@ Richard, (1) regarding this line {{if auth.has_permission('update',
request.args(0)):}}, how does user get permissions in the first place (2)
what would the args look like?
@ Massimo, column-value-based permission would be very useful in situations
like a data-mart where different users share same table but should not be
allowed to see each other's data. Access control in auth_permission would
only need to be in one place, but if done through the controller it
introduces more opportunity for programmer error to expose sensitive data
in many places if there are many controller functions for various purposes
accessing the table throughout the app. Think of a police or intelligence
app where all persons are in one table but only want secret operatives
revealed to restricted group. Or state licensing boards sharing same data
but should not be allowed to view each other's licensee SSNs and
investigative data.
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
