We could but we do not want to? On Friday, 31 May 2013 10:05:49 UTC-5, Richard wrote: > > Hello, > > Maybe it could be easy to remove this issue and let the appadmin be used > by admin user or any user authorized. The search feature of .grid() and > .smartgrid() could be used to search in appadmin?? > > Richard > > > On Thu, May 30, 2013 at 12:50 PM, Massimo Di Pierro > <[email protected]<javascript:> > > wrote: > >> The caveat here is that appadmin is unsafe that is why it >> is restricted to administrators. This because the query in appadmin are >> Python code therefore they can be exploited to gain login access to the >> system. This is not a problem for admin because he/she already has login >> access. >> >> Instead of hacking appadmin access I suggest just create an action like: >> >> @auth.require_membership(role='admin') >> def manage(): >> tablename = request.args(0) >> if tablename: grid = SQLFORM.smartgrid(db[tablename]) >> else: grid = UL(*[LI(A(t,_href=URL(args=t)) for t in db.tables]) >> return locals() >> >> and it will work even better. >> >> >> >> >> >> On Thursday, 30 May 2013 08:24:20 UTC-5, Anthony wrote: >>> >>> On Thursday, May 30, 2013 3:44:51 AM UTC-4, Tim Richardson wrote: >>> >>>> The web2py admin actually has access to the applications (plural) in my >>>> understanding. I thought that giving specific people access to managing >>>> users and groups per-application would not be unusual. >>>> >>> >>> That's not unusual, but in web2py, you don't typically do it by exposing >>> appadmin, which provides complete access to the entire database. If you >>> just want to let an admin manage users and groups, you should write a >>> simple function that exposes only the users, groups, and membership tables >>> -- SQLFORM.smartgrid might be a good option. Perhaps we should add such a >>> function to the "welcome" app to make it easier to manage Auth memberships >>> and permissions. >>> >>> Anthony >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "web2py-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> >> >> > >
-- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
