yes.
On May 27, 12:54 pm, David Marko <[email protected]> wrote: > Well, it was my fault as description I provided was misleading. I just > realised that permissions are being assigned to groups, so it means > that it is assigned not to user id directly but to his group id? Do I > understand it correctly? > > So for example, when having two records in database, one have readers > permission assigned to users(own) group e.g. 'user_1' and second to > group ''ADMINS' which contains the user as well, both rows will be > fetched on rows = > db(accessible_query('read', db.sometable, > user_id)).select(db.mytable.ALL) ? > > David > > 'On 27 kvě, 19:34, mdipierro <[email protected]> wrote: > > > If you really want to give a permission to every group user A is > > member of, you need to look over his/her membership and add the > > permission to that group. > > > The problem is the opposite. If a user is no longer member of a group, > > what happens to the permissions of those objects? That is why people > > do not do it this way. > > > You may want to consider not using auth permissions, only users and > > groups, and check explicitly: > > > user A has read access to obj X if the owner of obj X and user A share > > a group in common. (assuming this what you asked). > > > On May 27, 9:43 am, David Marko <[email protected]> wrote: > > > > In my app I need to maintain information who can read each item in > > > database and will use this criteria when fetching these items. Web2Py > > > built-in system seems to be very, very usefull. But there is one thing > > > that I dont know, how to resolve. The permissions to the items must > > > allow setup readers(read access permission) to both ... individual > > > users and to groups of users. Example from docs mentions > > > accessible_query that can be used as e.g. rows = > > > db(accessible_query('read', db.sometable, > > > user_id)).select(db.mytable.ALL) How to define accessible query for > > > user and all his groups he is member of? To give more specific example > > > item's read permision must allow to be read by several users and > > > 'accounting department' group. How to define accessible_query for > > > such schema? > > > > Thank you for any advice ... > > > David
