[web2py] Re: Can i share a file with others and dont compromise my app security?
I subscribe to "obscurity is no security". That means that the security of your app should not depend in ANY way on 'cryptic' URLs (exception might be a one-time generated URL, and even that is questionable). If you set up you app to check for authorization, permission, membership, then there should be no problem. A definite answer is not possible without a full review. I suspect that the link you posted is not checking for any authorization. If that is a file that you would publish on your freely accessible website, that would be OK, otherwise just fact that the URL is accessible without any login/authorization would raise concerns about the security of your app. I hope that makes sense to you. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Serving files from a Google Cloud Storage Bucket
not having worked with GAE, so I might be completely off base, but try to build an absolute path like os.path.join(request.folder, file_path) just an idea. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: New plugin: Authman
Thanks. Hope it works for you. Let me know if you have any questions. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: How to create specific migrations files per sqlite database in same app
Glad I could help. I found that you better use absolute paths as soon as you want to go down to sub directories. Using '.' as the begin of the path might work, but I have not tested that. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: How to create specific migrations files per sqlite database in same app
Not sure if that's the issue, but first you should use os.path.join to join
every part:
os.path.join(request.folder, 'databases', 'clients',
'client_{0}'.format(tenant))
otherwise you introduce a OS dependency.
I would try
con='sqlite://' + os.path.join(request.folder, 'databases', 'clients',
'client_{0}'.format(tenant))
db=DAL(con, pool_size)
i.e. using the complete, absolute path.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Update form fields on submit
Might not be the most efficient, but if you put the from date and to date
as arguments and then redirect in the form.accepts:
if form.accepts(request,session):
#calculate the new dates...
session.flash='Updated date range'
redirect(URL('report',args=[from_date,to_date]))
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Re: response view with markdown
I use the following to display the contents of a MARKDOWN.
from
https://github.com/bradermacher/web2py-plugin-authman/blob/master/controllers/plugin_authman.py
def index():
# Read plugin description and display.
# Some logic in view (status of plugin and authorization
from os.path import join as pathjoin
from gluon.contrib.markdown import WIKI as MARKDOWN
with open(pathjoin(request.folder,'private', 'plugin_authman.README.md'))
as f:
data = f.read()
return dict(data=MARKDOWN(data))
...
from
https://github.com/bradermacher/web2py-plugin-authman/blob/master/views/plugin_authman/index.html
...
> {{extend 'layout.html'}}
>
> {{=data}}
>
>
> ...
Hope this helps
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Re: New plugin: Authman
Forgot to mention that assignment is a bit easier, too: <https://lh3.googleusercontent.com/-2Cctqex15cM/WeOA47AkisI/AWo/5jQYiHjGd-klO_rTSEs6ku3n1NYDVCF2wCLcBGAs/s1600/auths.png> <https://lh3.googleusercontent.com/-W44XgCn2ILE/WeOA8lk9SlI/AWs/sg3JAe6vh4I2HXRVb_x5qm0wwGmrRaL8QCLcBGAs/s1600/subroles.png> On Sunday, October 15, 2017 at 5:30:09 PM UTC+2, Bernhard Radermacher wrote: > > That is correct. But this accesses the respective auth tables directly. > > authman adds additional tables, that allow > > - extensive editing before activation > - roles can be included in other roles, thereby creating an organizational > structure. For example: > >- Role Accounting Manager includes > - Role A/P clerk > - Role A/R clerk > > In addition the magic role 'root' gets all permissions... that works nice > for testing when you just don't want to be bothered by auth checks. > > On Sunday, October 15, 2017 at 3:40:27 PM UTC+2, Anthony wrote: >> >> Very nice. Thanks for posting. This appears to be much more complete, but >> note that every app includes some basic functionality for managing users, >> roles, and permissions via the URL /myapp/appadmin/manage/auth. All you >> have to do is include the following line in a model: >> >> auth.settings.auth_manager_role = 'my_auth_admin_role' >> >> and anyone in the 'my_auth_admin_role' group will have access to the >> functionality. The above URL can also be accessed by anyone who is logged >> into the admin app even if no auth.settings.auth_manager_role has been set. >> >> This is a special case of the more general auth.settings.manager_actions >> functionality described at >> http://web2py.com/books/default/chapter/29/09/access-control#Application-Management-via-privileged-users--Experimental- >> . >> >> Anthony >> >> On Sunday, October 15, 2017 at 9:12:40 AM UTC-4, Bernhard Radermacher >> wrote: >>> >>> I developed a little plugin to facilitate authorization management. It >>> can be found at: >>> >>> https://github.com/bradermacher/web2py-plugin-authman >>> >>> I appreciate any comments. >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: New plugin: Authman
That is correct. But this accesses the respective auth tables directly. authman adds additional tables, that allow - extensive editing before activation - roles can be included in other roles, thereby creating an organizational structure. For example: - Role Accounting Manager includes - Role A/P clerk - Role A/R clerk In addition the magic role 'root' gets all permissions... that works nice for testing when you just don't want to be bothered by auth checks. On Sunday, October 15, 2017 at 3:40:27 PM UTC+2, Anthony wrote: > > Very nice. Thanks for posting. This appears to be much more complete, but > note that every app includes some basic functionality for managing users, > roles, and permissions via the URL /myapp/appadmin/manage/auth. All you > have to do is include the following line in a model: > > auth.settings.auth_manager_role = 'my_auth_admin_role' > > and anyone in the 'my_auth_admin_role' group will have access to the > functionality. The above URL can also be accessed by anyone who is logged > into the admin app even if no auth.settings.auth_manager_role has been set. > > This is a special case of the more general auth.settings.manager_actions > functionality described at > http://web2py.com/books/default/chapter/29/09/access-control#Application-Management-via-privileged-users--Experimental- > . > > Anthony > > On Sunday, October 15, 2017 at 9:12:40 AM UTC-4, Bernhard Radermacher > wrote: >> >> I developed a little plugin to facilitate authorization management. It >> can be found at: >> >> https://github.com/bradermacher/web2py-plugin-authman >> >> I appreciate any comments. >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] New plugin: Authman
I developed a little plugin to facilitate authorization management. It can be found at: https://github.com/bradermacher/web2py-plugin-authman I appreciate any comments. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Access to github book repositoy
I tried to upload a small correction to the book as described in chapter 15 but got the following error: $ git push origin [...] ERROR: Permission to web2py/web2py-book.git denied to [...]. fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. Please advice. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Automate JQuery for Button
Dave: This is exactly what I am looking for.
Very good solution. Thanks!
On Tuesday, September 30, 2014 11:11:08 AM UTC-7, Dave S wrote:
On Tuesday, September 30, 2014 12:02:32 AM UTC-7, Niphlod wrote:
nope, just an A. if ou need a something that when you click on it it
brings you on another page, A is the thin you're searching for, not a
button.
Would he perhaps be looking for a link styled as a button? Appadmin does
that just by setting the link's style to btn, a technique that works for
me in one of my apps.
a class=btn href=/LogServer/appadmin/insert/db/updatechecks/a
(the non-Appadmin example points to a separate server)
/dps
On Monday, September 29, 2014 10:59:46 PM UTC+2, Bernhard Radermacher
wrote:
Would that be just enclosing the button with a?
On Monday, September 29, 2014 6:35:15 AM UTC-7, Niphlod wrote:
we did a pretty heavy job to discard any inline javascript this
goes exactly in the opposite way. What are you seeking in functionality ?
It seems that your *button *is better suited with a normal *a*
On Sunday, September 28, 2014 10:37:33 PM UTC+2, Bernhard Radermacher
wrote:
I was always a bit disappointed with the features, or rather
non-features of the html button, basically that all functionality has to
be
programmed by hand.
I created a small class (and patched it into gluon.html) to make a
button and the respective JQuery script automatically. At this time the
button just works as a link to a page.
Would like to discuss if something like this makes sense, if it would
make more sense to add to the standard by expanding gloun.html.BUTTON to
accept 'href' and behave accordingly...
class linkBUTTON(DIV):
Pseudo Component to automatically generate JavaScript to execute
on click
tag = 'linkbutton'
def xml(self):
get attributes to generate the BUTTON, override _type to
'button'
if href is defined, create the respective JavaScript
href = None
attr = {}
for key, value in self.attributes.iteritems():
if key == 'href':
href = value
continue
if key[:1] != '_':
continue
attr[key] = value
attr['_id'] = uuid4()
attr['_type'] = 'button'
result = BUTTON(self.components, **attr).xml()
if href:
result += '\n' +
SCRIPT($('#%s').click(function(){window.location.assign('%s');}); %
(attr['_id'], href)).xml()
return result
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Re: Automate JQuery for Button
Would that be just enclosing the button with a?
On Monday, September 29, 2014 6:35:15 AM UTC-7, Niphlod wrote:
we did a pretty heavy job to discard any inline javascript this goes
exactly in the opposite way. What are you seeking in functionality ? It
seems that your *button *is better suited with a normal *a*
On Sunday, September 28, 2014 10:37:33 PM UTC+2, Bernhard Radermacher
wrote:
I was always a bit disappointed with the features, or rather non-features
of the html button, basically that all functionality has to be programmed
by hand.
I created a small class (and patched it into gluon.html) to make a button
and the respective JQuery script automatically. At this time the button
just works as a link to a page.
Would like to discuss if something like this makes sense, if it would
make more sense to add to the standard by expanding gloun.html.BUTTON to
accept 'href' and behave accordingly...
class linkBUTTON(DIV):
Pseudo Component to automatically generate JavaScript to execute on
click
tag = 'linkbutton'
def xml(self):
get attributes to generate the BUTTON, override _type to 'button'
if href is defined, create the respective JavaScript
href = None
attr = {}
for key, value in self.attributes.iteritems():
if key == 'href':
href = value
continue
if key[:1] != '_':
continue
attr[key] = value
attr['_id'] = uuid4()
attr['_type'] = 'button'
result = BUTTON(self.components, **attr).xml()
if href:
result += '\n' +
SCRIPT($('#%s').click(function(){window.location.assign('%s');}); %
(attr['_id'], href)).xml()
return result
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] Automate JQuery for Button
I was always a bit disappointed with the features, or rather non-features
of the html button, basically that all functionality has to be programmed
by hand.
I created a small class (and patched it into gluon.html) to make a button
and the respective JQuery script automatically. At this time the button
just works as a link to a page.
Would like to discuss if something like this makes sense, if it would make
more sense to add to the standard by expanding gloun.html.BUTTON to accept
'href' and behave accordingly...
class linkBUTTON(DIV):
Pseudo Component to automatically generate JavaScript to execute on
click
tag = 'linkbutton'
def xml(self):
get attributes to generate the BUTTON, override _type to 'button'
if href is defined, create the respective JavaScript
href = None
attr = {}
for key, value in self.attributes.iteritems():
if key == 'href':
href = value
continue
if key[:1] != '_':
continue
attr[key] = value
attr['_id'] = uuid4()
attr['_type'] = 'button'
result = BUTTON(self.components, **attr).xml()
if href:
result += '\n' +
SCRIPT($('#%s').click(function(){window.location.assign('%s');}); %
(attr['_id'], href)).xml()
return result
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
