Re: [web2py] web2py CRUD example

2012-01-27 Thread Bruno Rocha 
include response.generic_patterns = ['*'] in your models or in your data
controller, so you will be able to use generic views.

On Fri, Jan 27, 2012 at 9:01 AM, Gian Luca Decurtins decur...@gmail.comwrote:

 Hi all

 I'm trying to use the CRUD-feature of web2py (1.99.4). At the moment I'm
 stuck at invalid view (default/data.html) while accessing
 https://localhost/init/default/data/tables.
 So far I've created a simple application init and changed the following:

 In controllers/default.py I've disabled required_signature (I did not want
 to play around with permissions at this time):
 @auth.requires_login()
 # @auth.requires_signature()
 def data(): return dict(form=crud())

 In views/default.html I've added a link beneath the message:
 {{=A('table',_href=URL('data/tables',user_signature=True))}}

 If I follow this link (after authenticating) I just receive the error
 message:
 invalid view (default/data.html)
 I did expect something like a list of tables.

 Out of the box there seems to be no default/data.html view.
 Do I have to write my own data.html view to test the CRUD functionality?
 Or did I do something wrong in the setup?

 Regards
 -Gian.




-- 

Bruno Rocha
[http://rochacbruno.com.br]

Re: [web2py] web2py CRUD example

2012-01-27 Thread Gian Luca Decurtins 
Thank you!

I had to edit models/db.py:
# response.generic_patterns = ['*'] if request.is_local else []
response.generic_patterns = ['*']

Regards
-Gian.

BTW: In the original post I've replaced the FQDN with localhost. If the 
application did run on localhost this modification should not be necessary.

Re: [web2py] web2py CRUD example

2012-01-27 Thread Anthony 
On Friday, January 27, 2012 10:43:53 AM UTC-5, Gian Luca Decurtins wrote:

 Thank you!

 I had to edit models/db.py:
 # response.generic_patterns = ['*'] if request.is_local else []
 response.generic_patterns = ['*']


Note, there's a reason that generic views are enabled only on localhost by 
default -- they can create a security risk by allowing unintended data to 
leak. For example, generic.json will display everything returned to the 
view by the controller, including db fields selected but not intended for 
display and variables only intended to control view display logic. You 
should be more precise when enabling generic views in production. For 
example:

response.generic_patterns = ['data.html']

or

def data():
response.generic_patterns = ['html']

will only enable generic.html (not the other generic views), and only when 
the data action is called.

Anthony