On Tuesday, December 27, 2016 at 8:33:09 AM UTC-5, Aydin wrote:
>
> I am trying to call a a function externally. I have a function:
> @auth.requires_login()
> @service.json
> def func(a):
> db.table1.insert(data1=a)
> db.commit()
> return locals()
>
> This has two problems: 1) When I use urllib2.urlopen("
> https://www.example.com/default/call/func.json/2) which does not have
> authentication, still it calls the function successfully (which is not
> intended, the idea is to authenticate the call).
>
Please see
http://web2py.com/books/default/chapter/29/10/services#Services-and-Authentication.
You cannot use the Auth decorators on functions decorated with @service.
The @service decorator simply registers the function with the Service
object. Your actual HTTP call is to the call() action in the default.py
controller -- so it is the call() action that must be protected via the
Auth decorators.
> 2) When I use the basic authentication using base64, it successfully
> calls the func but it does not seem that it used the authentication,
> because I have two users calling func and the the data that is inserted by
> user1 is also updated for user2 (the idea is to make data unique for each
> user, just like calling a function that need authentication internally and
> updating the database.
>
It is not clear what you mean. The function in question simply inserts a
new record into a table. That new record will be visible to any user that
can view the records in that table. If you need to limit which users can
view records within a given table, you must explicitly implement the
appropriate permissions (e.g., store the user ID of the record owner with
the record and when selecting records to view, limit the query to records
that match the user ID of the current logged in user).
Anthony
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
