> > > 1. how can I check if user is currently logged in? I saw the session > cookie but not sure how to infer from it the status. Also, a user could > have logged in long time ago, have the cookie but the session will expire. > I guess something like this is needed in controllers/hello.py: ( i.e. > start > by sending GET http://mysite/my_app/hello/logged > @auth.requires_login() > def logged(): return dict(message="hello logged user") > > Something like this seems reasonable.
> > 1. I guess I don't really need the user_id field in the client side. > What is the proper way to get actions associated with this user? in other > words, each user has database updates relevant only for him. > > The web2py Auth system is designed to check roles and permissions on the server, so just make requests and have web2py do the checking (possibly returning not-authorized messages when necessary). You could return a list of roles or permissions to the app if needed, but you would still want to do the final authorization checks in web2py. Note, a list of the user's group memberships can be found in auth.user_groups (there is no similar automatically compiled list of permissions, so you would have to construct that based on the details of your app if you are using the permissions functionality). Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
