Prefer not to address permissions in controller. One problem is in grid,
user can change the parms in the address bar and start editing another
user's data
Tried doing a record-by-record check below in grid but creates false
positive each time
db.auth_group.organizationID.represent = lambda value,row: DIV(redirect(URL
('default','siteMap', args=[row.organizationID, request.get_vars.
specificOrganizationID]))) if row.organizationID !=
request.get_vars.specificOrganizationID
else ''
resulting args in view are correct but somehow the logic doesn't take
User is not creator, so can't use signature technique. Tried this:
is_authorizer = (lambda row: row.organizationID == request.get_vars.
specificOrganizationID)
..., editable = is_authorizer, ...
Other alternative, would be to put in a "for" loop and just granularly
handle one record at a time
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
