On Monday, October 24, 2011 7:06:12 PM UTC-4, lucas wrote:
>
> ok, i tried the auth.add_permission(group_id=2, name="read",
> table_name="news") line and just stuck it under db.py. i still can't
> get a True out of the has_permission('read') or has_permission(2,
> 'read') or has_permission(group_id=2, name='read'), nothing.
>
It would have to be auth.has_permission('read', 'news'). See the example at
the end of this
section: http://web2py.com/book/default/chapter/08#Authorization.
>
> your second suggestion gets me thinking. can i add a field under the
> news table, field named say "security", and add the value "restricted"
> to certain records that i don't want guests seeing. is there a way to
> decorate or automatically have web2py filter out the restricted rows,
> compile and display only the unrestricted rows? interesting
> suggestion.
>
I suppose you could do it that way. You can also assign permissions to
individual records, and check those permissions (including checking for all
allowed records for a given user via auth.accessible_query). See the section
referenced above as well
as http://web2py.com/book/default/chapter/08#Authorization-and-CRUD.
Anthony
