No auth takes security by the book. If used everything is restricted
unless permission is granted explicitly.
In your case is would just add a Field
('private','boolean',default=False) and if a user tried to access a
record with private==True thet he/she did not create, block it.
On Jan 17, 4:43 pm, Miguel Lopes <[email protected]> wrote:
> On Sun, Jan 17, 2010 at 4:50 PM, mdipierro <[email protected]> wrote:
> > Yes. Look into auth.accessible_query.
>
> > For example:
>
> > db(auth.accessible_query('read', db.mytable)).select(db.mytable.ALL)
>
> > returns a all records of mytable that current logged in user has
> > access to:
>
> > This does nested select so it is the only auth methods that does not
> > work on GAE.
>
> > Massimo
>
> I don't think auth.accessible_query does what I'm looking for.
> My ideia is to have all users with permission for all records by default ->
> auth does this.
>
> Then users could mark records as private (either personal or group), after
> which only the user, or a member of the same group could access the record.
> So I was looking for a way to exclude those records from the result set
> (without having to mark *all the other records as accessible to all other
> users*. -> I don't think auth does this.
>
> Miguel
--
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en.
