Anthony,
I think you're correct in that the value is always True. That's what
happens in my function.
What would be the correct way to allow user editing capability for their
records only?
thanks,
Alex
db.define_table('SharedService',
Field('shortSharedServiceTitle', 'string', label='Title'),
Field('shortSharedServiceDescription', 'string',label='Description'))
##
------------------------------------------------------------------------------------------
db.define_table('SharedServicePartnerIntersection',
Field('sharedServiceID', 'reference SharedService',
writable=False,readable=False),
Field('organizationID','reference Organization'))
On Friday, April 26, 2013 3:11:49 PM UTC-7, Anthony wrote:
>
> def search_shared_services():
>
> * if db.SharedService.created_by==auth.user:*
>>
>
> The above generates a Query object (which will always evaluate to True),
> it does not test whether the requested record was created by the current
> auth.user (anyway, it should be auth.user.id or auth.user_id -- auth.user
> is the complete user record). Instead, you want to check if the request is
> to edit a record, and if so, whether that record was created by the current
> auth.user_id.
>
> Anthony
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
