Yes, I am logged in.
On the initial call of the controller the grid is displayed without and
error. When I select a new value from the dropdown form, a new query is
used and passed to SQLFORM.grid, and this is when the 'not authorized'
flash is generated.
On Monday, December 10, 2012 9:21:29 AM UTC-6, Massimo Di Pierro wrote:
> Are you logged in when you try accessing the grid? Do you get a not
> authorized when trying to visualize the grid or when searching or when
> visualizing a record?
>
> Massimo
>
> On Sunday, 9 December 2012 19:23:20 UTC-6, tomt wrote:
>>
>> Hi,
>>
>> Recent changes in trunk are causing my use of SQLFORM.grid to issue a
>> 'not authorized' flash.
>> It appears to be because of the following change in sqlhtml.py:
>>
>> - stable:
>> # if not user_signature every action is accessible
>> # else forbid access unless
>> # - url is based url
>> # - url has valid signature (vars are not signed, only path_info)
>> # = url does not contain 'create','delete','edit' (readonly)
>> if user_signature:
>> if not(
>> '/'.join(str(a) for a in args) == '/'.join(request.args)
>> or
>> URL.verify(request, user_signature=user_signature,
>> hash_vars=False) or not (
>> 'create' in request.args or
>> 'delete' in request.args or
>> 'edit' in request.args)):
>> session.flash = T('not authorized')
>> redirect(referrer)
>> - trunk
>> # if not user_signature every action is accessible
>> # else forbid access unless
>> # - url is based url
>> # - url has valid signature (vars are not signed, only path_info)
>> # = url does not contain 'create','delete','edit' (readonly)
>> if user_signature:
>> if not (
>> '/'.join(str(a) for a in args) == '/'.join(request.args)
>> or
>> URL.verify(request,user_signature=user_signature,
>> hash_vars=False) or
>> (request.args(len(args))=='view' and not logged)):
>> session.flash = T('not authorized')
>> redirect(referrer)
>>
>> I normally call my routine with no parameter after having signed on
>> and then I select a specific user from the dropdown list.
>> With the latest trunk the selection is ignored and the flash 'not
>> authorized'
>> is generated. My controller doesn't call create, delete, or edit. It uses
>> javascript to
>> to select and pass on the staffid to the grid.
>>
>> Restoring this piece of code in sqlhtml.py to the previous version
>> eliminates my problem.
>> I'm not sure what change was meant to do differently. Perhaps it was a
>> mistake, or it could be that I was using SQLFORM.grid incorrectly.
>>
>> ... my controller ....................................................
>> def note_list():
>> script = SCRIPT("""
>> $('document').ready(function(){
>> $('#mycombo').change(function(){
>> $('#myform').submit();
>> });
>> });
>> """)
>>
>> form = SQLFORM(db.staffnotes,fields=['staffid'])
>> del form[0][1] # delete the submit_record__row from the form
>> staffid = request.args(0)
>> # Modify form elements for use by script
>> form.attributes['_id'] = 'myform'
>> form.element('select').attributes['_id'] = 'mycombo'
>>
>> # Build table of all notes if staffid isn't set
>> if staffid:
>> query = ((db.staffnotes.staffid == db.staff.id) &
>> (db.staffnotes.staffid == staffid))
>> else:
>> query = ((db.staffnotes.staffid == db.staff.id))
>>
>> if form.accepts(request.vars,session,dbio=False):
>> staffid = form.vars.staffid
>> query = ((db.staffnotes.staffid == db.staff.id) &
>> (db.staffnotes.staffid == staffid))
>>
>>
>> fields=[db.staffnotes.staffid,db.staffnotes.date,db.staffnotes.comment]
>> orderby = [~db.staffnotes.date,~db.staffnotes.modified_on]
>> maxtextlengths = {
>> 'staffnotes.staffid': 20,
>> 'staffnotes.comment': 200,
>> }
>>
>> links=[dict(header='Link',body=mybody )]
>>
>> if staffid:
>> print "grid D: form.vars.staffid %s, staffid %s " %
>> (form.vars.staffid,staffid)
>> grid = SQLFORM.grid(query=query,
>>
>> details=True,csv=False,editable=False,deletable=False,create=False,searchable=True,
>>
>> paginate=10,fields=fields,orderby=orderby,maxtextlengths=maxtextlengths,
>> args=[staffid],links=links,
>> )
>> else:
>> print "grid E: form.vars.staffid %s, staffid %s " %
>> (form.vars.staffid,staffid)
>> grid = SQLFORM.grid(query=query,
>>
>> details=True,csv=False,editable=False,deletable=False,create=False,searchable=True,
>>
>> paginate=10,fields=fields,orderby=orderby,maxtextlengths=maxtextlengths,
>> links=links,
>> )
>>
>>
>> response.title='Notes'
>> print ""
>> return dict(form=form, script=script, grid=grid)
>> ......................................................................
>>
>> - any suggestions?
>>
>>
>>
>>
>>
>>
>>
>>
>>
--
