On 2010-08-26 15:51, Gary wrote:
I'm trying to put some access control around some of my functions.
When I use the admin interface to define a new auth_permission, the
form allows a tablename from a drop-down list containint *ONLY* the 4
predefined auth_* tables.
    It does not list any of my own tables in the drop-down list.
Shouldn't it?
    Also shouldn't an empty field be allowed here?
    Also shouldn't an empty record id field also be allowed?   It not,
        but using a zero is a workaround.

Add this at the end of your models

db.auth_permission.table_name.requires=\
    IS_IN_SET(db.tables)


To work around the disallowed table problem, I did it programmaticaly
with calls to
    auth.add_permission(group_id, 'create', db.MyTable)
but the question is now: Where should I put these?  I made the mistake
of putting them in the db.py file, and got a new auth_permission
record everytime the DB is hit.  So I preceded the calls with a
db.auth_permission.truncate()...  But there has to be a better way!!!

Any help would be appreciated.

In the controller

@auth.requires_login()
def create():
   form = crud.create(db.YOURTABLE)
   if form.accepts(request.vars, session):
       response.flash = T('form accepted')
   elif form.errors:
       response.flash = T('form has errors')
   else:
       response.flash = T('please fill out the form')
   return dict(form=form)

You have to create a permission "create" for YOURTABLE and give it to a particular group and for permission to whole table record_id should be set to 0.

You have to create membership to the group if you not using a "user group" create automatically by web2py.

The "@auth.requires_login()" is called a decoration and just request the user to be logged in...

Jonhy
<?orderby=auth_permission.record_id>

Reply via email to