On Friday, 31 May 2013 02:50:38 UTC+10, Massimo Di Pierro wrote:
>
> The caveat here is that appadmin is unsafe that is why it is restricted to
> administrators. This because the query in appadmin are Python code
> therefore they can be exploited to gain login access to the system. This is
> not a problem for admin because he/she already has login access.
>
> Instead of hacking appadmin access I suggest just create an action like:
>
>
Thanks. Some cleanup:
@auth.requires_membership(role='admin')
def manage():
""" Manage users and groups, code snipped from Massimo """
tablename = request.args(0)
if tablename: grid = SQLFORM.smartgrid(db[tablename])
else:
grid = UL(*[LI(A(t,_href=URL(args=t))) for t in db.tables])
return locals()
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
