Have you tried linking auth and crud (see
http://web2py.com/book/default/chapter/08#Authorization-and-CRUD) with:
crud.settings.auth = auth
Also, you can check for specific permissions within the controller via
auth.has_permission (see
http://web2py.com/book/default/chapter/08#Authorization). You could use that
to conditionally create the create table and set crud.settings.
update_deletable to True or False.
Anthony
On Saturday, May 7, 2011 7:35:22 AM UTC-4, Marin wrote:
> Hi web2py,
>
> here's my controller:
>
> def index():
> #create
> forms = []
> ### forms = [crud.create(db.category)]
> #update
> parentId = request.vars.cat or "0"
> categories = db(db.category.parent_id == parentId).select()
> for cat in categories:
> forms.append(crud.update(db.category, cat.id))
> return dict(forms=forms)
>
> view:
>
> {{extend 'layout.html'}}
> {{for form in forms:}}
> {{=form}}
> {{pass}}
>
>
> And here is my problem:
> current user has update permission, but not delete permission on
> db.category table.
> However, user can delete entry with "Check to delete" option.
>
> How to give delete option only to users with delete permission?
>
>
>
> Also, if i uncomment "### forms = [crud.create(db.category)]" line, it
> throws "not authorized" if user does not have create permission.
> How to make crud just "ignore" that form and create others (sth like
> partial permissions)?
> I tried using components and load each with ajax, but then i have
> problem with "check to delete" because YesNo form is shown three
> times... weird
>
> This is my first day with crud and I'm about to go back doing things
> manually, without crud.
