uploading to trunk select requires select permission on table
On Aug 1, 6:56 pm, Tito Garrido <[email protected]> wrote: > I think so... because people could see the data without permission... > BTW is there a way to change the "linkto" link from "read" to "update" by a > parameter? > > > > On Sat, Aug 1, 2009 at 4:01 PM, mdipierro <[email protected]> wrote: > > > Sorry for the late reply. No select does not enforce Auth. This is not > > a bug although I am open to the possibility of changing the > > behavior.The problem is that select takes a second argument that is a > > query therefore there is now way to enforce permission based on the > > query. > > > We could restrict permission beased on whether user has_access > > ('select',table). > > This will not break existing apps but if an existing app uses > > crud.select and uses crud.settings.auth=auth then the app will change > > behavior. The select will require the new permission. > > > Shall we do this change? > > > Massimo > > > On Jul 30, 8:06 pm, mdipierro <[email protected]> wrote: > > > I will take a look. > > > > On Jul 30, 3:38 pm, Tito Garrido <[email protected]> wrote: > > > > > I've enforced auth on crud: > > > > crud.settings.auth=auth > > > > > And I can access myserver/controller/data/select/TABLE without need to > > > > login... I can't access other functions like create, delete, update... > > but I > > > > can access select function > > > > > On Thu, Jul 30, 2009 at 5:32 PM, Yarko Tymciurak <[email protected]> > > wrote: > > > > > can you be more specific? > > > > > > On Thu, Jul 30, 2009 at 9:12 AM, Tito Garrido <[email protected] > > >wrote: > > > > > >> I'm enforcing CRUD auth and I can use the select function without > > login... > > > > >> is that expected? > > > > > >> Thanks, > > > > > >> Tito > > > > > >> -- > > > > > >> Linux User #387870 > > > > >> .........____ > > > > >> .... _/_õ|__| > > > > >> ..º[ .-.___.-._| . . . . > > > > >> .__( o)__( o).:_______ > > > > > -- > > > > > Linux User #387870 > > > > .........____ > > > > .... _/_õ|__| > > > > ..º[ .-.___.-._| . . . . > > > > .__( o)__( o).:_______ > > > > Sent from Campinas, SP, Brazil > > -- > > Linux User #387870 > .........____ > .... _/_õ|__| > ..º[ .-.___.-._| . . . . > .__( o)__( o).:_______ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
