Hello,
Is it possible to enforce : create, read, update, delete permission
with SQLFORM?
I can control read (readonly = True,) and delete (deletable =
True,)... But what about create and update? How may I prevent user
from editing a record if he has no permission to do it?
My controller use this pattern :
@auth.requires_login()
def update():
if auth.has_membership(auth.id_group('G1')):
form = crud.update(db...)
elif auth.has_membership(auth.id_group('G2')):
form = crud.update(db...)
Etc.
No problem if user don't enter URL manually, but if he do it SQLFROM
will not prevent it acces to a given record...
I see no other option except exploding my update function into many
functions and using @auth.requires_permission('update', db.table)...
Actually I just test it and I may be not need to explode my function
but just using @auth.requires_permission('update', db.table)...
Is decoration @auth.requires_permission() been create it to allow
SQLFORM CRUD property?
Thanks
Richard
