I had syntax error :
@auth.requires_login()
def chmembership():
try:
if db(db.auth_group_allowed.user_id==auth.user.id)\
.select(db.auth_group_allowed.user_id,distinct=True).first().user_id==
auth.user.id:
if auth.has_membership(auth.id_group('technician'))\
or auth.has_membership(auth.id_group('coordinator'))\
or auth.has_membership(auth.id_group('admin')):
active_gr=db((db.auth_group_allowed.user_id==auth.user.id)\
& (db.auth_group_allowed.active_gr=='TRUE')
)\
.select(db.auth_group_allowed.group_id).first().group_id
membershipID=db((db.auth_membership.group_id==active_gr)\
& (db.auth_membership.user_id==auth.user.id)
)\
.select(db.auth_membership.id).first().id
rows=db(db.auth_group_allowed.user_id==auth.user.id
).select(db.auth_group_allowed.group_id)
groupSet={}
for row in rows:
authgrouprole=db(db.auth_group.id
==row.group_id).select(db.auth_group.role).first().role
groupSet[row.group_id]=authgrouprole
db.auth_membership.group_id.requires=IS_IN_SET(groupSet)
db.auth_membership.user_id.readable=\
db.auth_membership.user_id.writable=False
chmbshp =
crud.update(db.auth_membership,membershipID,deletable=False)
new_gr=db(db.auth_membership.id
==membershipID).select(db.auth_membership.group_id).first().group_id
db(db.auth_group_allowed.user_id==auth.user.id\
and
db.auth_group_allowed.active_gr=='TRUE').update(active_gr='FALSE')
db(db.auth_group_allowed.user_id==auth.user.id\
and
db.auth_group_allowed.group_id==new_gr).update(active_gr='TRUE')
return dict(chmbshp=chmbshp, active_gr=active_gr,
membershipID=membershipID, groupSet=groupSet)
except AttributeError:
pass
There is a major threat with that design... The the permission to the
auth_membership table has to be open to any user...
The only other solution I can see for now is to triggering the change on the
active_gr field of the added table auth_group_allowed...
Richard
On Wed, Sep 22, 2010 at 3:08 PM, Richard Vézina <[email protected]
> wrote:
> Forgot to "writable=False" :
>
> db.auth_membership.user_id.represent=\
> lambda value: "%(first_name)s %(last_name)s (%(id)s)"
> %db.auth_user[value]
> db.auth_membership.group_id.represent=\
> lambda value: "%(role)s (%(id)s)" %db.auth_group[value]
>
> db.define_table('auth_group_allowed',
> Field('id','id'),
> Field('user_id','db.auth_user'),
> Field('group_id','db.auth_group'),
> Field('active_gr','boolean'),
> migrate=False,
> sequence_name='auth_group_allowed_id_seq')
>
> db.auth_group_allowed.user_id.requires=IS_IN_DB(db,'auth_user.id','%(first_name)s
> %(last_name)s (%(id)s)')
> db.auth_group_allowed.group_id.requires=IS_IN_DB(db,'auth_group.id','%(role)s
> (%(id)s)')
>
> @auth.requires_login()
> def chmembership():
> try:
> if db(db.auth_group_allowed.user_id==auth.user.id)\
>
> .select(db.auth_group_allowed.user_id,distinct=True).first().user_id==
> auth.user.id:
> if auth.has_membership(auth.id_group('technician')) or
> auth.has_membership(auth.id_group('coordinator')) or
> auth.has_membership(auth.id_group('admin')):
> active_gr=db(db.auth_group_allowed.user_id==auth.user.id\
> and
> db.auth_group_allowed.active_gr=='TRUE')\
>
> .select(db.auth_group_allowed.group_id).first().group_id
> membershipID=db(db.auth_membership.group_id==active_gr\
> and db.auth_membership.user_id==
> auth.user.id)\
> .select(db.auth_membership.id).first().id
> rows=db(db.auth_group_allowed.user_id==auth.user.id
> ).select(db.auth_group_allowed.group_id)
> groupSet={}
> for row in rows:
> authgrouprole=db(db.auth_group.id
> ==row.group_id).select(db.auth_group.role).first().role
> groupSet[row.group_id]=authgrouprole
> db.auth_membership.group_id.requires=IS_IN_SET(groupSet)
> db.auth_membership.user_id.writable=False
> form = crud.update(db.auth_membership,membershipID)
> new_gr=db(db.auth_membership.id
> ==membershipID).select(db.auth_membership.group_id).first().group_id
> db(db.auth_group_allowed.user_id==auth.user.id\
> and
> db.auth_group_allowed.active_gr=='TRUE').update(active_gr='FALSE')
> db(db.auth_group_allowed.user_id==auth.user.id\
> and
> db.auth_group_allowed.group_id==new_gr).update(active_gr='TRUE')
> return dict(form=form, active_gr=active_gr,
> membershipID=membershipID, groupSet=groupSet)
> except AttributeError:
> redirect(URL(request.application,'accueil','index'))
> session.flash = T('invalid request')
>
> Thanks.
>
> Richard
>
> On Wed, Sep 22, 2010 at 2:53 PM, mdipierro <[email protected]>wrote:
>
>> will look asap. Thank you.
>>
>> On Sep 22, 11:49 am, Richard Vézina <[email protected]>
>> wrote:
>> > Here an improved version of the controller that takes care if user has
>> > membership to differents groups. The "try" is to check if the user has a
>> set
>> > of group allowed... It could be better in the future to make a function
>> > "has_group_allowed".
>> >
>> > You need to add this model :
>> >
>> > db.define_table('auth_group_allowed',
>> > Field('id','id'),
>> > Field('user_id','db.auth_user'),
>> > Field('group_id','db.auth_group'),
>> > Field('active_gr','boolean'),
>> > migrate=False,
>> > sequence_name='auth_group_allowed_id_seq')
>> >
>> > db.auth_group_allowed.user_id.requires=IS_IN_DB(db,'auth_user.id
>> ','%(first_name)s
>> > %(last_name)s (%(id)s)')
>> > db.auth_group_allowed.group_id.requires=IS_IN_DB(db,'auth_group.id
>> ','%(role)s
>> > (%(id)s)')
>> >
>> > Then configure your RBAC correctly... Add to user you want the
>> permission to
>> > change his role by adding the set of allowed roles he is allowed. Then
>> > specify wich role he is already in or the function chmembership will fix
>> it
>> > automatically anyway at first execution.
>> >
>> > Here the function :
>> >
>> > @auth.requires_login()
>> > def chmembership():
>> > try:
>> > if db(db.auth_group_allowed.user_id==auth.user.id)\
>> >
>> > .select(db.auth_group_allowed.user_id,distinct=True).first().user_id==
>> > auth.user.id:
>> > if auth.has_membership(auth.id_group('technician')) or
>> > auth.has_membership(auth.id_group('coordinator')) or
>> > auth.has_membership(auth.id_group('admin')):
>> > active_gr=db(db.auth_group_allowed.user_id==
>> auth.user.id\
>> > and
>> > db.auth_group_allowed.active_gr=='TRUE')\
>> >
>> > .select(db.auth_group_allowed.group_id).first().group_id
>> > membershipID=db(db.auth_membership.group_id==active_gr\
>> > and db.auth_membership.user_id==
>> auth.user.id
>> > )\
>> > .select(db.auth_membership.id
>> ).first().id
>> > rows=db(db.auth_group_allowed.user_id==auth.user.id
>> > ).select(db.auth_group_allowed.group_id)
>> > groupSet={}
>> > for row in rows:
>> > authgrouprole=db(db.auth_group.id
>> > ==row.group_id).select(db.auth_group.role).first().role
>> > groupSet[row.group_id]=authgrouprole
>> > db.auth_membership.group_id.requires=IS_IN_SET(groupSet)
>> > form = crud.update(db.auth_membership,membershipID)
>> > new_gr=db(db.auth_membership.id
>> > ==membershipID).select(db.auth_membership.group_id).first().group_id
>> > db(db.auth_group_allowed.user_id==auth.user.id\
>> > and
>> > db.auth_group_allowed.active_gr=='TRUE').update(active_gr='FALSE')
>> > db(db.auth_group_allowed.user_id==auth.user.id\
>> > and
>> > db.auth_group_allowed.group_id==new_gr).update(active_gr='TRUE')
>> > return dict(form=form, active_gr=active_gr,
>> > membershipID=membershipID, groupSet=groupSet)
>> > except AttributeError:
>> > redirect(URL(request.application,'default','index'))
>> > session.flash = T('invalid request')
>> >
>> > It is not correctly tested so there is no garranty ;-)
>> >
>> > I appreciate feed back!
>> >
>> > Regards
>> >
>> > Richard
>> >
>> > On Tue, Sep 21, 2010 at 7:09 PM, Richard Vézina <
>> [email protected]
>> >
>> > > wrote:
>> > > Hello Massimo,
>> >
>> > > Here what I found as a temporarily solution :
>> >
>> > > I made a auth_group_allowed that is a m2m relation between auth_user
>> and
>> > > auth_group. So, we can attribute each user a set of groups in which he
>> is
>> > > allowed to change with.
>> >
>> > > Then this controller can let the user pick the group he want :
>> >
>> > > @auth.requires_login()
>> > > def chmembership():
>> > > j=db(db.auth_membership.user_id==auth.user.id).select(
>> > > db.auth_membership.id).first().id
>> > > rows=db(db.auth_group_allowed.user_id==auth.user.id
>> > > ).select(db.auth_group_allowed.group_id)
>> > > groupSet={}
>> > > for row in rows:
>> > > authgrouprole=db(db.auth_group.id
>> > > ==row.group_id).select(db.auth_group.role).first().role
>> > > groupSet[row.group_id]=authgrouprole
>> > > db.auth_membership.group_id.requires=IS_IN_SET(groupSet)
>> > > form = crud.update(db.auth_membership,j)
>> >
>> > > return dict(form=form, j=j, groupSet=groupSet)
>> >
>> > > It's just the beginning since I can't handle the case were a user is
>> > > involve in more then one group for now.
>> >
>> > > Please comment?
>> >
>> > > Regards
>> >
>> > > Richard
>> >
>> > > On Fri, Sep 17, 2010 at 9:56 AM, mdipierro <[email protected]
>> >wrote:
>> >
>> > >> no and it is very much needed. Any takers?
>> >
>> > >> On Sep 17, 8:50 am, Richard Vézina <[email protected]>
>> > >> wrote:
>> > >> > Hello,
>> >
>> > >> > I need to let some of my user changing of membership into a plage
>> of
>> > >> > existing members number. Is there mechanism already existing in
>> web2py
>> > >> or do
>> > >> > I have to program it from scratch?
>> >
>> > >> > Thanks
>> >
>> > >> > Richard
>> >
>> >
>>
>
>
