Are you logged in when you try accessing the grid? Do you get a not
authorized when trying to visualize the grid or when searching or when
visualizing a record?
Massimo
On Sunday, 9 December 2012 19:23:20 UTC-6, tomt wrote:
>
> Hi,
>
> Recent changes in trunk are causing my use of SQLFORM.grid to issue a 'not
> authorized' flash.
> It appears to be because of the following change in sqlhtml.py:
>
> - stable:
> # if not user_signature every action is accessible
> # else forbid access unless
> # - url is based url
> # - url has valid signature (vars are not signed, only path_info)
> # = url does not contain 'create','delete','edit' (readonly)
> if user_signature:
> if not(
> '/'.join(str(a) for a in args) == '/'.join(request.args) or
> URL.verify(request, user_signature=user_signature,
> hash_vars=False) or not (
> 'create' in request.args or
> 'delete' in request.args or
> 'edit' in request.args)):
> session.flash = T('not authorized')
> redirect(referrer)
> - trunk
> # if not user_signature every action is accessible
> # else forbid access unless
> # - url is based url
> # - url has valid signature (vars are not signed, only path_info)
> # = url does not contain 'create','delete','edit' (readonly)
> if user_signature:
> if not (
> '/'.join(str(a) for a in args) == '/'.join(request.args) or
> URL.verify(request,user_signature=user_signature,
> hash_vars=False) or
> (request.args(len(args))=='view' and not logged)):
> session.flash = T('not authorized')
> redirect(referrer)
>
> I normally call my routine with no parameter after having signed on
> and then I select a specific user from the dropdown list.
> With the latest trunk the selection is ignored and the flash 'not
> authorized'
> is generated. My controller doesn't call create, delete, or edit. It uses
> javascript to
> to select and pass on the staffid to the grid.
>
> Restoring this piece of code in sqlhtml.py to the previous version
> eliminates my problem.
> I'm not sure what change was meant to do differently. Perhaps it was a
> mistake, or it could be that I was using SQLFORM.grid incorrectly.
>
> ... my controller ....................................................
> def note_list():
> script = SCRIPT("""
> $('document').ready(function(){
> $('#mycombo').change(function(){
> $('#myform').submit();
> });
> });
> """)
>
> form = SQLFORM(db.staffnotes,fields=['staffid'])
> del form[0][1] # delete the submit_record__row from the form
> staffid = request.args(0)
> # Modify form elements for use by script
> form.attributes['_id'] = 'myform'
> form.element('select').attributes['_id'] = 'mycombo'
>
> # Build table of all notes if staffid isn't set
> if staffid:
> query = ((db.staffnotes.staffid == db.staff.id) &
> (db.staffnotes.staffid == staffid))
> else:
> query = ((db.staffnotes.staffid == db.staff.id))
>
> if form.accepts(request.vars,session,dbio=False):
> staffid = form.vars.staffid
> query = ((db.staffnotes.staffid == db.staff.id) &
> (db.staffnotes.staffid == staffid))
>
> fields=[db.staffnotes.staffid,db.staffnotes.date,db.staffnotes.comment]
> orderby = [~db.staffnotes.date,~db.staffnotes.modified_on]
> maxtextlengths = {
> 'staffnotes.staffid': 20,
> 'staffnotes.comment': 200,
> }
>
> links=[dict(header='Link',body=mybody )]
>
> if staffid:
> print "grid D: form.vars.staffid %s, staffid %s " %
> (form.vars.staffid,staffid)
> grid = SQLFORM.grid(query=query,
>
> details=True,csv=False,editable=False,deletable=False,create=False,searchable=True,
>
> paginate=10,fields=fields,orderby=orderby,maxtextlengths=maxtextlengths,
> args=[staffid],links=links,
> )
> else:
> print "grid E: form.vars.staffid %s, staffid %s " %
> (form.vars.staffid,staffid)
> grid = SQLFORM.grid(query=query,
>
> details=True,csv=False,editable=False,deletable=False,create=False,searchable=True,
>
> paginate=10,fields=fields,orderby=orderby,maxtextlengths=maxtextlengths,
> links=links,
> )
>
>
> response.title='Notes'
> print ""
> return dict(form=form, script=script, grid=grid)
> ......................................................................
>
> - any suggestions?
>
>
>
>
>
>
>
>
>
--
