[web2py] Pages that only their author can view

Sun, 04 May 2014 21:47:27 -0700 

I am trying to create a site where users can create pages. The user has a 
"wall" which lists all the pages that they have created. They can then view 
any of the pages that they have created. I am trying to set an 
authorisation so that only the page author can view the respective page.

What I have done follows:


In my model I create a table called "pages". Each page that is created has 
a reference key to the author that created it.

db.define_table('pages',
Field('user_id', 'reference auth_user', default=auth.user_id),
Field('name', 'string', required=True),
Field('created_on', 'datetime', default=request.now))


The wall method in the controller shows that each user has a "wall" that 
lists all the pages that they have created. They can then click on an item 
in the list and be directed to the relevant page by passing the page pk in 
the url.

@auth.requires_login()
def wall():
    pages = db(db.pages.user_id == auth.user.id).select(db.pages.ALL)
    return dict(pages = pages)


I have tried two different decorators above the "page" method (seen as 
comments) in an attempt to make these pages only viewable by their 
respective authors. The decorators that I have tried do only let their 
creator view them but they cause the rest of the site to return a 404 page. 
I am not sure why.

#@auth.requires(auth.user_id==db.pages(request.args(0, cast = 
int)).user_id, requires_login=True)
#@auth.requires_membership('user_' + str(db.pages(request.args(0, cast = 
int)).user_id))
def page():
    this_page = db.pages(request.args(0, cast = int)) or redirect(URL('wall'
))
    ...
    return ...

What is the best method to give only the creator of a page permission to 
view it?

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to