[web2py] Re: URL (controller function) call with authentication

Tue, 27 Dec 2016 06:42:02 -0800 

On Tuesday, December 27, 2016 at 8:33:09 AM UTC-5, Aydin wrote:
>
> I am trying to call a a function externally. I have a function:
> @auth.requires_login()    
> @service.json
> def func(a):
>     db.table1.insert(data1=a)
>     db.commit()
>     return locals()
>
> This has two problems: 1) When I use urllib2.urlopen("
> https://www.example.com/default/call/func.json/2) which does not have 
> authentication, still it calls the function successfully (which is not 
> intended, the idea is to authenticate the call).
>

Please 
see 
http://web2py.com/books/default/chapter/29/10/services#Services-and-Authentication.
 
The @service decorator simply registers the function with the Service 
object -- it is actually called via the call() function in the default.py 
controller, so the @auth decorator never has any effect. The @auth 
decorator instead belongs on the call() function.
 

> 2) When I use the basic authentication using base64, it successfully 
> calls the func but it does not seem that it used the authentication, 
> because I have two users calling func and the the data that is inserted by 
> user1 is also updated for user2 (the idea is to make data unique for each 
> user, just like calling a function that need authentication internally and 
> updating the database.
>

It's not quite clear what you expect or want. The function you have shown 
does not do any updating of records -- it simply inserts new records. New 
records will be visible to any users that can see records in that table. If 
you need to restrict which users can see which records, you need to 
explicitly implement some kind of permissions.

Anthony 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to