Have you tried adding:
auth.user.update(userlevel=newlevel)
Anthony
On Thursday, October 6, 2016 at 6:15:02 PM UTC-4, Michael Ellis wrote:
>
>
> I have the following code as a json service for changing user privileges.
> This app doesn't need the fine-grained control of Web2py RBAC so I've
> added an integer userlevel field to auth_user. It mostly works as intended
> except when a logged in user alters her own userlevel. The change isn't
> detected unless she logs out and then back in. I understand this is
> because the auth.user record is cached in the session. What's the right
> way to update a logged in user whose auth_user record may have changed?
>
> @service.json
> def set_user_group():
> """
> Changes a user's group (userlevel)
> Args:
> first_name,last_name, newgroup in request.args
> Returns: error message if auth fails
> Raises: Nothing
> """
> err = None
> if auth.is_logged_in() and auth.user.userlevel >= 2:
> # Ok to change it
> first, last, newgroup = tuple(request.args)[-3:]
> tbl = db.auth_user
> qry = ((tbl.first_name == first) & (tbl.last_name == last))
> rows = db(qry).select()
> assert len(rows) <= 1 ## should be impossible to have duplicate
> names
> if len(rows) == 0:
> err = "User '{} {}' not found in database!".format(first, last)
> else:
> id = rows[0][tbl.id]
> newlevel = dict(user=0, tech=1, admin=2)[newgroup.lower()]
> db(tbl.id == id).update(userlevel=newlevel)
> else:
> err = "Changing user groups requires log-in with admin privileges"
> return dict(msg=err)
>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
