Book ERRATA:
def give_create_permission(form):
group_id=auth.id_group('user_%s' %
auth.user.id)
auth.add_permission(group_id,'read',db.comment)
auth.add_permission(group_id,'create',db.comment)
def give_update_permission(form):
comment_id=form.vars.id
group_id=auth.id_group('user_%s' %
auth.user.id)
auth.add_permission(group_id,'update',db.comment,comment_id)
auth.add_permission(group_id,'delete',db.comment,comment_id)
auth.settings.register_onaccept = give_create_permission
crud.settings.auth = auth
def post_comment():
form = crud.create(db.comment, onaccept=give_update_permission)
comments = db(db.comment.id>0).select()
return dict(form=form, comments=comments)
def update_comment():
form = crud.update(db.comment, request.args(0))
retur dict(form=form)
On Jul 12, 9:28 am, mdipierro <mdipie...@cs.depaul.edu> wrote:
> Hi Vidul,
>
> thanks for reporting this. There are 3 issues:
> 1) A bug in tools that is now fixed in trunk
> 2) A typo in the code above, should have been
>
> db.define_table('asset',Field('name'))
>
> # in the
> controller:
> def give_asset_create_permission(form):
> group_id=auth.id_group('user_%s' % auth.user.id)
> auth.add_permission(group_id,'read',db.asset)
> auth.add_permission(group_id,'create',db.asset)
>
> def give_asset_update_permission(form):
> asset_id=form.vars.id
> group_id=auth.id_group('user_%s' % auth.user.id)
> auth.add_permission(group_id,'update',db.asset,asset_id)
> auth.add_permission(group_id,'delete',db.asset,asset_id)
>
> auth.settings.register_onaccept = give_asset_create_permission
> crud.settings.auth = auth
>
> @auth.requires_login()
> def post():
> form = crud.create
> (db.asset,onaccept=give_asset_update_permission)
> query = auth.accessible_query('read',db.asset,auth.user.id)
> assets = db(query).select(db.asset.ALL)
> return dict(form=form, assets=assets)
>
> 3) make sure you run "post" with an account created after
> "auth.settings.register_onaccept = give_asset_create_permission" was
> inserted in the code.
>
> Sorry about this.
>
> Massimo
>
> On Jul 12, 8:38 am, Vidul <vidul.pet...@gmail.com> wrote:
>
> > My apologies for raising my voice again - did anyone manage to replay
> > the example about:
> > "how to allow a visitor to post comments, but only update their own
> > comments
> > (assuming crud, auth and db.comment are defined)" (that's on page 84)?
> > If so - please let me know, this will save me a lot of time for a
> > migration from Rails to WEB2PY (the project's name is Solunas btw).
>
> > Thank you!
>
> > On Jul 12, 10:30 am, Hans Donner <hans.don...@pobox.com> wrote:
>
> > > and for chapter 8:
>
> > > - p213, cite the url and date
> > > - p214, 1st bullet - passwords are not always stored. (refer to later
> > > section)
> > > - p214, make clear that aut.permission is optional
> > > - p214, last two sentences start alike, please rephrase.
> > > - p215, 1st code example, please explain the code and refer to the
> > > sections where it is discussed in more detail
> > > - p215/216, the list on p216 seems also to belong to the sentence on
> > > p215 "the controller ... multiple actions". Because of the code
> > > listing the connection is lost. Adding a phrase like "An explanantion
> > > of the actions: " after the code listing and before the text will help
> > > - p216, not_authorized - how does this relate to the redirect by
> > > auth.settings.on_failed_authorisation (p225)
> > > - p216, "all are exposed ... to restrict", where /how to restrict. As
> > > per example on p218?
> > > - p216, subclassing auth. Can you provide examples or refer to ...
> > > - p216, last word "exmaple" -> "example"
> > > - p217, code example. auth refers here to the global variable auth as
> > > defined in the example on p215. As with the db global variable
> > > convention, please indicate the same in this chapter
> > > - p217, is there a seperate mail chapter? Yes: make a reference. No: make
> > > one
> > > - p218, appadmin interface doesnt use the markup and perhaps refer to
> > > the appadmin section (do we have one?)
> > > [p218, we might some proper user admin gui instead of using appadmin]
> > > - p218 r eblocking users. When will blocking users be active? On
> > > session expiration (when/how), logoff/login etc.
> > > - p218, last part of restrictions: "you can also block" and "can be
> > > restricted". What is it? Blocking seems to be the right word here
> > > (restricting for me means that there is still some parts accessible)
> > > - p218, recaptcha now only lists a partial signature. As per previous
> > > chapters, please list the full signature
> > > - p219, is the code listing correct? first "auth_table =
> > > db.define_table", followed by "auth_table = auth.settings.table_user"
> > > [ perhaps we need to include a helper in auth to do some basic chores
> > > and check onuser defined auth tabled ]
> > > - p219 "you can add any field ... cannot remove the required fields
> > > shown...". What you are saying is that the example shows the mimimum
> > > required fields, and more fields can be added as needed
> > > - p220, why not list the default supplied atlernate methods as you do
> > > with the validators?
> > > - p221, first half is a confusing text part. It seems to assume that
> > > some technical knowledge is present, and perhaps a reference can be
> > > made to apache .htaccess files that set up such a scheme.
> > > - p222, GAE "api is a little different but not too much". What is
> > > different? using login_form instead of login_methods, and no chaining.
> > > - p223 " although we suggest so" - why?
> > > - p223, use a bullet list to display the various actions (as per
> > > previous listing of attributes and methods/actions)
> > > - p224, first metion of crud. refer to the later section where it is
> > > discusse din more detail
> > > - pp24, the parts starting with the "row" code listing and " assuming
> > > following" should stand more apart
> > > [ accessible query on the todo to get something simmilar on GAE ]
> > > - p224, please explain the example - it now stands on its own
> > > - p224, first paragraph of the decorators should perhaps already being
> > > mentioned earlier (you first dive into the details and technical parts
> > > and the it is, "but here is how you should really do it"
> > > - p225, perhpas give more meaning full action names instead of "
> > > function_one"
> > > - p225, you really want users to run function_five?
> > > - p225, function_six should better be explained using the return
> > > example as per the other functions.
> > > - p226, refer to the crud (currently in ch 7)?
> > > - p226, the code listing is not explained
> > > - p227, download authorisation. Can you explain why it is different?
> > > (the reason behind it)
> > > - p227, "basic authorisation" how does this relate to the "basic" on p221
> > > - p228, make use of a bulleted list
> > > - p229, "as dicussed prveiously", please more specific references
> > > - p230 second line "funciton" - > "function"
> > > - p230, code listing, some lines are not wrapped (python wise) correctly
> > > - p231, the "..." in the listing will be filled?
>
> > > Hans
>
> > > On Sun, Jul 12, 2009 at 12:17 AM, Hans Donner<hans.don...@pobox.com>
> > > wrote:
> > > > And for chapter 7:
>
> > > > - p174, halfway " can be done in the view or the action". I assume
> > > > action is defined earlier - Perhaps a quick reference.
> > > > - general, sometime you amke an update of a previous example. Please
> > > > make explicit in the code, eg by using comments, where the new/changed
> > > > stuff is. Makes it easier to spot
> > > > - p175, 1st bullter re the validator. refer to later section covering
> > > > validators
> > > > - p17s, lower part. Explain that this message is generated by default
> > > > by the validator in the used example
> > > > - p175, 3rd line below "bee submitted"
> > > > - p177, last bullet. consider switching the the last sentences
> > > > - p178, re the explanition of accept and errors. Perhaps add that
> > > > accepts calls the validators and the optionally onvalidate that doe
> > > > the actual adding of error messages
> > > > - p178, keepvalues - also covers the signature of accepts. should be
> > > > before the keep value
> > > > - p179 - what is field d doing in this example?
> > > > - p 180/181 multple forms/self sunmission. Both refer to SQLFORM that
> > > > is only discussed later
> > > > - p180 multiple form submission. So by leaving out the session
> > > > variable where open again for double submission. Can we prevent it, or
> > > > did we open a new hole?
> > > > [note: perhaps we need more explicit ways to deal with this in web2py,
> > > > as leaving out a session variable can be overlooked]
> > > > - p181, self submission - what is the use case for having this? teh
> > > > code example on shows how it is done, but gives little information on
> > > > why it is done...
> > > > - p182 '( it can be psddrf with the fields...)' - how?
> > > > - p182, last part - gae stores in the db
> > > > - p183, last half ' single biggest time saver' - why? how?
> > > > - p183, just below previous: how and why to overlaod the xml method.
> > > > Relevant example?
> > > > - p184, sequence of the fields is not in line with the signature (it
> > > > is in other cases)
> > > > - p184, consider how the senteneces are phrased. Most orther cases
> > > > start with the fieldname, here it is more messy
> > > > - p185, first bullet. Bit messy. Starts with " optional arguments are
> > > > ... starting with underscore'. just below a argument name is shown
> > > > without an underscore. perhaps a bit more background re the _
> > > > attributes
> > > > - p185, insert/update. be more specific if a record is passed, or just
> > > > an id
> > > > - p186 - sqlform in html. This is a very special case. Perhaps list
> > > > why/when to use this. Compare it with the custom variant
> > > > - p186, code example. Correct that session is missing? make it explicit
> > > > - p186 - why is the custom vraint only listed several pages later?
> > > > - p187 - re the formname, where is it used for. What is the effect of
> > > > setting it to None (looks like what has been disucssed on 180)
> > > > - p187 - sqlform and upload - GAE is different
> > > > - p187 - perhpas make the filenaming convetion explicit:
> > > > <table>.<field>.<id-part1>.<id-part2>.<original extension>
> > > > - p188, example refers to 'db', which is a global variable and has
> > > > required name. be more explicit, also in the DAL section that is a
> > > > aconvetion to name the DAL global variable db, and is used as such in
> > > > the book
> > > > - p188, html output bottom: reformat it?
> > > > - p190, link to referencing records. Make a reference to Chapter 6 / DAL
> > > > - p190, bottom, 'appadmin' is mentioned here. make a reference to
> > > > where it is explained in more detail
> > > > [ note re page 191, add a similar upgrad to linkto for SQLFORM as we
>
> ...
>
> read more »
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
