I'm not sure, but isn't this method open to Cross site scripting? I
can create an image tag with the http://.../check with ease!
On Oct 6, 8:26 pm, mdipierro <mdipie...@cs.depaul.edu> wrote:
> Say you have a table
>
> db.define_table('item',Field('name'),Field('check','boolean',default=False))
>
> you can have two controllers like
>
> def items():
> rows=db(db.item.owner==auth.user_id).select()
> return dict(rows=rows)
>
> def check(): # this is a callback!
> record=db.item(request.args(0))
> # optional check if auth.user is allowed to edit record
> if record and record.checked==False:
> record.update_record(check=True)
> return 'on'
> elif record and record.checked==True:
> record.update_record(check=False)
> return 'off'
> return ''
>
> and in the view default/items.html
>
> <table>
> {{for row in rows:}}
> <tr>
> <td>{{=row.name}}</td>
> <td><a href="#" id="q{{=row.id}}"
> onclick="ajax('{{=URL('check',args=row.id)}}',
> [],'q{{=row.id}}');return false;">{{=row.checked and 'on' or 'off'}}</
> a>
> </td>
> </tr>
> {{pass}}
> </table>
>
> when you click on 'on' or 'off' it callshttp://..../check/<id> and
> the response will replace the 'on' or 'off'
