Thanks, Anthony. That works nicely.
On Fri, Oct 7, 2016 at 10:32 AM Anthony <[email protected]> wrote:
> Have you tried adding:
>
> auth.user.update(userlevel=newlevel)
>
> Anthony
>
>
> On Thursday, October 6, 2016 at 6:15:02 PM UTC-4, Michael Ellis wrote:
>
>
> I have the following code as a json service for changing user
> privileges. This app doesn't need the fine-grained control of Web2py RBAC
> so I've added an integer userlevel field to auth_user. It mostly works as
> intended except when a logged in user alters her own userlevel. The change
> isn't detected unless she logs out and then back in. I understand this is
> because the auth.user record is cached in the session. What's the right
> way to update a logged in user whose auth_user record may have changed?
>
> @service.json
> def set_user_group():
> """
> Changes a user's group (userlevel)
> Args:
> first_name,last_name, newgroup in request.args
> Returns: error message if auth fails
> Raises: Nothing
> """
> err = None
> if auth.is_logged_in() and auth.user.userlevel >= 2:
> # Ok to change it
> first, last, newgroup = tuple(request.args)[-3:]
> tbl = db.auth_user
> qry = ((tbl.first_name == first) & (tbl.last_name == last))
> rows = db(qry).select()
> assert len(rows) <= 1 ## should be impossible to have duplicate
> names
> if len(rows) == 0:
> err = "User '{} {}' not found in database!".format(first, last)
> else:
> id = rows[0][tbl.id]
> newlevel = dict(user=0, tech=1, admin=2)[newgroup.lower()]
> db(tbl.id == id).update(userlevel=newlevel)
> else:
> err = "Changing user groups requires log-in with admin privileges"
> return dict(msg=err)
>
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to a topic in the
> Google Groups "web2py-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/web2py/BwEGtzUkJhY/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
