What's the best way to password-protect creating versus updating an item? Right now I have one controller with a requires_login decorator. If there's no args, it's a create form. If an id is passed in as an arg it's an update form. However only the created_by should be allowed to update. Do I need two controllers (ie, index and edit)?
- [web2py] Authorization to create/update an item pbreit
