Hello, I'm writing a multi-tenant app. All tables have a domain field which is used to distinguish beetween different organizations. They all have a "common_filter = lambda query: db.<table>.domain==session.domain" parameter.
All is working fine, except when I'm trying to use a left join query, in this case the filter seems not to work correctly, infact the query return *all records, regardless the common_filter.* The columns where the filter is applied have a "strange behavoiur", values are present for the "right" records, but they assume the "none" value for records that would normally be filtred. I tried to inspect the sql generated and I obtain something like this: SELECT `servizi`.`id`, `servizi`.`domain`, `servizi`.`id_servizio`, `servizi`.`tipo_servizio` , `ivrs`.`id`, `ivrs`.`domain`, `ivrs`.`name` FROM `ivrs` LEFT JOIN `servizi` ON (((`servizi`.`id_servizio` = `ivrs`.`id`) AND (`servizi`.`tipo_servizio` = 'ivrs')) AND (`servizi`.`domain` = 5)) ORDER BY `ivrs`.`name`; this how the query is created: ivrs=db().select(db.servizi.ALL, db.ivrs.ALL, left=db.servizi.on((db.servizi.id_servizio == db.ivrs.id)&(db.servizi.tipo_servizio == 'ivrs')),orderby=db.ivrs.name) obv, this leads to problems, as users can see records that they are not allowed to. Is this the expected behaviour or is it a "bug"? is there a way to do a left join mantaining the common_filter functionality? I found a workaround: if I modify the query as follow: ivrs=db(db.ivrs.domain==session.domain).select(......) I get the right records, but this is not how common filter is supposed to work. Thanks, Marvi -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.