Thanks everyone for your suggestions. I've finally found the time to get back around to this.
I'm a little reluctant to populate my databases with what are essentially single-use accounts. For this reason, my current solution won't create an account per reviewer. Instead, I've decided go with a mix of the two suggestions by howesc below and create a single reviewer account that the reviewer will get logged into using auth.login_bare (thanks howesc) once they enter the code. The code is then stored in the session. From then on, they can only see the data that is associated with that code. On Thursday, May 31, 2012 5:02:58 PM UTC+2, howesc wrote: > > 2 thoughts: > - generate a username and password to give to the reviewer. that way > they are just logging in. multiple reviewers can use the same "account" > - if you prefer to just give the reviews a code, create an account with > username like "reviewer_for_bob" and password is the code. when they enter > the code, match it with the username and use auth.login_bare() to log them > in, and then you can use the auth mechanisms throughout your site. > > On Wednesday, May 30, 2012 8:59:03 AM UTC-7, Liam wrote: >> >> Just some clarification. In the solution I'm trying to implement, I need >> to make sure that only the person who entered the reviewer code can view >> the data; much like user login but anonymous. Because it is anonymous and >> there is no entry in db.auth_user, I think the decorator >> @auth.requires_login() is now insufficient. However, I believe >> authentication mechanism would be highly similar if not identical. >> >> On Wednesday, May 30, 2012 5:55:06 PM UTC+2, Liam wrote: >>> >>> Hi LightDot, >>> >>> Thanks for the quick reply. >>> >>> The user is able to perform analyses on data that they've uploaded to >>> the site. When they wish to publish an article in a journal based on the >>> analyses, they need to allow reviewers to see the data generated by the >>> analyses along with the initial data the analyses were based upon. The >>> reviewers should be able to view the user's data without having to register >>> at the site. If the article is accepted by the journal, then the user data >>> used and created by their published analyses will become publicly available. >>> >>> The solution I've come up with is to have the user generate a "reviewer >>> code", which is not necessarily encrypted, and provides the journal editor >>> the code along with the manuscript they submit. The reviewers then get this >>> code with the manuscript. In a special section on the site, the reviewers >>> can enter the code and will then be able to browse the necessary data. If >>> the publication is accepted, then the user is able to publish all the data, >>> which is now accessible to the public. I guess at this point it doesn't >>> matter if the reviewer code can still be used. >>> >>> Cheers, >>> Liam >>> >>> On Wednesday, May 30, 2012 3:01:14 PM UTC+2, LightDot wrote: >>>> >>>> So, this would be a one time password that expires? And this data that >>>> the user views is generated on the fly and also discarded later? >>>> >>>> On Wednesday, May 30, 2012 9:09:31 AM UTC+2, Liam wrote: >>>>> >>>>> Dear all, >>>>> >>>>> I'm looking for a way to allow non-users of my application to login >>>>> given a password (generated by a user) so they can view some of the >>>>> user's >>>>> data. Does anyone know if web2py readily supports this? Or perhaps >>>>> someone >>>>> has an idea on how to implement it. >>>>> >>>>> Regards, >>>>> Liam >>>>> >>>>> --
