You need to enforce it at controller level... What I usually do it to
filter the record user can view base on their role... The drawback depends
of your exact requirement is that they only see in grid what they are
allowed to modify or access...
But nothing prevent you to display all record and only block update, so can
see all records in grid and the read form, but can't edit...
This can be achieved at 2 level, you can remove the "modify" button form
read form view with a simple if which check for the role of the user and
the state of the record and at the controller level where you redirect the
user over an unify error page, to make sure that user that tamper with url
can't access the record that way...
Here some code sample :
# modify button
{{if auth.has_permission('update', request.args(0)):}}
{{=A(I(_class='icon-edit icon-large'), SPAN(' '), STRONG(T('Edit')),
_href=URL(c='yourcontroller', f='update',
args=(request.args(0), request.args(1))),
_style='text-decoration : none; color: #333;', _class='btn
btn-small')}}
{{pass}}
# controller
if not auth.has_permission('update', request.args(0)):
redirect(URL(c='permission', f='not_authorized')) # This page is
the same for each error message of the app when redirecting because
permissions issue which contains a details message and a message box that
the user can fill and send an email to request permissions changes to the
admin of the system.
These 2 lines are the first lines of the controller... Notice the way I use
negative if to prevent having if else structure which would polute all the
reste of controller with indentation for this simple check...
Richard
On Sun, May 10, 2015 at 10:36 PM, Alex Glaros <[email protected]> wrote:
> if there was a way to make only specific tables multi-tenant, that would
> work as well
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
