Well, it was my fault as description I provided was misleading. I just
realised that permissions are being assigned to groups, so it means
that it is assigned not to user id directly but to his group id? Do I
understand it correctly?
So for example, when having two records in database, one have readers
permission assigned to users(own) group e.g. 'user_1' and second to
group ''ADMINS' which contains the user as well, both rows will be
fetched on rows =
db(accessible_query('read', db.sometable,
user_id)).select(db.mytable.ALL) ?
David
'On 27 kvě, 19:34, mdipierro <[email protected]> wrote:
> If you really want to give a permission to every group user A is
> member of, you need to look over his/her membership and add the
> permission to that group.
>
> The problem is the opposite. If a user is no longer member of a group,
> what happens to the permissions of those objects? That is why people
> do not do it this way.
>
> You may want to consider not using auth permissions, only users and
> groups, and check explicitly:
>
> user A has read access to obj X if the owner of obj X and user A share
> a group in common. (assuming this what you asked).
>
> On May 27, 9:43 am, David Marko <[email protected]> wrote:
>
>
>
> > In my app I need to maintain information who can read each item in
> > database and will use this criteria when fetching these items. Web2Py
> > built-in system seems to be very, very usefull. But there is one thing
> > that I dont know, how to resolve. The permissions to the items must
> > allow setup readers(read access permission) to both ... individual
> > users and to groups of users. Example from docs mentions
> > accessible_query that can be used as e.g. rows =
> > db(accessible_query('read', db.sometable,
> > user_id)).select(db.mytable.ALL) How to define accessible query for
> > user and all his groups he is member of? To give more specific example
> > item's read permision must allow to be read by several users and
> > 'accounting department' group. How to define accessible_query for
> > such schema?
>
> > Thank you for any advice ...
> > David
