> def search_shared_services():
> if (request.args(-3) in ['edit', 'delete'] and db[request.args(-2
> )](request.args(-1)).created_by != auth.user_id):
> grid = SQLFORM.smartgrid(db.SharedService, linked_tables=[
> 'SharedServicePartnerIntersection'], maxtextlength={
> 'SharedServicePartnerIntersection.sharedServiceID':140,
> 'SharedService.shortSharedServiceTitle':140,
> 'SharedService.shortSharedServiceDescription':140}, editable=False,deletable
> =False)
>
No, the above isn't the way to do it. When the edit link is clicked, the
grid returns an edit form rather than a grid, so you don't want the code
inside that "if" condition to call the grid function again. Instead, you
want it to do something to deny access, such as:
if (request.args(-3) in ['edit', 'delete'] and
db[request.args(-2)](request.args(-1)).created_by != auth.user_id):
session.flash = 'Access denied'
redirect(URL('default', 'search_shared_services')) # go back to grid
else:
grid = ...
Instead, though, probably what you really want is to only show the edit and
delete buttons within rows owned by the user. To do that, note that the
"editable" and "deletable" arguments can be functions that accept a row of
the table and return True or False to determine whether to include the
button -- so, you can do:
is_owner = (lambda row: row.created_by == auth.user_id) if auth.user else
False
grid = SQLFORM.smartgrid(..., editable=is_owner,
deletable=is_owner,user_signature
=True)
Anthony
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
