I use entity keys as parameters for some things. If allowing someone to know the app-id of your app is a security risk you may need to evaluate your security; besides if you want to use SSL the app-id is "public" knowledge anyway. (Sometimes) I also use the key when I want to allow multiple an entity that may be of different kinds to be requested. The handler can decode the key and validate that it is an acceptable kind very easily. Besides, someone knowing the kind is names 'Issue' should also not pose a major threat, the user facing form is probably already titled 'Issue:' :)
The documentation explains how to get a key's id or name on the Key class page: http://code.google.com/appengine/docs/python/datastore/keyclass.html You can read about how to get an entity's key here: http://code.google.com/appengine/docs/python/datastore/modelclass.html Deciding who is allowed to do an action depends on the structure of your application. For some of my apps on the user who created an entity can edit/delete it. So my test is simple, load the entity and compare the 'user' field to the current user. If they differ then I raise an exception and return. Robert On Tue, Jul 13, 2010 at 10:20 AM, Felippe Bueno <felippe.bu...@gmail.com> wrote: >> datastore_types.Key.from_path(u'Issue', 31L, _app=u'epubpub2') > > How you did it ? > You simply asked for db.Key(mykey)? > Is it possible to get other informations for this entity, from another app-id > ? > > Jeff, I can't find the key's id using datastore view or in documentation. > > The idea is to have 4 commands > /add/application, edit, remove and view. > > the 'view' command will be used to display content to my visitors > (unauthenticated). > > add/edit/remove will verify if that key belongs to that user > > How you guys do something like that ? > I mean, pass an identification parameter to your application, in a safe way ? > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To post to this group, send email to google-appeng...@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appeng...@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
