Thanks, that should do the trick
On Sun, Jul 29, 2012 at 12:38 AM, Massimo Di Pierro <
[email protected]> wrote:
> URL('rsvp_action',user_signature=True)
>
> +
>
> @auth.requires_signature()
> def rsvp_action(): ....
>
>
>
> On Saturday, 28 July 2012 08:50:30 UTC-5, Alec Taylor wrote:
>>
>> So I've got a simple link dropdown on each of my group-event pages, like
>> so:
>>
>>
>> <https://lh5.googleusercontent.com/-dgm_TWTUcOw/UBPs4ll7nKI/AAAAAAAAAB0/t8wlgPYE5qY/s1600/attend.PNG>
>> I have a table called `rsvp_list` with reference fields: `event_id` and
>> `user_id`, and an `rsvp` field requiring `IS_IN_SET(["Yes", "Maybe",
>> "No"])`.
>>
>> One way I can make the above work is by appending the value for
>> `event_id`, `user_id` and `rsvp` automatically, through global function
>> calls or a specialised controller utilising `request.args`.
>>
>> Unfortunately this means that anyone who has figure out my URL schema can
>> simply enter the ID of someone else into the URL, forging an RSVP.
>>
>> What's a better way of doing this?
>>
>> Thanks for all suggestions,
>>
>> Alec Taylor
>>
> --
>
>
>
>
--
