Anthony,
could you please tweak this a bit? It works fine when no one is logged in
as there are no edit/delete capabilities in the resulting rows.
but when any user is logged on, every row in the table has edit/delete
capability regardless of what user created the record.
def search_shared_services():
if (request.args(-3) in ['edit', 'delete'] and db[request.args(-2
)](request.args(-1)).created_by != auth.user_id):
grid = SQLFORM.smartgrid(db.SharedService, linked_tables=[
'SharedServicePartnerIntersection'], maxtextlength={
'SharedServicePartnerIntersection.sharedServiceID':140,
'SharedService.shortSharedServiceTitle':140,
'SharedService.shortSharedServiceDescription':140}, editable=False,deletable
=False)
else:
grid = SQLFORM.smartgrid(db.SharedService, linked_tables=[
'SharedServicePartnerIntersection'], maxtextlength={
'SharedServicePartnerIntersection.sharedServiceID':140,
'SharedService.shortSharedServiceTitle':140,
'SharedService.shortSharedServiceDescription':140}, editable=True, deletable
=True)
return dict(grid=grid)
thanks,
Alex
On Saturday, April 27, 2013 5:25:50 AM UTC-7, Anthony wrote:
>
> Add a created_by field to the tables that defaults to auth.user_id. In the
> grid controller, do something like this:
>
> if (request.args(-3) in ['edit', 'delete'] and
> db[request.args(-2)](request.args(-1)).created_by != auth.user_id):
> [code to prevent access]
>
>
> Anthony
>
> On Saturday, April 27, 2013 1:33:54 AM UTC-4, Alex Glaros wrote:
>>
>> Anthony,
>>
>> I think you're correct in that the value is always True. That's what
>> happens in my function.
>>
>> What would be the correct way to allow user editing capability for their
>> records only?
>>
>> thanks,
>>
>> Alex
>>
>> db.define_table('SharedService',
>> Field('shortSharedServiceTitle', 'string', label='Title'),
>> Field('shortSharedServiceDescription', 'string',label='Description'))
>> ##
>> ------------------------------------------------------------------------------------------
>> db.define_table('SharedServicePartnerIntersection',
>> Field('sharedServiceID', 'reference SharedService',
>> writable=False,readable=False),
>> Field('organizationID','reference Organization'))
>>
>>
>> On Friday, April 26, 2013 3:11:49 PM UTC-7, Anthony wrote:
>>>
>>> def search_shared_services():
>>>
>>> * if db.SharedService.created_by==auth.user:*
>>>>
>>>
>>> The above generates a Query object (which will always evaluate to True),
>>> it does not test whether the requested record was created by the current
>>> auth.user (anyway, it should be auth.user.id or auth.user_id --
>>> auth.user is the complete user record). Instead, you want to check if the
>>> request is to edit a record, and if so, whether that record was created by
>>> the current auth.user_id.
>>>
>>> Anthony
>>>
>>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
