> > def circuit_filter(query): > """ > Allow only records where auth_user matches the organization, site or > building that owns > the system that owns this circuit. > """ > eml = auth.user.email > sys = db.t_circuit.f_system > bldg = sys.f_building > site = bldg.f_site > org = site.f_organization > filter = ((bldg.f_contact_email == eml) | > (site.f_contact_email == eml) | > (org.f_contact_email == eml)) > return filter > > Does that look right? >
Not quite -- in the above you are appending fields to other fields (e.g., sys.f_building is equivalent to db.t_circuit.f_system.f_building, which doesn't work). I think you may need to join all the tables in the hierarchy above the table being queried (i.e., db.t_circuit.f_system==db.t_system.id, etc.) and then test whether auth.email matches the email field in any of the joined tables. Anthony
