> > def search_shared_services(): * if db.SharedService.created_by==auth.user:* >
The above generates a Query object (which will always evaluate to True), it does not test whether the requested record was created by the current auth.user (anyway, it should be auth.user.id or auth.user_id -- auth.user is the complete user record). Instead, you want to check if the request is to edit a record, and if so, whether that record was created by the current auth.user_id. Anthony -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
