I have a controller that presents a form, but I put a constraint that if
the user is not logged on (checked using auth.is_logged_in()) the entered
form data should not be inserted but the user should be directed to the
login form. But to my surprise, if the user is redirected to the logged in
form and without logging in, returns back to the index page, the data would
have been inserted into the database which shouldnt be so. What am I doing
wrong here?
Code snippet
def index():
form = SQLFORM(db.post)
if form.accepts(request.vars, session, hideerror=True,
keepvalues=False):
if auth.is_logged_in():
pass
else:
session.flash="You have to be logged on to post stuff!"
redirect(URL(f="user", args="login"))
elif form.errors:
redirect(URL(f="index"))
rows = db().select(db.post.ALL, orderby=db.post.timestamp)
return locals()
--
