signature in auth is meant as auth.signature, aka archive, aka save every
update the auth_ * tables .
http://web2py.com/books/default/chapter/29/09?search=auth.signature
the _signature you see appended to the url is coming from the url
generation with the user_signature=True parameter.
http://web2py.com/books/default/chapter/29/04?search=signature#Digitally-signed-urls
Those urls are "hashed" and the hash is appended as a var to the url.
Controllers can enforce the presence of that _signature parameter with
@auth.requires_signature
The good thing about it is that there's no need to fetch auth_* records to
check for permission for that function, cause only the user who pressed the
link in the "previous" page (or parent, if you're using components) has the
"correct hash" . Grid uses signed urls by default
On Tuesday, February 19, 2013 12:42:35 PM UTC+1, Matt House wrote:
>
> Thanks Jim. Although off topic, appreciate the input on the table. Each
> portfolio might have multiple rows (i.e., portfolio value at Date 1,
> portfolio value at Date 2, etc.), so I'm using the portfolio_id field to
> identify all of the rows associated with a given portfolio. There may be
> more elegant ways to do this, so appreciate any input on that.
>
> I was just skimming the default db.py and came across the following lines:
>
> ## create all tables needed by auth if not custom tables
> auth.define_tables(username=False, signature=False)
>
> I've noticed that when I try to access the view, web2py redirects to a URL
> similar to
>
> /default/edit?_signature=9dc2b567e059212a557cbfb4788dfc00c86a02fa
>
>
> I've looked through the documentation and I don't see much on signature.
> What does that do? Should I set it to true by default? Or do I have
> something set incorrectly in my controller that is creating the redirect
> when I access the view?
>
>
>
>
>
> On Monday, February 18, 2013 4:09:48 PM UTC-6, Jim S wrote:
>>
>> From what I see you shouldn't have to have any groups setup. You will
>> need a user which you can use the register function (from the generated
>> login box on your main page) to create.
>>
>> Also, it appears as though you have your table setup incorrectly. If you
>> want portfolio_id to be the keyfield of you table, you should do it like
>> this:
>>
>> db.define_table('portfolio_data',
>> Field('portfolio_id', 'id'),
>> Field('close_date', 'date'),
>> Field('index_value'),
>> Field('portfolio_value'),
>> Field('cash_change'))
>>
>> I don't think that would have any effect on the Not Authorized error, but
>> might get you down the road. Just to confirm, you are logged in and all
>> when you test this, right? Sorry to ask such a trivial question, but just
>> want to make sure all the bases are covered.
>>
>> -Jim
>>
>>
>> On Saturday, February 16, 2013 4:56:49 PM UTC-6, Matt House wrote:
>>>
>>> Hello-
>>> I am new to Web2Py and I think I have a simple question, but I've banged
>>> my head on the desk for two hours and searched this forum to no avail.
>>>
>>> I have setup a basic database and want to give the user the ability to
>>> edit a series of fields using SQLFORM.grid. I also want users to be logged
>>> in before they can edit the fields (I'd actually prefer they can only edit
>>> fields they inserted, but I will come back to that later...).
>>>
>>> Here is my model:
>>>
>>> db.define_table('portfolio_data',
>>> Field('portfolio_id'),
>>> Field('close_date', 'date'),
>>> Field('index_value'),
>>> Field('portfolio_value'),
>>> Field('cash_change'))
>>>
>>> portfolio_id is simply a sequential number (1, 2, 3) generated when the
>>> user creates the new portfolio.
>>>
>>> I created a controller called edit, which takes an argument equal to the
>>> portfolio_id (so edit/1 edits rows for portfolio 1, edit/2 rows for
>>> portfolio 2, etc.)
>>>
>>> @auth.requires_login()
>>> def edit():
>>> # get portfolio ID from URL string
>>> passed_id = request.args(0)
>>>
>>> query = (db.portfolio_data.portfolio_id == passed_id)
>>> form = SQLFORM.grid(query=query)
>>>
>>> return dict(form=form)
>>>
>>> When I try to access /default/edit/1, I get a "Not Authorized" error.
>>> If I set user_signature=False in the SQLFORM.grid call, then I'm able
>>> to view and edit the table rows without a problem.
>>>
>>> My diagnosis is that I have something set incorrectly in the
>>> authentication tables. I added a group users and gave them permission
>>> to read, update and select from the table db.portfolio_data, but still
>>> no luck. I'm also confused why I would need to do that at all, since all
>>> I'm asking for in the controller is a login and nothing more (i.e., I'm not
>>> restricting table access anywhere). (And lest anyone ask, I am definitely
>>> logged in.)
>>>
>>> Are there default table edit restrictions somewhere that I missed in the
>>> documentation? Or is there something else I need to do to get SQLFORM and
>>> auth to play together nicely? I'm working from the default web2py scaffold,
>>> so I'm surprised no one else has run into this issue. The only similar
>>> issue I found was
>>> this<https://groups.google.com/forum/?fromgroups=#!topic/web2py/t3a6KkK41zo>-
>>> I can't even reproduce the issue Kevin highlights in his question.
>>>
>>>
>>>
>>>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
