Re: [web2py] web2py CRUD example
On Friday, January 27, 2012 10:43:53 AM UTC-5, Gian Luca Decurtins wrote: > > Thank you! > > I had to edit models/db.py: > # response.generic_patterns = ['*'] if request.is_local else [] > response.generic_patterns = ['*'] > Note, there's a reason that generic views are enabled only on localhost by default -- they can create a security risk by allowing unintended data to leak. For example, generic.json will display everything returned to the view by the controller, including db fields selected but not intended for display and variables only intended to control view display logic. You should be more precise when enabling generic views in production. For example: response.generic_patterns = ['data.html'] or def data(): response.generic_patterns = ['html'] will only enable generic.html (not the other generic views), and only when the "data" action is called. Anthony
Re: [web2py] web2py CRUD example
Thank you! I had to edit models/db.py: # response.generic_patterns = ['*'] if request.is_local else [] response.generic_patterns = ['*'] Regards -Gian. BTW: In the original post I've replaced the FQDN with localhost. If the application did run on localhost this modification should not be necessary.
Re: [web2py] web2py CRUD example
include response.generic_patterns = ['*'] in your models or in your data controller, so you will be able to use generic views. On Fri, Jan 27, 2012 at 9:01 AM, Gian Luca Decurtins wrote: > Hi all > > I'm trying to use the CRUD-feature of web2py (1.99.4). At the moment I'm > stuck at "invalid view (default/data.html)" while accessing > https://localhost/init/default/data/tables. > So far I've created a simple application "init" and changed the following: > > In controllers/default.py I've disabled required_signature (I did not want > to play around with permissions at this time): > @auth.requires_login() > # @auth.requires_signature() > def data(): return dict(form=crud()) > > In views/default.html I've added a link beneath the message: > {{=A('table',_href=URL('data/tables',user_signature=True))}} > > If I follow this link (after authenticating) I just receive the error > message: > invalid view (default/data.html) > I did expect something like a list of tables. > > Out of the box there seems to be no default/data.html view. > Do I have to write my own data.html view to test the CRUD functionality? > Or did I do something wrong in the setup? > > Regards > -Gian. > -- Bruno Rocha [http://rochacbruno.com.br]