Re: [web2py] Re: p4web auth issues
By the way reinstalling the app solved another auth problem i had with an instance that had been idle for a few years. I think there is something strange with auth that is solved with reinstalling the app. Anyway thank you On Monday, February 24, 2020 at 8:56:12 PM UTC+9, Maurice Waka wrote: > > Working now. > > I had to reinstall the app. > Regards > > On Monday, February 24, 2020 at 12:58:10 PM UTC+3, Val K wrote: >> >> get_user(), not get.user() > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/b7b34129-3d19-45f8-8fc7-9cfcbbb47e3f%40googlegroups.com.
[web2py] Re: Add to home screen
Ok! So far I have been able to get some aspects of my PWA project working,
The issue is that I have to install the app manually from the browser's
menu but it installs with its icon & it can be launched from the icon with
a splash screen, that's a minor success, it also opens fully like a
standalone app, another achievement, it shows its respecting the manifest
file rules, Now the major problems are that offline functionality & a
prompt by the browser to install the app on home screen are not working and
apparently this is caused by a service worker that cant not be detected!
The error says:
*"No matching service worker detected. You may need to reload page or check
that the scope of the service worker for the current page encloses the
scope of the start URL from the manifest."*
I do not understand this message at all, I went through the internet
looking for possible answers but none are clear! Some are saying the
solution is to place the service worker in the root directory! But guys
please forgive my ignorance but where is the web2py root directory?! If
anyone has been able to overcome this issue or understands the solution to
it i'd greatly appreciate your assistance, this is my code below:
*LAYOUT CODE:*
*MAIN.JS*
window.onload = () =>
{
'use strict';
if ('serviceWorker' in navigator) {
navigator.serviceWorker.register('/init/static/js/sw.js');
}
}
*SW.JS*
var cacheName = 'hello-pwa';
var filesToCache = [
'/',
'/init/',
];
/* Start the service worker and cache all of the app's content */
self.addEventListener('install', function(e) {
e.waitUntil(
caches.open(cacheName).then(function(cache) {
return cache.addAll(filesToCache);
})
);
});
/* Serve cached content when offline */
self.addEventListener('fetch', function(e) {
e.respondWith(
caches.match(e.request).then(function(response) {
return response || fetch(e.request);
})
);
});
*MANIFEST.JSON*
{
"name": "Hello World",
"short_name": "Hello",
"lang": "en-US",
"background_color": "#DE3C4B",
"theme_color": "#DE3C4B",
"icons": [
{
"src": "/init/static/images/icon_72x72.png",
"sizes": "72x72",
"type": "image/png"
},
{
"src": "/init/static/images/icon_96x96.png",
"sizes": "96x96",
"type": "image/png"
},
{
"src": "/init/static/images/icon_128x128.png",
"sizes": "128x128",
"type": "image/png"
},
{
"src": "/init/static/images/icon_144x144.png",
"sizes": "144x144",
"type": "image/png"
},
{
"src": "/init/static/images/icon_152x152.png",
"sizes": "152x152",
"type": "image/png"
},
{
"src": "/init/static/images/icon_192x192.png",
"sizes": "192x192",
"type": "image/png"
},
{
"src": "/init/static/images/icon_384x384.png",
"sizes": "384x384",
"type": "image/png"
},
{
"src": "/init/static/images/icon_512x512.png",
"sizes": "512x512",
"type": "image/png"
}
],
"start_url": "/init",
"scope": "/init",
"display": "standalone"
}
Regards;
Mostwanted
On Wednesday, May 27, 2020 at 12:08:15 PM UTC+2, mostwanted wrote:
>
> Whats the simplest way to get my web2py application to prompt users to add
> to screen? I have tried alot of things but none are working, there are no
> prompts happening! Some say its only achievable through a PWA design, i
> tried this
> https://groups.google.com/forum/#!searchin/web2py/pwa$20me%7Csort:date/web2py/rHBfs1zFG44/gKS6EOmlAgAJ
>
>
> nothing is working, if anyone has a way to achieve this with web2py i'd
> appreciate your assistance.
>
> Regards;
>
> Mostwanted
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/7eb9607f-21c6-46a9-a3fc-75c5e3d15524%40googlegroups.com.
[web2py] Re: urgent web2py 2.20.4 scheduler error ?!?=
i am using python 2.7.5!!! any help ?? Em qui., 28 de mai. de 2020 às 21:50, António Ramos escreveu: > [image: image.png] > any help please ? > > regards > António > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAEM0BxP8Hukf24DwiYZV9-MXgB%2BytrUaTeofvObmW0x4npJx_Q%40mail.gmail.com.
[web2py] urgent web2py 2.20.4 scheduler error ?!?=
[image: image.png] any help please ? regards António -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/web2py/CAEM0BxPMzy%3DTbkwK_KjEje3VFcEXzdSz-tkXJgOvm42sza38MQ%40mail.gmail.com.
Re: [web2py] Re: RestAPI: how to restrict query results to data belonging to logged in user?
Hello,
yes you are right.
Are these tools not enough for the aproach of "scopes"
http://web2py.com/books/default/chapter/29/09/access-control#Authorization
and http://web2py.com/books/default/chapter/29/09/access-control#Decorators
?
I mean you are talking about allow certain users to certain information in
some tables. You are talking about access control and permissions.
Something like the example in the book:
Assuming the following definitions:
>>> from gluon.tools import Auth
>>> auth = Auth(db)
>>> auth.define_tables()
>>> secrets = db.define_table('secret_document', Field('body'))
>>> james_bond = db.auth_user.insert(first_name='James',
last_name='Bond')
Here is an example:
>>> doc_id = db.secret_document.insert(body = 'top secret')
>>> agents = auth.add_group(role = 'Secret Agent')
>>> auth.add_membership(agents, james_bond)
>>> auth.add_permission(agents, 'read', secrets)
>>> print auth.has_permission('read', secrets, doc_id, james_bond)
True
>>> print auth.has_permission('update', secrets, doc_id, james_bond)
False
@auth.requires_permission('read', secrets)
def function_four():
return 'you can read secret documents'
El miércoles, 27 de mayo de 2020, 19:03:07 (UTC+2), Kevin Keller escribió:
>
> The "proper" way would be to define "scopes" in your application. Scopes
> define who has access to which data.
> You can also call it roles or tags or whatever.
> Scopes is the term that is used by OAuth/OpenID connect, which is usually
> used to secure APIs.
>
> Normally you would get an OpenID (OIDC) ID Token as JWT when you login.
> Once you have that you would read that tokens contents and look for the
> scopes in the token and match those scopes with which the user shall access
> your data.
> Similiar to what you did here with the workaround to match the user.id to
> the data.
> I suppose you can extend this examlple/workaround to used custom auth
> fields or the roles fields provided by web2py.
>
> Some applications dont use scopes but so called claims from the JWT token.
> Claims is extra info about a user such as first, lastname phonenumber etc.
> that can be extracted from the token.
> They put user roles in the tokens claims and match them with the
> applications rest api against the database.
> Similair to what you did.
>
> But claims are not supposed to be used for that normally, that is what
> scopes are for.
> Claims are just used to "contextualize" a reqiest for the API i.e. fetch
> relevant information for the requestor if the requestor is for example from
> Europe fetch all infos for Europeans from the database,
> if from another continent, fetch other data.
>
> I have not seen Web2py used in this way, but there you go.
> Just though this info may be interesting.
>
> I found this example / workaorund super useful.
>
> Will also use it :).
>
> Seems to just get the job done quickly.
>
>
>
>
>
> On Wed, May 27, 2020 at 6:18 PM Jacinto Parga > wrote:
>
>> Hello,
>>
>> I used this workaround in a similar case:
>>
>> @auth.requires_login()
>> @request.restful()
>> def myapi():
>> def GET():
>> response.view = 'generic.json'
>> myreg = db(db.mytable.created_by==auth.user.id).select() # Maybe
>> in your case mytable.user_id==auth.user.id
>> if myreg:
>> return dict(myreg=myreg)
>> else:
>> data ='{"Result" : "Still empty"}'
>> return data
>> return dict(GET=GET)
>>
>>
>>
>> El sábado, 23 de mayo de 2020, 10:17:44 (UTC+2), Alexei Vinidiktov
>> escribió:
>>>
>>> Hello,
>>>
>>> How can I restrict access via RestAPI for the user such that they can
>>> only get their own records (those that have the field user_id matching
>>> their user id)?
>>>
>>> For example, I have a a table named 'collections' that has a 'user_id'
>>> field, and I want my users to get only the collections that they created.
>>>
>>> If they try to get someone else's collection, then they should get a
>>> 'not authorized' response.
>>>
>>> As an extension, I would also like to allow for users to be able to get
>>> someone else's collection if its status is equal to 'PUBLIC'.
>>>
>>> Here's the definition of my collections table:
>>>
>>> db.define_table('collections',
>>> Field('user_id', db.auth_user, notnull=True),
>>> Field('language_code', length="3", requires=IS_IN_DB(db, 'language.code',
>>> db.language._format), notnull=True),
>>> Field('title', length=512, notnull=True),
>>> Field('description', 'text', notnull=False),
>>> Field('privacy', length=50, requires=IS_IN_SET(privacy_set), notnull=
>>> True, default='PRIVATE'),
>>> Field('level',length=10, requires=IS_IN_SET(level_set), notnull=True,
>>> default='NONE'))
>>>
>>> Thanks,
>>>
>>> --
>>> Alexei
>>>
>> --
>> Resources:
>> - http://web2py.com
>> - http://web2py.com/book (Documentation)
>> - http://github.com/web2py/web2py (Source code)
>> - https://code.google.com/p/web2py/issues/list (Report
