Yep. This was embarrassingly simple. Thanks for help and patience. On Friday, June 7, 2013 9:34:28 PM UTC+2, Anthony wrote: > > def register(): > if not request.args(0) in [list, of, valid, groups]: > [redirect somewhere or return an error message] > [rest of your registration code] > > Anthony > > On Friday, June 7, 2013 1:52:57 PM UTC-4, lesssugar wrote: >> >> Instead, check it before you even call auth.register(). >>> >> >> Not sure how to achieve this. It goes the following way now: >> >> 1. The registration view renders. request.args(0) is checked (group1 or >> group2) and respective form generates. At this point the URL argument is OK >> (as user came to registration page by clicking a direct link which >> contained one of the two possible arguments). >> 2. From this moment the user can do anything with the URL. As the form is >> already generated the point is to check if the URL argument is valid *when >> submitting the form*, isn't it? How can I to do it *before *the >> auth.register() form generetes? >> >> Let me just stress, how new I am to web2py. >> >> On Friday, June 7, 2013 4:24:23 PM UTC+2, Anthony wrote: >>> >>> Don't check the validity of request.args(0) in the onaccept callback -- >>> that's too late. Instead, check it before you even call auth.register(). >>> >>> Anthony >>> >>> On Friday, June 7, 2013 9:58:09 AM UTC-4, lesssugar wrote: >>>> >>>> It's pretty straightforward - there are 2 registration links in the >>>> menu and each of them links to default/register/[group_type]. Then, in the >>>> view, request.args(0) value is being checked to generate respective form. >>>> Guess I'll go for the request.args(0) limitation, as you wrote. >>>> >>>> By the way, can I stop (revert?) the registration process when user >>>> tries to register with non-specified URL argument? Like this: >>>> >>>> 1. User submits the form >>>> 2. onaccept callback checks if the URL argument is equal to one of 2 >>>> specified >>>> 3. If not, registration takes no place (new user is not created) and >>>> the application redirects to a different (error) page >>>> >>>> W dniu piątek, 7 czerwca 2013 15:23:00 UTC+2 użytkownik Anthony napisał: >>>>> >>>>> How do users get to their respective registration URLs to begin with? >>>>> If they are sent a link via email, you could use a digital >>>>> signature<http://web2py.com/books/default/chapter/29/04#Digitally-signed-urls>. >>>>> >>>>> If they are allowed to choose the group themselves by making a selection, >>>>> then your current method is fine, but you should still check that >>>>> request.args(0) is limited to only the two allowed groups (so if you have >>>>> an admin group or some other roles with greater restrictions users won't >>>>> be >>>>> able to assign themselves to those roles). >>>>> >>>>> Anthony >>>>> >>>>> On Friday, June 7, 2013 6:39:56 AM UTC-4, lesssugar wrote: >>>>>> >>>>>> That's my concern also. I simply would like to make a transparent >>>>>> registration for 2 groups separately. In order to do so I have two >>>>>> different forms generating depending on URL argument: >>>>>> default/register/[group1] or [group2]. Checking request.args(0) on >>>>>> "onaccept" seemed obvious but it needs improvements. >>>>>> >>>>>> Is it a good idea to check also a specific form id attribute when >>>>>> performing onaccept? How do I check the form id attribute value? Or >>>>>> maybe >>>>>> there's a better way do make sure noone messes with the URL arguments? >>>>>> >>>>>> On Friday, June 7, 2013 3:18:29 AM UTC+2, Anthony wrote: >>>>>>> >>>>>>> Yes, you should not call .process() after calling auth.register() >>>>>>> because the second time through .process() it will fail (the _formkey >>>>>>> token >>>>>>> is only good for one process -- so it fails on the second). Using an >>>>>>> onaccept callback is the way to go. However, it appears you are >>>>>>> allowing >>>>>>> your users to assign themselves to any arbitrary group simply by >>>>>>> manipulating an arg in the URL -- that doesn't seem like a good idea. >>>>>>> >>>>>>> Anthony >>>>>>> >>>>>>> On Thursday, June 6, 2013 7:56:56 PM UTC-4, lesssugar wrote: >>>>>>>> >>>>>>>> OK, I figured out something like this and it works (let me know if >>>>>>>> it's not correct in any way): >>>>>>>> >>>>>>>> In db.py model: >>>>>>>> >>>>>>>> auth.settings.create_user_groups = False >>>>>>>> >>>>>>>> and then >>>>>>>> >>>>>>>> def add_group(form): >>>>>>>> group_id = auth.id_group(role=request.args(0)) >>>>>>>> auth.add_membership(group_id, form.vars.id) >>>>>>>> >>>>>>>> auth.settings.register_onaccept.append(add_group) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Friday, June 7, 2013 1:35:41 AM UTC+2, lesssugar wrote: >>>>>>>>> >>>>>>>>> Sorry, there is one more "but". After renaming the form all goes >>>>>>>>> well, except that this piece of code >>>>>>>>> >>>>>>>>> if register_form.accepts(request.vars, formname='register'): >>>>>>>>> auth.add_membership(group_id=1, >>>>>>>>> user_id=register_form.vars.id<http://register_form_s.vars.id> >>>>>>>>> ) >>>>>>>>> >>>>>>>>> no longer adds the right membership to user. It gives them the >>>>>>>>> default group: user_[id], while earlier adding to "group 1" worked >>>>>>>>> properly. >>>>>>>>> >>>>>>>>> On Friday, June 7, 2013 1:11:23 AM UTC+2, Anthony wrote: >>>>>>>>>> >>>>>>>>>> I think the form processing within the auth.register() function >>>>>>>>>> is probably failing because you have renamed the form to >>>>>>>>>> 's_registration', >>>>>>>>>> and it is expecting a form named 'register' (it uses the formname to >>>>>>>>>> check >>>>>>>>>> the _formkey value in the session). If the form doesn't get >>>>>>>>>> accepted, it >>>>>>>>>> doesn't get to the redirect logic. >>>>>>>>>> >>>>>>>>>> Anthony >>>>>>>>>> >>>>>>>>>> On Thursday, June 6, 2013 6:59:51 PM UTC-4, lesssugar wrote: >>>>>>>>>>> >>>>>>>>>>> Right, thanks. But what about the "next" attribute? What might >>>>>>>>>>> be the reason of the argument not working? >>>>>>>>>>> >>>>>>>>>>> On Friday, June 7, 2013 12:53:35 AM UTC+2, Anthony wrote: >>>>>>>>>>>> >>>>>>>>>>>> auth.register() automatically processes the form, so you should >>>>>>>>>>>> not subsequently call request_form.process(). >>>>>>>>>>>> >>>>>>>>>>>> Anthony >>>>>>>>>>>> >>>>>>>>>>>> On Thursday, June 6, 2013 6:21:52 PM UTC-4, lesssugar wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> After user registers, I would like to redirect them to a >>>>>>>>>>>>> different URL, let's say default/index. >>>>>>>>>>>>> >>>>>>>>>>>>> Auto-login in db.py is set to False. >>>>>>>>>>>>> >>>>>>>>>>>>> In my default.py controller I have this: >>>>>>>>>>>>> >>>>>>>>>>>>> register_form = auth.register(next=URL('default', 'index')) >>>>>>>>>>>>> register_form.update(_class='formstyle', >>>>>>>>>>>>> _name='s_registration') >>>>>>>>>>>>> if register_form.process().accepts(request.vars, >>>>>>>>>>>>> formname='s_registration'): >>>>>>>>>>>>> auth.add_membership(group_id=1, user_id= >>>>>>>>>>>>> register_form.vars.id <http://register_form_s.vars.id>) >>>>>>>>>>>>> >>>>>>>>>>>>> return dict(register_form=register_form) >>>>>>>>>>>>> >>>>>>>>>>>>> So after user registers, no redirection takes place. However, >>>>>>>>>>>>> the registration itself is correct (checked auth_user and >>>>>>>>>>>>> auth_membership >>>>>>>>>>>>> in the DB). >>>>>>>>>>>>> >>>>>>>>>>>>> Any suggestions why "next" argument does't get the job done? >>>>>>>>>>>>> >>>>>>>>>>>>> UPDATE: >>>>>>>>>>>>> If I add "redirect(URL('default', 'index'))" in the IF >>>>>>>>>>>>> condition (code above) - all goes fine. What's with the "next" >>>>>>>>>>>>> argument >>>>>>>>>>>>> then? >>>>>>>>>>>>> >>>>>>>>>>>>>
-- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
