Or more simply:
def other():
if not URL.verify(request, user_signature=True, hash_vars=False):
redirect(...)
return dict(grid=SQLFORM.grid(...))
Anthony
On Thursday, May 30, 2013 6:44:59 PM UTC-4, Wes Hall wrote:
>
> I need to verify that the right person can get to the grid, but once that
> is established, let the grid handle verification.
>
> Something along the lines of this would be the best action?
>
> def other():
>
> # If there are vars, assume grid is supplying and let it check the key
> if len(request.vars) >= 1:
> pass
>
> # If no vars, see if this link is valid
> elif URL.verify():
> pass
>
> # Neither condition is True, must be invalid, redirect
> else:
> redirect
>
> return SQLFORM.grid()
>
> On Thursday, May 30, 2013 8:57:34 AM UTC-4, Anthony wrote:
>>
>> The grid does it's own URL signature verification, so you should not use
>> the @auth.requires_signature decorator. I believe the difference is that
>> @auth.requires_signature expects the URL vars to be included in the hash,
>> but the grid excludes the vars. If you need to separately verify the
>> signature to prevent any access to the function at all, you can directly
>> call the URL.verify() function within the other() function.
>>
>> Anthony
>>
>> On Thursday, May 30, 2013 2:12:31 AM UTC-4, Wes Hall wrote:
>>>
>>> Using MDP's example from here:
>>> https://groups.google.com/d/msg/web2py/VBrm6B6-Pdk/sG_h9Ane8zQJ and the
>>> manual's suggestion for digitally signed urls:
>>>
>>> @auth.requires_membership('admin'):
>>> def index()
>>> link = URL('other',user_signature=True) #1
>>> return dict(link=link)
>>>
>>> @auth.requires_signature() #2
>>> def other():
>>> return dict(message='hello world')
>>>
>>> I have added a SQLFORM.grid in other(). Everything works fine except for
>>> the pagination links. The requires_signature decorator for other() won't
>>> accept the signed URL from the grid, and the user is redirected to the
>>> access denied/not authorized page.
>>>
>>> Link from index():
>>> ...other/29?_signature=663347d7a36b4eb34f6f07607f4a3b396f76e1cd
>>> page2 link from other()
>>> grid: ...other/29?page=2&_signature=663347d7a36b4eb34f6f07607f4a3b396f76e1cd
>>>
>>> I tried removing the requires_signature() decorator, and the pagination
>>> works correctly. It appears as though both URL(user_signature=True) and
>>> SQLFORM.grid(user_signature=True) hash the signature the same, but
>>> @auth.requires_signature and SQLFORM.grid verify the signatures differently.
>>>
>>> If that is a fair or accurate statement, how should I work around this?
>>>
>>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
