I think so... because people could see the data without permission... BTW is there a way to change the "linkto" link from "read" to "update" by a parameter?
On Sat, Aug 1, 2009 at 4:01 PM, mdipierro <[email protected]> wrote: > > Sorry for the late reply. No select does not enforce Auth. This is not > a bug although I am open to the possibility of changing the > behavior.The problem is that select takes a second argument that is a > query therefore there is now way to enforce permission based on the > query. > > We could restrict permission beased on whether user has_access > ('select',table). > This will not break existing apps but if an existing app uses > crud.select and uses crud.settings.auth=auth then the app will change > behavior. The select will require the new permission. > > Shall we do this change? > > Massimo > > On Jul 30, 8:06 pm, mdipierro <[email protected]> wrote: > > I will take a look. > > > > On Jul 30, 3:38 pm, Tito Garrido <[email protected]> wrote: > > > > > I've enforced auth on crud: > > > crud.settings.auth=auth > > > > > And I can access myserver/controller/data/select/TABLE without need to > > > login... I can't access other functions like create, delete, update... > but I > > > can access select function > > > > > On Thu, Jul 30, 2009 at 5:32 PM, Yarko Tymciurak <[email protected]> > wrote: > > > > can you be more specific? > > > > > > On Thu, Jul 30, 2009 at 9:12 AM, Tito Garrido <[email protected] > >wrote: > > > > > >> I'm enforcing CRUD auth and I can use the select function without > login... > > > >> is that expected? > > > > > >> Thanks, > > > > > >> Tito > > > > > >> -- > > > > > >> Linux User #387870 > > > >> .........____ > > > >> .... _/_õ|__| > > > >> ..º[ .-.___.-._| . . . . > > > >> .__( o)__( o).:_______ > > > > > -- > > > > > Linux User #387870 > > > .........____ > > > .... _/_õ|__| > > > ..º[ .-.___.-._| . . . . > > > .__( o)__( o).:_______ > > > Sent from Campinas, SP, Brazil > > > -- Linux User #387870 .........____ .... _/_õ|__| ..º[ .-.___.-._| . . . . .__( o)__( o).:_______ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
