See my patch<https://groups.google.com/d/msg/web2py-developers/e0BaYjlHsO0/YMdgNPyP5kwJ>if you want something specifically for managing Auth.
Anthony On Thursday, May 30, 2013 11:04:25 PM UTC-4, Tim Richardson wrote: > > > > On Friday, 31 May 2013 02:50:38 UTC+10, Massimo Di Pierro wrote: >> >> The caveat here is that appadmin is unsafe that is why it >> is restricted to administrators. This because the query in appadmin are >> Python code therefore they can be exploited to gain login access to the >> system. This is not a problem for admin because he/she already has login >> access. >> >> Instead of hacking appadmin access I suggest just create an action like: >> >> > Thanks. Some cleanup: > > @auth.requires_membership(role='admin') > def manage(): > """ Manage users and groups, code snipped from Massimo """ > tablename = request.args(0) > if tablename: grid = SQLFORM.smartgrid(db[tablename]) > else: > grid = UL(*[LI(A(t,_href=URL(args=t))) for t in db.tables]) > return locals() > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
