On May 3, 8:56 am, annet <[email protected]> wrote:
> I have a couple of questions about the Auth class. To use
> authentication I uncommented the following functions in db.py:
>
> mail = Mail()
> mail.settings.server = 'smtp.yourdomain.com:25'
> mail.settings.sender = '[email protected]'
> mail.settings.login = 'usern...@password'
>
> auth = Auth(globals(), db)
> auth.define_tables()
> auth.settings.captcha = Recaptcha
> (request,public_key='RECAPTCHA_PUBLIC_KEY',private_key='RECAPTCHA_PRIVATE_KEY')
>
> Furthermore, I defined a custom user table.
>
> 1) To register the visitor should complete a registration form, which
> will be emailed from the application to the site administrator, who
> will accept or reject the registration, and in case of acceptance
> enter the registrants data into the auth_user table and
> auth_membership table. So, I need a custom registration function and I
> don't need the verify_email function. This makes me wonder whether I
> could just uncomment the def user(): return dict(form=auth()) function
> in default.py and add a custom def register(): function to default.py,
> or whether I have to leave def user(); commented and add the functions
> I do need like this: def login(): return (form=auth.login()) etc.
yes.
def login(): return dict(form=auth.login())
def register(): return dict(form=auth.register())
etc.
> 2) The custom user table has a field called company_id, when the user
> logs in he should only be able to create, retrieve, update and delete
> records that have this company_id, is this possible using CRUD or do I
> have to write custom functions.
yes but takes a little work because depends on details.
every user also has a group associated uniquely to him.
mygroup=db(auth.table_group.role='user_%s' % user_id).select()[0]
give permission to this group (or other group)
auth.add_permission(mygroup,'update','company',company_id)
it does not matter if 'company' is a table or not.
Now. the second arg of crud.update can be a record or a record_id so
you can do
def update_mytable():
record_id=request.args[0]
record=db.mytable[myrecord]
if not auth.has_permission
('update','company',record.company_id):
redirect(.... somwehere....)
form=crud.update(db.mytable,record)
return dict(form=form)
> 3) When assigning permissions, do I have to assign every permission
> separately to every table for every group or is there a more efficient
> way. I have 2 groups, 6 permissions and 20 tables, that would be 240
> entries in auth_permission, wouldn't it?
Yes if you use crud.settings.auth but set it to None (the default
actually)
You can define your own conventions as above. You do not necessarily
give permission to a table.
> 4) I created two groups, datamanager and sitemanager, where
> datamanager is an intersection of sitemanager. For example,
> datamanager and sitemanager both have permission to update the address
> table, but only sitemanager has permission to create, update and
> delete the event table. Is there an efficient way to implement this?
I would not use a simple action for all crud. Make one action for each
operation and use decorators
@auth.requires_membership('manager')
def update():
(table_name, record_id) = request.args[:2]
return dicr(form=crud.update(db[table_name],record_id))
> 5) Does record_id in the auth_permission table reference a specific
> record? When would I use this?
0 means all records. >0 indicates a specific record.
> 6) What does the following decorator imply: @auth.requires_permission
> ('create',tablename',1)
it checks whether the current loggen in user belongs to a group that
has permission 'create' on table 'tablename' and record 1 or the
entire table.
> Doesn't @auth.requires_membership('Manager') and Manager through
> auth_permission having a name:create, Table Name:tablename, Record Id:
> 1 permission accomplish the same?
You can use group based access control (has_membership) or more
granular access (has_permission). It depends.
> I am looking forward to your answers to my questions,
>
> Annet.
Sorry for the late reply. I missed you post before.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
