Can someone confirm my reasoning... or correct it if it's wrong?
Thanks,
Tom.
On Monday, May 10, 2021 at 3:22:24 PM UTC+2 Tom Clerckx wrote:
> I was running into some issue with SQLFORM.grid and after going through
> the code, I realized that the grid does not include request.vars when
> calculating the URL signature (ref: v2.21.1, gluon/sqlhtml.py @ 2440).
>
> Please correct me if I would be wrong,... else it may be useful to add
> something about this behavior in the web2py documentation:
>
>
> SQLFORM.grid validates the signature without taking into account
> request.vars
>
> As such, any constructed URL that contains a user_signature and that is
> pointing to the page that uses the controller function which creates this
> grid, should have this signature created without including request.vars!
>
> Thus, hash_vars should be set to False in that case. If not, you may get a
> ‘not authorized’ flash message and you will be redirected.
>
> E.g. a signed URL pointing to such page should look like:
>
> URL(‘mypage_with_grid’, args=[‘a’, ‘b’, ‘c’], vars={‘var1’:’val1’},
> *user_signature=True,* *hash_vars=False*)
>
>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/b83b2d77-6f11-47ba-a382-5c7b07f3047en%40googlegroups.com.
