You need to store the preferences in the database, what seems to be
happening is you are setting the disabled actions, but its being lost
on the next request.
So along with your auth_user table you probably need to add a couple
boolean columns to disable these options, this way it is persistant.
But for normal users they can still retrieve_password and
change_password, so you need to check this before you call the auth
form.
def user():
# get the user token here, use request.args to determine URL (ie:
user/reset_password)
# then pull the user from the database using the email/username
if my_user.retrieve_password_disabled:
auth.settings.actions_disabled.append('retrieve_password')
return dict(form=auth())
--
Thadeus
On Fri, Apr 30, 2010 at 1:15 AM, Rohan <[email protected]> wrote:
> Hi All,
>
> I am creating a session for a user logged in from facebook and wants
> to disable certain functions like retrieve_password, change_password
> etc. here is the code for this
>
> if not auth.is_logged_in():
> user_obj = Storage(user_table._filter_fields(user,
> id=True))
> #print 'user is not logged in'
> session.auth = Storage(user=user_obj,
> last_visit=request.now, expiration=auth.settings.expiration)
> auth.user = user_obj
> auth.settings.actions_disabled.append('retrieve_password')
> auth.settings.actions_disabled.append('change_password')
>
> but user is still able to access these functions. As an alternate, I
> was thinking of creating a group for facebook users and disable these
> functions at group level. Is this feasible? Is there any simpler way
> without need to create user groups?
>
> Thanks
>
