I try to recreate the table grid as in the appadmin for some tables. It's
not going to badly until now, but I fall on some limitations.
For example,
If I want all the fields or columns except some of thoses :
db.table.field.readable=False is not working.
I have not try yet with SQLTABLE, but I would like to stay with crud since
it is simpler to set the permissions.
I note that it is not possible to use this with crud.select :
crud.select(db.table1,fields=[THE FIELDS I
WANT],headers={request.args(0)+'.field1':
'MYLABEL'},truncate=100,_class='sortable')
If I specify THE FIELDS I WANT I can't get MYLABEL.
And there is lot more stuff that are interresting in the appadmin.py like
the sort...
*Are the injection vulnerabilities comes from the input query form?*
I would like to clear all the things that should be restrict to admin and
just take the goodies I need.
Richard
On Mon, Oct 18, 2010 at 3:52 PM, mdipierro <mdipie...@cs.depaul.edu> wrote:
> Mind that appadmin is designed for administrator. If you expose it to
> users it would introduce injection vulnerabilities. Why not just use
>
> crud.create
> crud.update
> crud.search
>
>
>
>
>
>
>
> On Oct 18, 2:01 pm, Richard Vézina <ml.richard.vez...@gmail.com>
> wrote:
> > Hello,
> >
> > I try to hack the appadmin.py to use it with a limited number of tables
> that
> > I would define...
> >
> > How may I define the tables that I want without to much alter the
> > appadmin.py functionning.
> >
> > Grossly I would like to gain acces to a kind of summary of all the tables
> > that users are filling with data. So, I can let them look for errors and
> do
> > other data management task.
> >
> > Thanks
> >
> > Richard
>
