def register():
if not request.args(0) in [list, of, valid, groups]:
[redirect somewhere or return an error message]
[rest of your registration code]
Anthony
On Friday, June 7, 2013 1:52:57 PM UTC-4, lesssugar wrote:
>
> Instead, check it before you even call auth.register().
>>
>
> Not sure how to achieve this. It goes the following way now:
>
> 1. The registration view renders. request.args(0) is checked (group1 or
> group2) and respective form generates. At this point the URL argument is OK
> (as user came to registration page by clicking a direct link which
> contained one of the two possible arguments).
> 2. From this moment the user can do anything with the URL. As the form is
> already generated the point is to check if the URL argument is valid *when
> submitting the form*, isn't it? How can I to do it *before *the
> auth.register() form generetes?
>
> Let me just stress, how new I am to web2py.
>
> On Friday, June 7, 2013 4:24:23 PM UTC+2, Anthony wrote:
>>
>> Don't check the validity of request.args(0) in the onaccept callback --
>> that's too late. Instead, check it before you even call auth.register().
>>
>> Anthony
>>
>> On Friday, June 7, 2013 9:58:09 AM UTC-4, lesssugar wrote:
>>>
>>> It's pretty straightforward - there are 2 registration links in the menu
>>> and each of them links to default/register/[group_type]. Then, in the view,
>>> request.args(0) value is being checked to generate respective form. Guess
>>> I'll go for the request.args(0) limitation, as you wrote.
>>>
>>> By the way, can I stop (revert?) the registration process when user
>>> tries to register with non-specified URL argument? Like this:
>>>
>>> 1. User submits the form
>>> 2. onaccept callback checks if the URL argument is equal to one of 2
>>> specified
>>> 3. If not, registration takes no place (new user is not created) and the
>>> application redirects to a different (error) page
>>>
>>> W dniu piątek, 7 czerwca 2013 15:23:00 UTC+2 użytkownik Anthony napisał:
>>>>
>>>> How do users get to their respective registration URLs to begin with?
>>>> If they are sent a link via email, you could use a digital
>>>> signature<http://web2py.com/books/default/chapter/29/04#Digitally-signed-urls>.
>>>>
>>>> If they are allowed to choose the group themselves by making a selection,
>>>> then your current method is fine, but you should still check that
>>>> request.args(0) is limited to only the two allowed groups (so if you have
>>>> an admin group or some other roles with greater restrictions users won't
>>>> be
>>>> able to assign themselves to those roles).
>>>>
>>>> Anthony
>>>>
>>>> On Friday, June 7, 2013 6:39:56 AM UTC-4, lesssugar wrote:
>>>>>
>>>>> That's my concern also. I simply would like to make a transparent
>>>>> registration for 2 groups separately. In order to do so I have two
>>>>> different forms generating depending on URL argument:
>>>>> default/register/[group1] or [group2]. Checking request.args(0) on
>>>>> "onaccept" seemed obvious but it needs improvements.
>>>>>
>>>>> Is it a good idea to check also a specific form id attribute when
>>>>> performing onaccept? How do I check the form id attribute value? Or maybe
>>>>> there's a better way do make sure noone messes with the URL arguments?
>>>>>
>>>>> On Friday, June 7, 2013 3:18:29 AM UTC+2, Anthony wrote:
>>>>>>
>>>>>> Yes, you should not call .process() after calling auth.register()
>>>>>> because the second time through .process() it will fail (the _formkey
>>>>>> token
>>>>>> is only good for one process -- so it fails on the second). Using an
>>>>>> onaccept callback is the way to go. However, it appears you are allowing
>>>>>> your users to assign themselves to any arbitrary group simply by
>>>>>> manipulating an arg in the URL -- that doesn't seem like a good idea.
>>>>>>
>>>>>> Anthony
>>>>>>
>>>>>> On Thursday, June 6, 2013 7:56:56 PM UTC-4, lesssugar wrote:
>>>>>>>
>>>>>>> OK, I figured out something like this and it works (let me know if
>>>>>>> it's not correct in any way):
>>>>>>>
>>>>>>> In db.py model:
>>>>>>>
>>>>>>> auth.settings.create_user_groups = False
>>>>>>>
>>>>>>> and then
>>>>>>>
>>>>>>> def add_group(form):
>>>>>>> group_id = auth.id_group(role=request.args(0))
>>>>>>> auth.add_membership(group_id, form.vars.id)
>>>>>>>
>>>>>>> auth.settings.register_onaccept.append(add_group)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Friday, June 7, 2013 1:35:41 AM UTC+2, lesssugar wrote:
>>>>>>>>
>>>>>>>> Sorry, there is one more "but". After renaming the form all goes
>>>>>>>> well, except that this piece of code
>>>>>>>>
>>>>>>>> if register_form.accepts(request.vars, formname='register'):
>>>>>>>> auth.add_membership(group_id=1,
>>>>>>>> user_id=register_form.vars.id<http://register_form_s.vars.id>
>>>>>>>> )
>>>>>>>>
>>>>>>>> no longer adds the right membership to user. It gives them the
>>>>>>>> default group: user_[id], while earlier adding to "group 1" worked
>>>>>>>> properly.
>>>>>>>>
>>>>>>>> On Friday, June 7, 2013 1:11:23 AM UTC+2, Anthony wrote:
>>>>>>>>>
>>>>>>>>> I think the form processing within the auth.register() function is
>>>>>>>>> probably failing because you have renamed the form to
>>>>>>>>> 's_registration', and
>>>>>>>>> it is expecting a form named 'register' (it uses the formname to
>>>>>>>>> check the
>>>>>>>>> _formkey value in the session). If the form doesn't get accepted, it
>>>>>>>>> doesn't get to the redirect logic.
>>>>>>>>>
>>>>>>>>> Anthony
>>>>>>>>>
>>>>>>>>> On Thursday, June 6, 2013 6:59:51 PM UTC-4, lesssugar wrote:
>>>>>>>>>>
>>>>>>>>>> Right, thanks. But what about the "next" attribute? What might be
>>>>>>>>>> the reason of the argument not working?
>>>>>>>>>>
>>>>>>>>>> On Friday, June 7, 2013 12:53:35 AM UTC+2, Anthony wrote:
>>>>>>>>>>>
>>>>>>>>>>> auth.register() automatically processes the form, so you should
>>>>>>>>>>> not subsequently call request_form.process().
>>>>>>>>>>>
>>>>>>>>>>> Anthony
>>>>>>>>>>>
>>>>>>>>>>> On Thursday, June 6, 2013 6:21:52 PM UTC-4, lesssugar wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> After user registers, I would like to redirect them to a
>>>>>>>>>>>> different URL, let's say default/index.
>>>>>>>>>>>>
>>>>>>>>>>>> Auto-login in db.py is set to False.
>>>>>>>>>>>>
>>>>>>>>>>>> In my default.py controller I have this:
>>>>>>>>>>>>
>>>>>>>>>>>> register_form = auth.register(next=URL('default', 'index'))
>>>>>>>>>>>> register_form.update(_class='formstyle', _name='s_registration')
>>>>>>>>>>>> if register_form.process().accepts(request.vars,
>>>>>>>>>>>> formname='s_registration'):
>>>>>>>>>>>> auth.add_membership(group_id=1, user_id=
>>>>>>>>>>>> register_form.vars.id <http://register_form_s.vars.id>)
>>>>>>>>>>>>
>>>>>>>>>>>> return dict(register_form=register_form)
>>>>>>>>>>>>
>>>>>>>>>>>> So after user registers, no redirection takes place. However,
>>>>>>>>>>>> the registration itself is correct (checked auth_user and
>>>>>>>>>>>> auth_membership
>>>>>>>>>>>> in the DB).
>>>>>>>>>>>>
>>>>>>>>>>>> Any suggestions why "next" argument does't get the job done?
>>>>>>>>>>>>
>>>>>>>>>>>> UPDATE:
>>>>>>>>>>>> If I add "redirect(URL('default', 'index'))" in the IF
>>>>>>>>>>>> condition (code above) - all goes fine. What's with the "next"
>>>>>>>>>>>> argument
>>>>>>>>>>>> then?
>>>>>>>>>>>>
>>>>>>>>>>>>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
