I would suggest starting over from scratch and using Web2py's Access Control
features as they come by default as much as possible. Once you are
comfortable with how they work, you can think about customizing them.
I think your code should be something like this:
==model==
db.define_table('day',
Field('thedate','date'),
Field('value', 'integer'))
Field('created_by', db.auth_user, default=auth.user_id))
==controller==
@auth.requires_login()
def create():
form = SQLFORM(db.day)
if form.accepts(request.vars, session):
redirect(URL('default', 'day', args=form.vars.id))
return dict(form=form)
def day():
day = db(db.day.id==request.args(0)).select().first()
if day.created_by==auth.user_id
return dict(day=day)
