Now I've got another "problem". If an user wants to modify his/her profile, then that user would access .../user/id/edit with id = his/ her id . But currently, if the user can access that page, then there's no way preventing him/her from accessing the edit pages concerning other users, changing the id would do the job.
I currently have got no idea on how to implement this restriction, what do you guys think ? Thank you, Adlq On Jul 6, 9:35 am, Adlq <[email protected]> wrote: > That was exactly what I was looking for. > > Thank you, > > Adlq > > On Jul 5, 12:58 pm, Carlos Daniel Ruvalcaba Valenzuela > > > > > > > > <[email protected]> wrote: > > You may want to give a look the the TurboGears > > Authentication/Authorization documentation, for example you could > > secure the whole controller to only work if the user is authenticated > > and is on managers group or has a given permission: > > >http://www.turbogears.org/2.1/docs/main/Auth/Authorization.html > > > Regards, > > Carlos Ruvalcaba -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
