I'm hoping those of you more experienced with web2py can give me advice on the best way of using the framework to achieve the effect I'd like.
I have a many to many relationship between two models, such as a student enrolled in many courses, and a course having many students enrolled in it. I also have links and controller methods that will need secured based on those relationships. A student in a course, for example, would be able to see the "My Grades" link but a student who wasn't in the course would not see that link. I see a couple of ways to do that. Traditional: the traditional way would be to create a model to represent the relationship between students and courses. That gives me a place to put extra information about the relationship, which is good. But to secure this, I'm not using web2py's role based auth model, but instead writing my own permission methods that check the new model. Role based: I could instead assign users roles based on the relationships. For example, if a student enrolls in a course that has an id of 25, I could assign the student the role "enrolled_25". The advantage here is that I get to use web2py's auth model for securing links and methods. But users will accumulate roles over time. To list out the courses a student is in would require searching though all their roles. This feels to me like using a hammer to pound in a screw. What techniques have you used with web2py for this sort of situation? Is there a way to tie web2py's auth mechanism to a model representing the relationship?
