You can use the Auth system to set permissions ( http://web2py.com/books/default/chapter/29/09#Authorization), or you might consider using digitally signed URLs ( http://web2py.com/books/default/chapter/29/04#Digitally-signed-urls). With the latter solution, the signature is a hash of the URL, so if the URL is altered, the signature won't work.
Anthony On Wednesday, December 26, 2012 10:43:46 AM UTC-5, Ramos wrote: > > hello > i have a controller that filters what the user can see. > > the view show some links to record. > > for example the user A can only see one button to access a record > the button has this link > http://127.0.0.1:8000/EmpreiteirosA/default/showemp/7 > > but if the user changes the url by hand to end for example with 8 he can > see record 8 > > how to prevent this the best way? > > > thank you > > António > --
