Done - thank you!
2012/8/21 Massimo Di Pierro <[email protected]>
> Now I understand better. Please open an issue for enhancement and link
> this thread. For now you'll have to handle with the suggested logic or
> perhaps:
>
> if *request.controller!='appadmin':*
> * if not session.org: redirect('some_error_page')
> * db.auth_group._common_filter=**lambda query: (db.auth_group.org==
> session.**org <http://session.org/>)
>
> On Tuesday, 21 August 2012 09:12:15 UTC-5, mweissen wrote:
>
>> Maybe I can say it in other words:
>>
>> (1) If I am normal user, I should only see "my" part of the table and I
>> can work with it.
>> This is perfectly assured by
>> db.auth_group._common_filter=**l**ambda query: (db.auth_group.org==
>> session.**or**g <http://session.org/>)
>>
>> (2) If I am the admin and if I use the admin application I want to see
>> all whole tables and of course I want to have the right to edit all tables
>> with common filters, independent of the value of session.org.
>>
>> Or, more simple: an admin (using the admin application) has access to all
>> tables and all fields.
>> ignore_rw does it for the readonly/writonly attribute and the same should
>> be done with ignore_common_filters
>>
>> 2012/8/21 Massimo Di Pierro <[email protected]>
>>
>> I think you want:
>>>
>>> from gluon.fileutils import check_credentials
>>> if not *check_credentials(request):*
>>> * if not session.org: redirect('some_error_page')
>>> * db.auth_group._common_filter=****lambda query: (db.auth_group.org==
>>> session.**or**g <http://session.org/>)
>>>
>>>
>>>
>>> On Tuesday, 21 August 2012 01:04:38 UTC-5, mweissen wrote:
>>>
>>>> This is the new code:
>>>>
>>>> from gluon.fileutils import check_credentials
>>>> db.auth_group._common_filter=**l**ambda query: \
>>>> (db.auth_group.org==session.**or**g <http://session.org>) *or
>>>> check_credentials(request)*
>>>>
>>>> I have tested check_credentials(request): it returns True - good!
>>>> But - sorry! - it did not solve the problem:
>>>>
>>>> - Let's say I have 100 auth_group rows with org==1 and 100
>>>> auth_group rows with org==2
>>>> - The admin application tells me "100 selected", but I can *see all
>>>> 200* rows.
>>>> - I have tried to change one record. I can open this row, change
>>>> any field and submit it.
>>>> - I get the flash "*Done*" But nothing has happened - the old
>>>> values are in the table.
>>>>
>>>> About the message "value not in database": my fault - a wrong
>>>> db.auth_group.org.requires
>>>> somewhere in the model.
>>>>
>>>> 2012/8/21 Massimo Di Pierro <[email protected]>
>>>>
>>>> Apologies
>>>>>
>>>>> check_credentials(request)
>>>>>
>>>>> instead of
>>>>>
>>>>> check_credentials('admin')
>>>>>
>>>>>
>>>>> On Monday, 20 August 2012 14:33:55 UTC-5, mweissen wrote:
>>>>>
>>>>>> A little bit more code:
>>>>>>
>>>>>> db.define_table('org',
>>>>>> Field('orgnr',
>>>>>> Field(shortname',
>>>>>> length=20,
>>>>>> requires=IS_LENGTH(maxsize=20,******minsize=3)),
>>>>>> ...
>>>>>> )
>>>>>>
>>>>>>
>>>>>> auth.settings.extra_fields['**au****th_group']=[
>>>>>> Field('org','reference org',
>>>>>> default=lambda: session.org,
>>>>>> requires=IS_IN_DB(db, 'org.id', '%(shortname)s',
>>>>>> error_message=T('Not allowed')),
>>>>>> ),...
>>>>>>
>>>>>> from gluon.fileutils import check_credentials
>>>>>>
>>>>>> db.auth_group._common_filter=**l****ambda query:
>>>>>> (db.auth_group.org==session.**or****g <http://session.org>) or
>>>>>> check_credentials('admin')
>>>>>>
>>>>>>
>>>>>>
>>>>>> Now I am using the admin interface and I try to change one row of
>>>>>> auth_group. The same result as before (without
>>>>>> check_credentials('admin'))
>>>>>>
>>>>>> - The value of auth_group.org==1.
>>>>>> - The error messae is "value not in database"
>>>>>> - And, of course, there is a record in db.org with db.org.id==1
>>>>>>
>>>>>> To learn more about check_credentials I added:
>>>>>>
>>>>>> if check_credentials('admin'): print 'Admin'
>>>>>>
>>>>>> Only for the test.
>>>>>>
>>>>>> And I get a new error message:
>>>>>>
>>>>>> 127.0.0.1.2012-08-20.21-05-04.******43dc8360-a22d-408d-8889-**00fe62*
>>>>>> ***ef4a38
>>>>>> <type 'exceptions.AttributeError'> 'str' object has no attribute 'env'
>>>>>> Version web2py™ (2, 0, 0, datetime.datetime(2012, 8, 9, 8, 57, 54),
>>>>>> 'dev') Python Python 2.7.2: D:\Python27\python.exe Traceback
>>>>>>
>>>>>>
>>>>>> 1.
>>>>>> 2.
>>>>>> 3.
>>>>>> 4.
>>>>>> 5.
>>>>>> 6.
>>>>>> 7.
>>>>>> 8.
>>>>>> 9.
>>>>>>
>>>>>>
>>>>>> Traceback (most recent call last):
>>>>>> File "D:\...\web2py\gluon\**restricte****d.py", line 205, in restricted
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> exec ccode in environment
>>>>>> File "D:/.../web2py/applications/**se****cure/models/db.py"
>>>>>> <http://127.0.0.1:8000/admin/default/edit/secure/models/db.py>, line
>>>>>> 389, in <module>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> if check_credentials('admin'): print 'Admin'
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> File "D:\...\web2py\gluon\**fileutils****.py", line 328, in
>>>>>> check_credentials
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> if request.env.web2py_runtime_gae******:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> AttributeError: 'str' object has no attribute 'env'
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2012/8/20 Massimo Di Pierro <[email protected]>
>>>>>>
>>>>>> You can do:
>>>>>>>
>>>>>>> db.define_table(...., common_filter = None if not session.org else
>>>>>>> (lambda query:(db.my_table.org==sessio******n.org<http://session.org/>
>>>>>>> )))
>>>>>>>
>>>>>>> you can also use the check:
>>>>>>>
>>>>>>> from gluon.fileutils import check_credentials
>>>>>>> check_credentials('admin') #returns true if you are logged as admin.
>>>>>>>
>>>>>>>
>>>>>>> On Monday, 20 August 2012 12:48:29 UTC-5, mweissen wrote:
>>>>>>>
>>>>>>>> (1) session.org will be set with the login. But I am an
>>>>>>>> administrator: I think I should use the admin application without a
>>>>>>>> login
>>>>>>>> to the application itself.
>>>>>>>>
>>>>>>>> (2) Lets say session.org==1: now it is not possible to change a
>>>>>>>> record with my_table.org==2 using the admin app.
>>>>>>>>
>>>>>>>> (3) Did you mean:
>>>>>>>>
>>>>>>>> common_filter = lambda query:
>>>>>>>> (db.my_table.org==session.org)******** if session.org else True
>>>>>>>>
>>>>>>>>
>>>>>>>> Interesting idea!
>>>>>>>>
>>>>>>>> 2012/8/20 Massimo Di Pierro <[email protected]>
>>>>>>>>
>>>>>>>> How do you set the common filter? Seems to me if session.org is
>>>>>>>>> not set, the common filter should not be set. web2py cannot ignore it
>>>>>>>>> because it does the wrong thing.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Monday, 20 August 2012 11:41:41 UTC-5, mweissen wrote:
>>>>>>>>>>
>>>>>>>>>> I have an application which should be used by some organizations.
>>>>>>>>>> Therefore I have added
>>>>>>>>>>
>>>>>>>>>> Field('org','reference org', default=lambda:session.org),
>>>>>>>>>>
>>>>>>>>>> and
>>>>>>>>>>
>>>>>>>>>> common_filter = lambda query: db.my_table.org==session.org
>>>>>>>>>>
>>>>>>>>>> to my_table. session.org contails the id of the respective
>>>>>>>>>> organization.
>>>>>>>>>> Great feature,works fine! But using the database administration
>>>>>>>>>> of the admin-application the common filter is still active.
>>>>>>>>>> There is an "ignore_rw=True" in the admin application and I
>>>>>>>>>> think I have read somewhere that there is also an "
>>>>>>>>>> ignore_common_filters=True".
>>>>>>>>>>
>>>>>>>>>> If session.org is not set, a "database db select" shows strange
>>>>>>>>>> effects:
>>>>>>>>>>
>>>>>>>>>> - I can see the first 100 rows.
>>>>>>>>>> - But the message is "0 selected"
>>>>>>>>>> - It is not possible to Update a record
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> A simple "ignore_common_filters=True" at the appropriate location
>>>>>>>>>> should solve the problem. I have taken a quick look at the code, but
>>>>>>>>>> I
>>>>>>>>>> think this statement has to be "very inside", therefore I have no
>>>>>>>>>> concrete
>>>>>>>>>> proposal.
>>>>>>>>>>
>>>>>>>>>> Regards, Martin
>>>>>>>>>>
>>>>>>>>>
>>
> --
>
>
--
