I'm having problems grasping the mechanism of function decoration with
auth.requires_permission().
For instance I have a simple table defined like this:
db.define_table('messages', Field('messagetext', 'string'))
And I would like users to be able to see just their own messages.
I have a controller named show_my_messages() which should show only
messages visible by user, how can I give record_id in decorator when
record_id is not known before read?
# what goes in record_id?
@auth.requires_permission('read', 'messages', record_id)
def show_my_messages():
# I should read just messsages visible by user, but how?
set = db().select(db.messages.messagetext)
# sending set to view
return dict(set=set)
Also, If I am inserting records into database using SQLFORM and not CRUD,
should I insert new row into auth_permissions for each row inserted into
table 'messages' or web2py can somehow do it automatically?
Sorry if questions are dumb, but I couldn't find an appropriate example.
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
