On Sun, Jan 17, 2010 at 10:55 PM, mdipierro wrote:
> No auth takes security by the book. If used everything is restricted
> unless permission is granted explicitly.
>
> In your case is would just add a Field
> ('private','boolean',default=False) and if a user tried to access a
> record with priva
No auth takes security by the book. If used everything is restricted
unless permission is granted explicitly.
In your case is would just add a Field
('private','boolean',default=False) and if a user tried to access a
record with private==True thet he/she did not create, block it.
On Jan 17, 4:43
On Sun, Jan 17, 2010 at 4:50 PM, mdipierro wrote:
> Yes. Look into auth.accessible_query.
>
> For example:
>
> db(auth.accessible_query('read', db.mytable)).select(db.mytable.ALL)
>
> returns a all records of mytable that current logged in user has
> access to:
>
> This does nested select so it i
Permission are strings like "read", "create", "update", "send email",
"eat chocolate". They do not need anything except that you can check
for permissions when you perform an action.
Permissions apply to a (tablename, record_id). If record_id==0 then
they apply to entire table, else to a specific
please explain how we give a use those necessary permissions?
Is it possible to give a user permission to all records in a table,
but only *some* of the fields?
-Thadeus
On Sun, Jan 17, 2010 at 10:50 AM, mdipierro wrote:
> Yes. Look into auth.accessible_query.
>
> For example:
>
> db(auth.a
5 matches
Mail list logo
