If you really want to give a permission to every group user A is member of, you need to look over his/her membership and add the permission to that group.
The problem is the opposite. If a user is no longer member of a group, what happens to the permissions of those objects? That is why people do not do it this way. You may want to consider not using auth permissions, only users and groups, and check explicitly: user A has read access to obj X if the owner of obj X and user A share a group in common. (assuming this what you asked). On May 27, 9:43 am, David Marko <[email protected]> wrote: > In my app I need to maintain information who can read each item in > database and will use this criteria when fetching these items. Web2Py > built-in system seems to be very, very usefull. But there is one thing > that I dont know, how to resolve. The permissions to the items must > allow setup readers(read access permission) to both ... individual > users and to groups of users. Example from docs mentions > accessible_query that can be used as e.g. rows = > db(accessible_query('read', db.sometable, > user_id)).select(db.mytable.ALL) How to define accessible query for > user and all his groups he is member of? To give more specific example > item's read permision must allow to be read by several users and > 'accounting department' group. How to define accessible_query for > such schema? > > Thank you for any advice ... > David
