The easiest way is this:
say you have
db.define_table('data',Field('something'),Field('created_by',db.auth,default=auth.user_id,writable=False))
make sure to filter recods with db(db.data.created_by==auth.user_id)
before you list them.
and if not db.data[record_id].created_by==auth.user_id: redirect(some
error page).
You can use curd.settings.auth :
# require permissions for every action
crud.settings.auth.auth
# give ervybody permission to create 'data' records
auth.settings.register_onaccept=lambda form:
auth.add_permission(auth.user_group(form.vars.id),'create','data')
# give users all permission on records they create
def give_permission(form):
for name in ('read','update','select','delete'):
auth.add_permission(auth.user_group(),name,form.table,form.vars.id)
crud.settings.create_onaccept=give_permission
On May 10, 5:55 pm, greenpoise <danel.sega...@gmail.com> wrote:
> Ok. Let me explain it better. I am trying to build an app. where
> inspectors (construction) will entered gathered data. The thing is
> that the inspectors are from different companies. I want the different
> companies to see what they have gathered only.
>
> Example:
> Company A can only see what they gathered and entered
> Company B can only see what they gathered and entered.
>
> Right now users can log (no matter which company) and see all the
> data, so I am missing something. Is it in the authentication? or is it
> in the sql logic of it??
>
> Thanks
>
> d
>
> On May 10, 4:58 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > Do you mean you want to limit which fields will be visible to users
> > when they register and edit their profile?
>
> > You need to use a custom auth_user table and set writable=False for
> > those fields they cannot edit, and readable=False for those that
> > should not be visible. For example:
>
> > db.define_table('auth_user',
> > Field('first_name', length=512,default=''),
> > Field('last_name', length=512,default=''),
> > Field('username',length=32,default='',
>
> > requires=(IS_NOT_EMPTY(),IS_NOT_IN_DB(db,'auth_user.username'))),
> > Field('email', length=512,default='',
>
> > requires=(IS_EMAIL(),IS_NOT_IN_DB(db,'auth_user.email'))),
> > Field('password', 'password', readable=False,
> > label='Password',
> > requires=[CRYPT(auth.settings.hmac_key)]),
>
> > Field('is_admin','boolean',default=True,readable=False,writable=False),
> > Field('registration_key', length=512,writable=False,
> > readable=False,default=''),
> > Field('reset_password_key', length=512,writable=False,
> > readable=False, default='',
> > label=auth.messages.label_reset_password_key),
> > )
>
> > As you can see is_admin is not readable and writable.
> > auth.define_tables() # creates all needed
> > tables
>
> > On May 10, 12:39 pm, greenpoise <danel.sega...@gmail.com> wrote:
>
> > > Whenever I use authentication on its basic form:
>
> > > 1. Any user can register something I do not want.
> > > 2. Any user can see all the data
>
> > > I want to be more specific and have control of the registration
> > > process as to where I create the users and group they pertain to and
> > > hence look at their specific data only. Where is this defined? within
> > > the Authentication/Groups or do I have to add another specifying
> > > field?? I read the Authentication part of the book but I simply dont
> > > know how to tackle this problem.
>
> > > Also while at it, is it a good practice to use the same database for
> > > different clients?
>
> > > Thanks
