Yeah, I saw that, I guess I'm just a bit confused on how to implement it; what I want is for each user to have CRUD permissions on a given table, but only for records they've created themselves. Not sure how to do that with groups. I have it working now with a custom DAL query, so it's not super-critical at this point that I get it working with groups at this point, but it'd be good to know.
On Friday, March 2, 2012 2:52:24 AM UTC-7, Oli wrote: > > look at this: > http://web2py.com/books/default/chapter/29/7?search=Permission > > Am Freitag, 2. März 2012 10:40:58 UTC+1 schrieb Serpent_Guard: > >> Is there a way to limit CRUD and/or SQLFORM.grid objects to only >> operating on a subset of records, so they can be used as managers for >> records based on ownership? As far as I can tell, CRUD works on either a >> whole table level or single record label, nothing in between. SQLFORM.grid >> does this quite well, with its second argument being a database query to >> select its records. This is nice, but the problem is that I can still use >> the form to view or edit other records that don't belong to me >> (/index/view/4 - I can change the '4' to any number I want, and the grid >> brings in the data without complaint). It seems the query is only used >> when displaying the records as a list, after that there's no validation to >> make sure that the record being requested for editing actually matches the >> query passed into the form constructor. > >
