detected unless she logs out and then back in. I understand this is
>> because the auth.user record is cached in the session. What's the right
>> way to update a logged in user whose auth_user record may have changed?
>>
>> @service.json
>> def set_user_group():
>> """
>> Changes a user's group (userlevel)
>> Args:
>> first_name,last_name, newgroup in request.args
>> Returns: error message if auth fails
>> Raises: Nothing
>> """
>> err = None
>> if auth.is_logged_in() and auth.user.userlevel >= 2:
>> # Ok to change it
>> first, last, newgroup = tuple(request.args)[-3:]
>> tbl = db.auth_user
>> qry = ((tbl.first_name == first) & (tbl.last_name == last))
>> rows = db(qry).select()
>> assert len(rows) <= 1 ## should be impossible to have duplicate
>> names
>> if len(rows) == 0:
>> err = "User '{} {}' not found in database!".format(first,
>> last)
>> else:
>> id = rows[0][tbl.id]
>> newlevel = dict(user=0, tech=1, admin=2)[newgroup.lower()]
>> db(tbl.id == id).update(userlevel=newlevel)
>> else:
>> err = "Changing user groups requires log-in with admin privileges"
>> return dict(msg=err)
>>
>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
