On Jul 12, 2009, at 11:00 AM, Yarko Tymciurak wrote: > On Sun, Jul 12, 2009 at 12:53 PM, Jonathan Lundell > <[email protected]> wrote: > > On Jul 12, 2009, at 10:00 AM, mdipierro wrote: > > > > > correct on both accounts. I will get this fixed in the code and the > > manual. Thanks. > > I'm not familiar enough with the DAL to know if this makes complete > sense, but might it be reasonable for Auth.define_tables to add > required fields and validations to the user table (and perhaps other > tables) if they're missing? > > That would have at least three benefits: a developer wouldn't have as > much to do when extending the table(s); it would ensure that the > security-related validations are in place; and it would effectively > migrate existing tables the next time web2py is updated and run. > > define_tables might end up looking like this: > > if (no user table) > define a user table > > I think this is the way it works already... either define your own > table, or let Auth... > > > if (no required-field x) > define required-field x > if (no required-field y) > define required-field y > if (field y doesn't have validation v) > add validation v to field y > etc... > > > From a development perspective, this might be dangerous - side > effects. > If your table has minimum requirements for Auth, good; if not, Auth > complains, and lets the developer handle the change.
Complaining would be adequate, but I don't think Auth complains. If it tries to use an undefined field, yes, but if the validation isn't adequate, no. I agree that it's an added complication. Whether there's enough benefit to justify it, maybe not. But a side effect of not doing it is that none of the existing user tables are going to be fixed unless the developer knows to make the explicit fixes after the fact. And adding a check-and-complain would be pretty annoying, since everybody's user table would start complaining after the next update. Another issue: the user table definition in Auth.define_tables is not the same as the one in the manual. In particular, the manual ignores settings.password_field, and doesn't do any migration. (Query: does migration pay attention to validations?) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
