On Sat, Apr 21, 2012 at 7:31 PM, Anthony <abasta...@gmail.com> wrote:
> def circuit_filter(query): >> """ >> Allow only records where auth_user matches the organization, site or >> building that owns >> the system that owns this circuit. >> """ >> eml = auth.user.email >> sys = db.t_circuit.f_system >> bldg = sys.f_building >> site = bldg.f_site >> org = site.f_organization >> filter = ((bldg.f_contact_email == eml) | >> (site.f_contact_email == eml) | >> (org.f_contact_email == eml)) >> return filter >> >> Does that look right? >> > > Not quite -- in the above you are appending fields to other fields (e.g., > sys.f_building is equivalent to db.t_circuit.f_system.f_building, which > doesn't work). I think you may need to join all the tables in the hierarchy > above the table being queried (i.e., db.t_circuit.f_system==db.t_system.id, > etc.) and then test whether auth.email matches the email field in any of > the joined tables. > > Anthony > Thanks. I'm never quite sure what the DAL will let me get away with :-) I'm a little puzzled by the common_filter syntax. It looks a common_filter must be a function that takes a single argument, query, and returns a query that, in the book examples at least, doesn't reference the argument. I'm guessing that the argument is the query that would be executed if the common_filter was None, right? So does is the query that gets finally executed equivalent to db(query & common_filter) ?
