In my project, it makes a lot of sense to have two separate databases: one for the users of the app and another for partners who pay to advertise to those users. The data they manipulate are completely different sets. I have created an auth object (named auth) for the users database (called db) and another auth object (named authp) for the partners database (called dbp). I want all users stuff to be under the url myapp/default and all partners stuff to be under the url myapp/partners.
The problem is that the app is mixing the two types of user accounts together in two ways: 1. If I create a user account and a partner account with the same credentials, then signing into one allows access to the pages restricted by the other (and yes, I changed the decorators to @authp instead of @auth for the partners pages). This is especially bad without email verification (which I have not implemented yet), since someone can register as a partner under the same email as an already existing regular user but with a different password. This would allow someone else to hack the user's account. 2. All the redirects are messed up. Usually, after registering or signing in, unless the URL specifies a different redirect explicitly, things always redirect back to the user account and never to the partner account page. How should I be handling this properly? Any tips for having two very different types of users are much appreciated. An alternative I would be happy with is actually making two separate apps, but I'm not sure how to exchange some database information between them. Can one app access the database of another app? Does it matter if I'm currently using sqlite? -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
