On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: > > I'd like to see > web2py's access control beefed up (thus permitting easy development of > workflows, among other things). Specifically, the current web2py RBAC > has two levels of granularity: table and record (row). This should be
extended to include field(column), type(controller), and > context(state). auth.add_permission(group_id, 'name', 'object', record_id) In the above, 'object' can be any user-defined object, not just a DB table (record_id is only relevant if the object is a table). Does that help? > Although the type(controller) access control is currently implemented > via decorators in web2py, this is restricted to coders. You don't have to use decorators. You can directly check for permissions via auth.has_membership() and auth.has_permission().
