Thanks Khalil, but I'm not sure how that solves my problem. I want, if possible, to automate a filtering operation that will apply to every query and exclude records the user is not allowed to see based on where his email address appears in the organization --> site --> building hierarchy. The important thing is that I'm not so much restricting access to pages (controllers), which is the usual effect of auth.requires() decorators. It's more like trying to confine the user to a sub-tree of records where the root of the sub-tree is a record in one of the three top-level tables -- if that makes any sense.
I suppose one way to go about would be to post-filter the set of records just before they are passed to the view, but I suspect that finding a way to AND the conditions with the query would give better performance. On Saturday, April 21, 2012 1:32:05 PM UTC-4, Khalil KHAMLICHI wrote: > > Create a custom field called "site" in auth_user table and when > registering a new user give him his affected site, for any page user will > view make sure you check for this value in you queries. >
