I'm trying to put some access control around some of my functions. When I use the admin interface to define a new auth_permission, the form allows a tablename from a drop-down list containint *ONLY* the 4 predefined auth_* tables. It does not list any of my own tables in the drop-down list. Shouldn't it? Also shouldn't an empty field be allowed here? Also shouldn't an empty record id field also be allowed? It not, but using a zero is a workaround.
To work around the disallowed table problem, I did it programmaticaly with calls to auth.add_permission(group_id, 'create', db.MyTable) but the question is now: Where should I put these? I made the mistake of putting them in the db.py file, and got a new auth_permission record everytime the DB is hit. So I preceded the calls with a db.auth_permission.truncate()... But there has to be a better way!!! Any help would be appreciated.