The main purpose of that data() function is to enable you to embed crud forms in pages as Ajax components. @auth.requires_signature() enables you to delegate authorization to the page that contains the components. In that page, you would generate Ajax URLs with user signatures. Then the particular data() request will only be accessible from a page with the appropriately generated URLs. If access requires login only and no more specific permissions, then it is fine to just use @auth.requires_login() instead. However, if access requires some special permissions, it is easier to specify those permissions for the containing page only so you don't have to replicate the permissions for the Ajax functions.
Anthony On Wednesday, January 30, 2013 12:15:22 AM UTC-5, Paul Whipp wrote: > > I'm trying to get a quick crud interface up for a large number of tables. > The default controller data method is decorated with > auth.requires_signature() which I don't understand. I could not get past > 'not authorized' with it. > > I changed it to auth.requires_login() and added a 'create', 'read', > 'update', 'select' and 'delete' method for every table I wanted access to. > > dbadmin_group_id = db(db.auth_group.role == 'dbadmin').select().first().idfor > table_name in db.tables(): > for crud_name in ['create', 'read', 'update', 'delete', 'select']: > db.auth_permission.update_or_insert(group_id = dbadmin_group_id, > name = crud_name, > table_name = table_name) > > It now works if I use the auth.requires_login() decorator but it still > fails if I use the auth.requires_signature() decorator. > > What do I have to do to get the auth.requires_signature() decorator to > work and should I care? > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
