Actually I've just been fiddling around with this and run into a few
problems.
Would you be able to show me a more complete example?
Thanks,
Alec Taylor
On Sun, Jul 29, 2012 at 12:28 PM, Alec Taylor <alec.tayl...@gmail.com>wrote:
> Thanks, that should do the trick
>
>
> On Sun, Jul 29, 2012 at 12:38 AM, Massimo Di Pierro <
> massimo.dipie...@gmail.com> wrote:
>
>> URL('rsvp_action',user_signature=True)
>>
>> +
>>
>> @auth.requires_signature()
>> def rsvp_action(): ....
>>
>>
>>
>> On Saturday, 28 July 2012 08:50:30 UTC-5, Alec Taylor wrote:
>>>
>>> So I've got a simple link dropdown on each of my group-event pages,
>>> like so:
>>>
>>>
>>> <https://lh5.googleusercontent.com/-dgm_TWTUcOw/UBPs4ll7nKI/AAAAAAAAAB0/t8wlgPYE5qY/s1600/attend.PNG>
>>> I have a table called `rsvp_list` with reference fields: `event_id` and
>>> `user_id`, and an `rsvp` field requiring `IS_IN_SET(["Yes", "Maybe",
>>> "No"])`.
>>>
>>> One way I can make the above work is by appending the value for
>>> `event_id`, `user_id` and `rsvp` automatically, through global function
>>> calls or a specialised controller utilising `request.args`.
>>>
>>> Unfortunately this means that anyone who has figure out my URL schema
>>> can simply enter the ID of someone else into the URL, forging an RSVP.
>>>
>>> What's a better way of doing this?
>>>
>>> Thanks for all suggestions,
>>>
>>> Alec Taylor
>>>
>> --
>>
>>
>>
>>
>
>
--
