[web2py] Re: Pages that only their author can view

Tue, 06 May 2014 13:15:07 -0700 

Hi Sidney,   Try looking at 'common_filter'.  This often works well for me.



On Sunday, 4 May 2014 10:28:57 UTC+1, Sidney Rubidge wrote:
>
> I am trying to create a site where users can create pages. The user has a 
> "wall" which lists all the pages that they have created. They can then view 
> any of the pages that they have created. I am trying to set an 
> authorisation so that only the page author can view the respective page.
>
> What I have done follows:
>
>
> In my model I create a table called "pages". Each page that is created has 
> a reference key to the author that created it.
>
> db.define_table('pages',
> Field('user_id', 'reference auth_user', default=auth.user_id),
> Field('name', 'string', required=True),
> Field('created_on', 'datetime', default=request.now))
>
>
> The wall method in the controller shows that each user has a "wall" that 
> lists all the pages that they have created. They can then click on an item 
> in the list and be directed to the relevant page by passing the page pk in 
> the url.
>
> @auth.requires_login()
> def wall():
>     pages = db(db.pages.user_id == auth.user.id).select(db.pages.ALL)
>     return dict(pages = pages)
>
>
> I have tried two different decorators above the "page" method (seen as 
> comments) in an attempt to make these pages only viewable by their 
> respective authors. The decorators that I have tried do only let their 
> creator view them but they cause the rest of the site to return a 404 page. 
> I am not sure why.
>
> #@auth.requires(auth.user_id==db.pages(request.args(0, cast = 
> int)).user_id, requires_login=True)
> #@auth.requires_membership('user_' + str(db.pages(request.args(0, cast = 
> int)).user_id))
> def page():
>     this_page = db.pages(request.args(0, cast = int)) or redirect(URL(
> 'wall'))
>     ...
>     return ...
>
> What is the best method to give only the creator of a page permission to 
> view it?
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to