It is called from the menu (models\menu.py). This is the code: ... if auth.is_logged_in(): response.menu = [ (T('Home'), False, URL('default', 'index', user_signature=True)), (T('Open work orders'), False, URL('open_wo', 'index', user_signature=True)), (T('Tables'), False, None, [ (db.opt_cat._plural, False, URL('opt_cat', 'index', vars={'sid': request.vars.sid}, user_signature=True)), ...
Didn't test the sorting or search then, but I tested now and they also don't work, returning the same Not Authorized message. segunda-feira, 22 de Abril de 2019 às 12:59:34 UTC+1, Anthony escreveu: > > When using signed URLs, how do users get to that function (given that the > URL requires a signature)? How do you construct the URL? > > When using @auth.requires_signature(), does sorting and searching the grid > work? Only edit fails? > > Anthony > > On Sunday, April 21, 2019 at 12:30:29 PM UTC-4, João Matos wrote: >> >> Here is the correct version (my previous post, which I deleted, was >> another version): >> >> #@auth.requires_signature() >> @auth.requires_login() >> def index(): >> # type: () -> Dict[str, gluon.DIV] >> """Index page. >> >> :return: Dict with grid. >> """ >> if session.return_to: >> del session.return_to >> >> session.table = 'opt_cat' >> >> # Hidden fields in grid and edit/view form. >> db.opt_cat.id.readable = False >> >> db.opt_cat.one_opt_only.show_if = db.opt_cat.mandatory == False >> >> if SUPERVISOR_ROLE_ID in auth.user_groups: >> # Uses covering index opt_cat_is_active_name_en. >> # Uses auto index sqlite_autoindex_opt_cat_1. >> grid = SQLFORM.grid( >> db.opt_cat, >> csv=False, >> details=False, >> # Disable delete checkbox in edit form. >> editargs=dict(deletable=False), >> maxtextlength=GRID_COL_LEN_FOR_TEXT, >> ondelete=on_delete, # Grid only. >> onvalidation=on_validation, # And onupdate are form only. >> orderby=db.opt_cat.name, >> paginate=session.auth.user.pagination, >> # represent_none='', # Grid and view form only. >> ) # type: gluon.DIV >> else: >> # Hidden fields in grid and edit/view form. >> db.opt_cat.canceled_on.readable = False >> db.opt_cat.canceled_by.readable = False >> db.opt_cat.cancel_approved_by.readable = False >> >> # Uses covering index opt_cat_is_active_name_en (is_active=?). >> # Uses index opt_cat_is_active_name (is_active=?). >> grid = SQLFORM.grid( >> db.opt_cat.is_active == True, >> create=False, >> csv=False, >> deletable=False, >> details=False, >> editable=False, >> maxtextlength=GRID_COL_LEN_FOR_TEXT, >> orderby=db.opt_cat.name, >> paginate=session.auth.user.pagination, >> # represent_none='', # Grid and view form only. >> ) >> >> # Remove icons from default buttons. >> grid.elements('span.icon', replace=None) >> >> if request.args: >> # Remove delete button. >> grid.element('#delete_with_approval', replace=None) >> >> if not request.args: >> # Sort grid's search fields list. >> grid.element('#w2p_query_fields').components = >> sort_grid_search_fields_list(grid) >> >> if session.opt_cat_modified_on: >> del session.opt_cat_modified_on >> elif 'edit' in request.args: >> # Edit uses opt_cat Pk. >> >> form = grid.update_form # type: gluon.sqlhtml.SQLFORM >> # form['hidden'].update(mon=form.record.modified_on) >> # Solves the record changed while editing, but doesn't solve it >> # if the user 1st tries something that returns form.errors (eg. >> # changing a unique field to something that already exists) and >> # only after that he tries to save the record (which was changed >> # by another user). For this the only solution I've found was >> # using a session var. >> >> if not session.opt_cat_modified_on: >> session.opt_cat_modified_on = form.record.modified_on >> >> if not form.record.is_active and not SUPERVISOR_ROLE_ID in auth. >> user_groups: >> session.flash = T('Record was deleted while you were viewing >> the grid.') >> redirect(URL(user_signature=True)) >> >> return dict(grid=grid) >> >> >> >> >> domingo, 21 de Abril de 2019 às 17:22:44 UTC+1, Anthony escreveu: >>> >>> On Sunday, April 21, 2019 at 10:53:08 AM UTC-4, João Matos wrote: >>>> >>>> I wanted to have signed URL everywhere. >>>> For that, I added user_signature=True to all my URL(). The grid has >>>> that as a default. >>>> At this point everything worked with @requires_login() except one >>>> special case (I believe this special case may be related to the same issue >>>> I'm facing with this I describe here). >>>> >>>> Then I added a var called sid (for session id) to every URL() which I >>>> use to identify the session (this way I'm able to distinguish ebetween 2 >>>> browser tabs). >>>> At this point everything worked with @requires_login() except the >>>> special case I mentioned above. >>>> >>>> Then I replaced @auth.requires_login() with @auth.requires_signature() >>>> and I'm able to access the grid but not the edit form. I receive a Not >>>> Authorized message. >>>> >>>> In all these tests I'm logged in. >>>> >>>> If I remove the sid var and keep the @auth.requires_signature() >>>> everything works. >>>> >>>> If I replace the@auth.requires_signature() with @auth.requires_login() >>>> and keep the sid var everything works. >>>> >>>> Only the combination of both doesn't work. >>>> >>> >>> Need to see the code. >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.