I'm trying to put some access control around some of my functions.
When I use the admin interface to define a new auth_permission, the
form allows a tablename from a drop-down list containint *ONLY* the 4
predefined auth_* tables.
It does not list any of my own tables in the drop-down list.
Shouldn't it?
Also shouldn't an empty field be allowed here?
Also shouldn't an empty record id field also be allowed? It not,
but using a zero is a workaround.
To work around the disallowed table problem, I did it programmaticaly
with calls to
auth.add_permission(group_id, 'create', db.MyTable)
but the question is now: Where should I put these? I made the mistake
of putting them in the db.py file, and got a new auth_permission
record everytime the DB is hit. So I preceded the calls with a
db.auth_permission.truncate()... But there has to be a better way!!!
Any help would be appreciated.
