On Monday, April 22, 2019 at 8:14:10 AM UTC-4, João Matos wrote:
>
> It is called from the menu (models\menu.py). This is the code:
>
> ...
> if auth.is_logged_in():
> response.menu = [
> (T('Home'), False, URL('default', 'index', user_signature=True)),
> (T('Open work orders'), False, URL('open_wo', 'index',
> user_signature=True)),
> (T('Tables'),
> False,
> None,
> [
> (db.opt_cat._plural, False, URL('opt_cat', 'index', vars={
> 'sid': request.vars.sid}, user_signature=True)),
> ...
>
> Didn't test the sorting or search then, but I tested now and they also
> don't work, returning the same Not Authorized message.
>
The problem is that you need the grid to generate signed URLs, which it
does, but it does so without including the query string variables in
constructing the signature. However, your menu URL does include the query
string when creating the signature, and your @auth.requires_signature
decorator also expects the signature to be based on the query string. You
can try excluding the query string as follows:
@auth.requires_signature(hash_vars=False)
and to create the menu link:
URL('opt_cat', 'index', vars={'sid': request.vars.sid}, user_signature=True,
hash_vars=False)
Note, that is a little less secure, as the signature will work with any URL
with a full matching path, even if the query string is different.
Anyway, why do you need signed URLs in this case? Why is
@auth.requires_login not sufficient?
Anthony
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
