On Wed, Jul 6, 2011 at 8:11 PM, Adlq <[email protected]> wrote: > Now I've got another "problem". If an user wants to modify his/her > profile, then that user would access .../user/id/edit with id = his/ > her id . But currently, if the user can access that page, then there's > no way preventing him/her from accessing the edit pages concerning > other users, changing the id would do the job. > > I currently have got no idea on how to implement this restriction, > what do you guys think ? >
You can create your own predicate that can check the url and deny access to user if he is not admin or the user itself. -- You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/turbogears?hl=en.
