Sorry for the late reply. No select does not enforce Auth. This is not
a bug although I am open to the possibility of changing the
behavior.The problem is that select takes a second argument that is a
query therefore there is now way to enforce permission based on the
query.
We could restrict permission beased on whether user has_access
('select',table).
This will not break existing apps but if an existing app uses
crud.select and uses crud.settings.auth=auth then the app will change
behavior. The select will require the new permission.
Shall we do this change?
Massimo
On Jul 30, 8:06 pm, mdipierro <[email protected]> wrote:
> I will take a look.
>
> On Jul 30, 3:38 pm, Tito Garrido <[email protected]> wrote:
>
> > I've enforced auth on crud:
> > crud.settings.auth=auth
>
> > And I can access myserver/controller/data/select/TABLE without need to
> > login... I can't access other functions like create, delete, update... but I
> > can access select function
>
> > On Thu, Jul 30, 2009 at 5:32 PM, Yarko Tymciurak <[email protected]> wrote:
> > > can you be more specific?
>
> > > On Thu, Jul 30, 2009 at 9:12 AM, Tito Garrido
> > > <[email protected]>wrote:
>
> > >> I'm enforcing CRUD auth and I can use the select function without
> > >> login...
> > >> is that expected?
>
> > >> Thanks,
>
> > >> Tito
>
> > >> --
>
> > >> Linux User #387870
> > >> .........____
> > >> .... _/_õ|__|
> > >> ..º[ .-.___.-._| . . . .
> > >> .__( o)__( o).:_______
>
> > --
>
> > Linux User #387870
> > .........____
> > .... _/_õ|__|
> > ..º[ .-.___.-._| . . . .
> > .__( o)__( o).:_______
> > Sent from Campinas, SP, Brazil
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
