oops, regarding security, you're right Anthony. Users could walk the URL 
address. Is this better? Seems to work...

@auth.requires(lambda: not db((db.auth_membership.user_id == auth.user_id) 
& (db.auth_membership.group_id == db.auth_group.id) & (db.auth_group.role 
== request.get_vars.specificObjectID) & (db.auth_group.organizationID == 
request.get_vars.specificOrganizationID)).isempty())

regarding "or" operator, you are correct, I used the wrong logic to build 
the records. OR works.

Thanks so much for catching these errors. It's really appreciated,

Alex

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to