Got it, or so I think. I will continue working on my project to see if
I get it. Thanks
On May 10, 7:18 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> The easiest way is this:
>
> say you have
> db.define_table('data',Field('something'),Field('created_by',db.auth,default=auth.user_id,writable=False))
>
> make sure to filter recods with db(db.data.created_by==auth.user_id)
> before you list them.
> and if not db.data[record_id].created_by==auth.user_id: redirect(some
> error page).
>
> You can use curd.settings.auth :
>
> # require permissions for every action
> crud.settings.auth.auth
> # give ervybody permission to create 'data' records
> auth.settings.register_onaccept=lambda form:
> auth.add_permission(auth.user_group(form.vars.id),'create','data')
> # give users all permission on records they create
> def give_permission(form):
> for name in ('read','update','select','delete'):
>
> auth.add_permission(auth.user_group(),name,form.table,form.vars.id)
> crud.settings.create_onaccept=give_permission
>
> On May 10, 5:55 pm, greenpoise <danel.sega...@gmail.com> wrote:
>
> > Ok. Let me explain it better. I am trying to build an app. where
> > inspectors (construction) will entered gathered data. The thing is
> > that the inspectors are from different companies. I want the different
> > companies to see what they have gathered only.
>
> > Example:
> > Company A can only see what they gathered and entered
> > Company B can only see what they gathered and entered.
>
> > Right now users can log (no matter which company) and see all the
> > data, so I am missing something. Is it in the authentication? or is it
> > in the sql logic of it??
>
> > Thanks
>
> > d
>
> > On May 10, 4:58 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > > Do you mean you want to limit which fields will be visible to users
> > > when they register and edit their profile?
>
> > > You need to use a custom auth_user table and set writable=False for
> > > those fields they cannot edit, and readable=False for those that
> > > should not be visible. For example:
>
> > > db.define_table('auth_user',
> > > Field('first_name', length=512,default=''),
> > > Field('last_name', length=512,default=''),
> > > Field('username',length=32,default='',
>
> > > requires=(IS_NOT_EMPTY(),IS_NOT_IN_DB(db,'auth_user.username'))),
> > > Field('email', length=512,default='',
>
> > > requires=(IS_EMAIL(),IS_NOT_IN_DB(db,'auth_user.email'))),
> > > Field('password', 'password', readable=False,
> > > label='Password',
> > > requires=[CRYPT(auth.settings.hmac_key)]),
>
> > > Field('is_admin','boolean',default=True,readable=False,writable=False),
> > > Field('registration_key', length=512,writable=False,
> > > readable=False,default=''),
> > > Field('reset_password_key', length=512,writable=False,
> > > readable=False, default='',
> > > label=auth.messages.label_reset_password_key),
> > > )
>
> > > As you can see is_admin is not readable and writable.
> > > auth.define_tables() # creates all needed
> > > tables
>
> > > On May 10, 12:39 pm, greenpoise <danel.sega...@gmail.com> wrote:
>
> > > > Whenever I use authentication on its basic form:
>
> > > > 1. Any user can register something I do not want.
> > > > 2. Any user can see all the data
>
> > > > I want to be more specific and have control of the registration
> > > > process as to where I create the users and group they pertain to and
> > > > hence look at their specific data only. Where is this defined? within
> > > > the Authentication/Groups or do I have to add another specifying
> > > > field?? I read the Authentication part of the book but I simply dont
> > > > know how to tackle this problem.
>
> > > > Also while at it, is it a good practice to use the same database for
> > > > different clients?
>
> > > > Thanks
