The problem is that you never give the current use the permission to
create. You only run this line
auth.add_permission(group_id, 'create', db.contacts)
after the call to create. You need to call it once before, or create the
permission via appadmin.
This is fine but I want to point out that you can do it in another way:
You are basically saying a user can edit and select records he created. So..
db.define_table (
'contacts',
Field('FirstName'),
...
Field('Company'),
auth.signature,
common_filter = lambda query: db.contacts.created_by == auth.user_id)
def create_contacts():
form = SQLFORM(db.contacts).process()
return dict(form=form)
You can disable the common filter when you do not want it:
if auth.user.is_admin: db.contacts._common_filter = None
I would also replace "contacts" with "contact" everywhere. The code would
be more readable.
On Thursday, 1 August 2013 11:55:56 UTC-5, GregD wrote:
>
> I've turned on auth and attempting to use crud.
>
> when I go to my app http://.../data/create/table_name
>
> I get "insufficient privileges"
> NOT Authorized
> Access Denied
>
> What am I missing?
>
> db.py is as follows:
>
> from gluon.tools import Auth
> from gluon.tools import Crud
>
> db = DAL('sqlite://storage.sqlite')
>
> db.define_table (
> 'contacts',
> Field('FirstName'),
> Field('LastName', requires=IS_NOT_EMPTY()),
> Field('Address1'),
> Field('Address2'),
> Field('City'),
> Field('State'),
> Field('Zip'),
> Field('Mobile'),
> Field('Work'),
> Field('Fax'),
> Field('Home'),
> Field('EmailAddr'),
> Field('WebURL'),
> Field('JobTitle'),
> Field('Company'),
> Field('CreateDate', 'datetime', default=request.now, writable=False) )
>
> auth = Auth(db)
> auth.define_tables(username=True)
>
> crud = Crud(db)
> crud.settings.auth = auth
> crud.settings.controller = 'default'
> crud.settings.create_next = URL('index')
>
> default.py <controller> includes the following:
>
> def give_create_permission(form):
> group_id = auth.id_group('user_%s' % auth.user.id)
> auth.add_permission(group_id, 'read', db.contacts)
> auth.add_permission(group_id, 'create', db.contacts)
> auth.add_permission(group_id, 'select', db.contacts)
>
> crud.settings.auth = auth
>
> def create_contacts():
> form = crud.create(db.contacts, onaccept=give_update_permission)
> return dict(form=crud())
>
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
