Hi,
I was searching this group and I'm surprised I couldn't find any question
like this. I want to limit a certain access control so that only the owner
of a db entry can access it. Since using decorators is very neat I'd prefer
to do that, yet not do a db search twice. What would be the recommended way
to do this?
# option 1:
@auth.requires( db.article(request.vars.id).author = auth.user )
def ajax_update_article():
id = request.vars.id
name = request.vars.name
text = request.vars.text
article = db.article(id) # is database searched again? I might need
data from article, not just update it
article.update_record( name=name, text=text )
return text
# option 2:
@auth.requires_login()
def ajax_update_article():
id = request.vars.id
article = db.article(id)
if article.author != auth.user: return # this works, but is it
recommended? it's not as neat as a decorator
name = request.vars.name
text = request.vars.text
article.update_record( name=name, text=text )
return text
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
