You should do 2. It is faster. On Monday, 25 November 2013 04:42:20 UTC-6, Robin Manoli wrote: > > Hi, > I was searching this group and I'm surprised I couldn't find any question > like this. I want to limit a certain access control so that only the owner > of a db entry can access it. Since using decorators is very neat I'd prefer > to do that, yet not do a db search twice. What would be the recommended way > to do this? > > # option 1: > @auth.requires( > db.article(request.vars.id<http://www.google.com/url?q=http%3A%2F%2Frequest.vars.id&sa=D&sntz=1&usg=AFQjCNFgYm6WCxtOAt2o5qdxwofe-XGpXw>).author > > = auth.user ) > def ajax_update_article(): > id = > request.vars.id<http://www.google.com/url?q=http%3A%2F%2Frequest.vars.id&sa=D&sntz=1&usg=AFQjCNFgYm6WCxtOAt2o5qdxwofe-XGpXw> > name = > request.vars.name<http://www.google.com/url?q=http%3A%2F%2Frequest.vars.name&sa=D&sntz=1&usg=AFQjCNHGM8h0UY5cBySCvpmflCJAqXxc5Q> > text = request.vars.text > article = db.article(id) # is database searched again? I might need > data from article, not just update it > article.update_record( name=name, text=text ) > return text > > # option 2: > @auth.requires_login() > def ajax_update_article(): > id = > request.vars.id<http://www.google.com/url?q=http%3A%2F%2Frequest.vars.id&sa=D&sntz=1&usg=AFQjCNFgYm6WCxtOAt2o5qdxwofe-XGpXw> > article = db.article(id) > if article.author != auth.user: return # this works, but is it > recommended? it's not as neat as a decorator > name = > request.vars.name<http://www.google.com/url?q=http%3A%2F%2Frequest.vars.name&sa=D&sntz=1&usg=AFQjCNHGM8h0UY5cBySCvpmflCJAqXxc5Q> > text = request.vars.text > article.update_record( name=name, text=text ) > return text > >
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
