Do you mean you want to limit which fields will be visible to users
when they register and edit their profile?
You need to use a custom auth_user table and set writable=False for
those fields they cannot edit, and readable=False for those that
should not be visible. For example:
db.define_table('auth_user',
Field('first_name', length=512,default=''),
Field('last_name', length=512,default=''),
Field('username',length=32,default='',
requires=(IS_NOT_EMPTY(),IS_NOT_IN_DB(db,'auth_user.username'))),
Field('email', length=512,default='',
requires=(IS_EMAIL(),IS_NOT_IN_DB(db,'auth_user.email'))),
Field('password', 'password', readable=False,
label='Password',
requires=[CRYPT(auth.settings.hmac_key)]),
Field('is_admin','boolean',default=True,readable=False,writable=False),
Field('registration_key', length=512,writable=False,
readable=False,default=''),
Field('reset_password_key', length=512,writable=False,
readable=False, default='',
label=auth.messages.label_reset_password_key),
)
As you can see is_admin is not readable and writable.
auth.define_tables() # creates all needed
tables
On May 10, 12:39 pm, greenpoise <[email protected]> wrote:
> Whenever I use authentication on its basic form:
>
> 1. Any user can register something I do not want.
> 2. Any user can see all the data
>
> I want to be more specific and have control of the registration
> process as to where I create the users and group they pertain to and
> hence look at their specific data only. Where is this defined? within
> the Authentication/Groups or do I have to add another specifying
> field?? I read the Authentication part of the book but I simply dont
> know how to tackle this problem.
>
> Also while at it, is it a good practice to use the same database for
> different clients?
>
> Thanks
