On Tuesday, December 27, 2016 at 8:33:09 AM UTC-5, Aydin wrote:
>
> I am trying to call a a function externally. I have a function:
> @auth.requires_login()    
> @service.json
> def func(a):
>     db.table1.insert(data1=a)
>     db.commit()
>     return locals()
>
> This has two problems: 1) When I use urllib2.urlopen("
> https://www.example.com/default/call/func.json/2) which does not have 
> authentication, still it calls the function successfully (which is not 
> intended, the idea is to authenticate the call).
>

Please see 
http://web2py.com/books/default/chapter/29/10/services#Services-and-Authentication.
 
You cannot use the Auth decorators on functions decorated with @service. 
The @service decorator simply registers the function with the Service 
object. Your actual HTTP call is to the call() action in the default.py 
controller -- so it is the call() action that must be protected via the 
Auth decorators.
 

> 2) When I use the basic authentication using base64, it successfully 
> calls the func but it does not seem that it used the authentication, 
> because I have two users calling func and the the data that is inserted by 
> user1 is also updated for user2 (the idea is to make data unique for each 
> user, just like calling a function that need authentication internally and 
> updating the database.
>

It is not clear what you mean. The function in question simply inserts a 
new record into a table. That new record will be visible to any user that 
can view the records in that table. If you need to limit which users can 
view records within a given table, you must explicitly implement the 
appropriate permissions (e.g., store the user ID of the record owner with 
the record and when selecting records to view, limit the query to records 
that match the user ID of the current logged in user).

Anthony

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to