Hi There are some easy ways to do it. If the owner reference is in the row you can use before and after callbacks<http://www.web2py.com/books/default/chapter/29/06#before-and-after-callbacks> something like:
db.mytable._before_update.append(lambda s,r: True if r.owner == auth.user_id else False) The True value cancels the insert Also you can use Authorization<http://www.web2py.com/books/default/chapter/29/09#Authorization> rows = db(auth.accessible_query('update', db.mytable, user_id)) .select(db.mytable.ALL) I like the Authorization choice because its a nice abstraction and you dont need to mess with forms or tables 21 de marzo de 2013 19:26:10 UTC+1, Jean-Baptiste Fuzier escribió: > > Hi, > > I am having trouble finding the right way to do this : > > > - I have a table, each row has an owner which is the only one allowed > to edit or delete it > - Ownership is represented thanks to auth_permission (permission > 'owner') > - I would like to use ondelete and onupdate callbacks to verify that > the auth.user indeed owned the row, the test is working fine within the > callback function. However I do not know how to properly stop the update > or > delete when the user does not own the row > - I managed to make this work in a pretty ugly way I think by > raising an Exception within the ondelete callback when the user is not > allowed to remove the row > - However I can't to it with update as the exception seems not to > be catched ... > > Am I missing something ? > > Thanks for your help ! > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
