[web2py] Re: _before_delete callback function to update the other table

[Niphlod]

please. we can't continue to feed you the exact bugfix for your own 
application. start with a small model, print what is passed back and 
adjust accordingly. Then extend to the "more complex" model and see what is 
the addition breaking. There are no limitations whatsoever 

Il giorno lunedì 16 settembre 2013 01:36:17 UTC+2, 黄祥 ha scritto:
>
> yeah, you are right, your solution is work, i've tested it with the new 
> app, with the simple tables (only 2) and it work well, thank you so much, 
> but in my application that more complex it doesn't work.
> i've already commenting my code that maybe affect the table in the model 
> (something like, label, required, represent, writable i commenting all) and 
> just use requires and default (for insert date), the result is same still 
> not work.
> even test the simple after update that refer to it's own table is not 
> work. e.g.
>
> def __onvalidation_purchase_order(s, f):
> purchase_order = s.select().first()
> purchase_order.status = 'Purchase Order Authorized'
>
> db.purchase_order_header._after_update.append(lambda s,f: 
> __onvalidation_purchase_order(s, f))
>
> btw, is there any exception, limitation for using _before and _after 
> callback in the database?
> any idea what is the root cause for this problem?
>
> p.s.
> tested update and delete from database administration and smartgrid (using 
> delete button and tick mark field in edit). all return the same result.
>
> thanks and best regards,
> stifan
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Security question regarding session

[weheh]

How secure is session? I'm considering 2 methods for downloading a file: 
The first is via an A('Download', _href=URL('download', 'file', 
args=[file_id])). The second would be to have session.file_id = file_id and 
then have only A('Download', _href=URL('download', 'file')), which causes 
the app to get the file_id from session.

Assuming my app is bullet proof and only allows permitted users to access 
their accessible file_ids, then wouldn't the use of session in the second 
case be more secure because the file_id is never publicly exposed, and 
thereby hackable?

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Subclassing models?

[BigBaaadBob]

Yes,* *I didn't read far enough into the documentation.  Ooopsies!

On Sunday, September 15, 2013 6:33:18 PM UTC-7, Massimo Di Pierro wrote:
>
> Do you mean?
>
> db.define_table('Certificate',db.Pilot,...)
>
>
> On Sunday, 15 September 2013 20:25:38 UTC-5, BigBaaadBob wrote:
>>
>> Suppose I have a "Person" table with all the typical stuff:
>>
>> db.define_table('Person',
>> Field('FirstName','string', length=40, notnull=True),
>> Field('MiddleName','string', length=40),
>> Field('LastName','string', length=40, notnull=True),
>> Field('Nickname','string', length=40),
>> Field('DateOfBirth','date', notnull=True),
>> Field('EmployeeId','string', length=10, unique=True,required
>> =True, notnull=True),
>> format=lambda r: Fullname(r.FirstName, r.MiddleName, r.
>> Nickname, r.LastName)
>> )
>>
>>
>> And suppose I have various special kinds of people, for exampe pilots, 
>> who have things that normal people don't have, like certificates or whatnot.
>>
>> db.define_table('Pilot',
>> Field('PersonId', db.Person),
>> )
>>
>> db.define_table('Certificate',
>> Field('PilotId', db.Pilot),
>> Field('TypeId', db.CertificateType),
>> Field('Expires','date'),
>> Field('CertificateLimitations','string', length=100),
>> )
>>
>>
>> What's the proper way to do this kind of thing in the DAL?
>>
>> For example:
>>
>>
>>1. The Pilot format should be the same as the Person format, and I'd 
>>like to do that without duplicating lots of tricky lambda stuff. (BTW, 
>>Virtual fields seem worthless for use in "format"!)
>>2. Accessing a Pilot's Person attributes should be as easy as 
>>accessing the Pilot's Attributes.
>>3. Requires (not shown above) should work for Pilots the same way as 
>>they work for Persons.
>>4. Etc.
>>
>> Have I strolled way off the beaten path into the muddy weeds?
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Suggestion: Add IS_LOWER() to auth_user.email.requires list

[Massimo Di Pierro]

You can do:

auth.settings.email_case_sensitive = False

This is not the default because, by the book, the username page of emails 
is case sensitive 
(http://stackoverflow.com/questions/9807909/are-email-addresses-case-sensitive)

Massimo


On Sunday, 15 September 2013 20:35:48 UTC-5, Ray (a.k.a. Iceberg) wrote:
>
> Hi there,
>
> I just add IS_LOWER() to the beginning of auth_user.email.requires list, 
> this way all input email address even with UPPERCASE will be stored as 
> lower case in db. I think this should be the default behavior, so I write 
> this suggestion.
>
> Regards,
> Ray
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Suggestion: Add IS_LOWER() to auth_user.email.requires list

[Ray (a.k.a. Iceberg)]

Hi there,

I just add IS_LOWER() to the beginning of auth_user.email.requires list, 
this way all input email address even with UPPERCASE will be stored as 
lower case in db. I think this should be the default behavior, so I write 
this suggestion.

Regards,
Ray

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Subclassing models?

[Massimo Di Pierro]

Do you mean?

db.define_table('Certificate',db.Pilot,...)


On Sunday, 15 September 2013 20:25:38 UTC-5, BigBaaadBob wrote:
>
> Suppose I have a "Person" table with all the typical stuff:
>
> db.define_table('Person',
> Field('FirstName','string', length=40, notnull=True),
> Field('MiddleName','string', length=40),
> Field('LastName','string', length=40, notnull=True),
> Field('Nickname','string', length=40),
> Field('DateOfBirth','date', notnull=True),
> Field('EmployeeId','string', length=10, unique=True,required
> =True, notnull=True),
> format=lambda r: Fullname(r.FirstName, r.MiddleName, r.
> Nickname, r.LastName)
> )
>
>
> And suppose I have various special kinds of people, for exampe pilots, who 
> have things that normal people don't have, like certificates or whatnot.
>
> db.define_table('Pilot',
> Field('PersonId', db.Person),
> )
>
> db.define_table('Certificate',
> Field('PilotId', db.Pilot),
> Field('TypeId', db.CertificateType),
> Field('Expires','date'),
> Field('CertificateLimitations','string', length=100),
> )
>
>
> What's the proper way to do this kind of thing in the DAL?
>
> For example:
>
>
>1. The Pilot format should be the same as the Person format, and I'd 
>like to do that without duplicating lots of tricky lambda stuff. (BTW, 
>Virtual fields seem worthless for use in "format"!)
>2. Accessing a Pilot's Person attributes should be as easy as 
>accessing the Pilot's Attributes.
>3. Requires (not shown above) should work for Pilots the same way as 
>they work for Persons.
>4. Etc.
>
> Have I strolled way off the beaten path into the muddy weeds?
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Subclassing models?

[BigBaaadBob]

Suppose I have a "Person" table with all the typical stuff:

db.define_table('Person',
Field('FirstName','string', length=40, notnull=True),
Field('MiddleName','string', length=40),
Field('LastName','string', length=40, notnull=True),
Field('Nickname','string', length=40),
Field('DateOfBirth','date', notnull=True),
Field('EmployeeId','string', length=10, unique=True,required
=True, notnull=True),
format=lambda r: Fullname(r.FirstName, r.MiddleName, r.
Nickname, r.LastName)
)


And suppose I have various special kinds of people, for exampe pilots, who 
have things that normal people don't have, like certificates or whatnot.

db.define_table('Pilot',
Field('PersonId', db.Person),
)

db.define_table('Certificate',
Field('PilotId', db.Pilot),
Field('TypeId', db.CertificateType),
Field('Expires','date'),
Field('CertificateLimitations','string', length=100),
)


What's the proper way to do this kind of thing in the DAL?

For example:


   1. The Pilot format should be the same as the Person format, and I'd 
   like to do that without duplicating lots of tricky lambda stuff. (BTW, 
   Virtual fields seem worthless for use in "format"!)
   2. Accessing a Pilot's Person attributes should be as easy as accessing 
   the Pilot's Attributes.
   3. Requires (not shown above) should work for Pilots the same way as 
   they work for Persons.
   4. Etc.

Have I strolled way off the beaten path into the muddy weeds?

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Hooking up Validation to Client-Created Form Elements

[Shawn Wheatley]

Answering my own question, I tried creating a matching SELECT, INPUT, etc. 
for my FORM object, and that did automatically hook up the server side 
validation. The code behind all this is pretty unwieldy. Is there some sort 
of best practice for creating form elements on the client in web2py?

-Shawn

On Saturday, September 14, 2013 9:33:44 PM UTC-4, Shawn Wheatley wrote:
>
> I'm working on an app with a master/detail-style view with a number of 
> detail lines that can be increased on the client. Right now, I'm using 
> jQuery to clone the table row of controls above and renaming the form 
> elements (named following a pattern of "item___001", "item___002", etc.) 
>  This works great, except now I need to hook up validation to my form as 
> well. If the elements are added server side (for example, on my edit/update 
> action when I read from the DB, I create a row of form elements for every 
> item returned) this all works fine. But my client side clone is not 
> properly hooking up the elements for server side validation when I submit.
>
> I think I read in another thread that the post variables (or rather, the 
> names of the form elements) must match those of a form helper object on the 
> server. So, if I have added a  with the name "item___003", I would 
> need to have a SELECT() with the same name on the server side. My question 
> is, what's the correct way to create this object? Do I add it anywhere on 
> the FORM() and just make it hidden? If the validation fails, I don't want 
> to end up somehow with my client and server representations of this form 
> element out of sync somehow.
>
> -Shawn
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: simple button in grid question

[Alex Glaros]

What is syntax for TWO or more  buttons? I've tried several variations. 
Would it be two "dict" phrases, or two header phrases separated by commas? 

One button will call one function, and the other would call a different 
function.

thanks,

Alex

On Saturday, September 14, 2013 6:56:24 PM UTC-7, Alex Glaros wrote:
>
> Works perfect Adi and Villas,
>
> much appreciated.
>
> Here's the complete code:
>
> def view_all_suggestions_and_comments(): 
> query = (db.IdeaComment.ideaID==db.Idea.id) & 
> (db.IdeaComment.partyID==db.Party.id) 
>grid = SQLFORM.grid(query, ,links = [dict(header='Virtual Field', 
>  body=lambda row: A('Add a comment!',_class="btn btn-mini", 
> _href=URL('comment_on_a_suggestion', vars=dict(filter=row.Idea.id])
> return dict(grid = grid)   
>
> Alex
>
>
> On Saturday, September 14, 2013 6:01:33 PM UTC-7, Adi wrote:
>>
>> lambda row: A('Complete',
>> _class='btn', _id='btn_complete',
>> _onclick='return confirm("Complete 
>> Order %s? (%s %s)")' % (row.id, 
>>   
>>  row.shipFirstName, 
>>   
>>  row.shipLastName), 
>> _href=URL(r=request,f=
>> 'complete_order',args=[row.id]),
>>
>>
>>
>>
>> On Saturday, September 14, 2013 7:41:24 PM UTC-4, Alex Glaros wrote:
>>>
>>> it works correctly Villas, thanks.
>>>
>>> how could I turn "Add a comment!" text into a button.  Possible syntax 
>>> ",_class="btn btn-mini"", but where does it go?
>>>
>>> thanks,
>>>
>>> Alex
>>>
>>> On Saturday, September 14, 2013 10:23:00 AM UTC-7, villas wrote:

 Maybe this would work using row.idea.id like this...

 grid = SQLFORM.grid(query,
 links = [dict(header='Virtual Field',
 body=lambda row: A('Add a comment!', _href=URL(
 'comment_on_a_suggestion', vars=dict(filter=row.idea.id
 )))
 )]
 )


 You can also now include "virtual fields" in grids,  but I haven't 
 needed to try that yet.



 On Saturday, 14 September 2013 15:23:49 UTC+1, Alex Glaros wrote:
>
> thanks Villas but I receive this error: Row' object has no attribute 
> 'id'
>
> perhaps it doesn't know which of the joined "id"s to reference
>
> this work-around works because it let's system know which id it is:   
>   db.Idea.id.represent = lambda id, r: A('Add a comment!', 
> _href=URL('comment_on_a_suggestion', vars=dict(filter=id)))
>
> Alex
>
> On Saturday, September 14, 2013 4:56:33 AM UTC-7, villas wrote:
>>
>> Try this...
>>
>> grid = SQLFORM.grid(query,
>>  links = [dict(header='Virtual Field',
>>body=lambda row: 
>> A('Add a comment!', _href=URL('comment_on_a_suggestion', 
>> vars=dict(filter=
>> row.id)))
>> )]
>> )
>>
>>
>> On Friday, 13 September 2013 21:57:28 UTC+1, Alex Glaros wrote:
>>>
>>> I tried this but got "lambda requires 2 args, 1 given" error, plus 
>>> need to be able to pass Idea.id parm to the button.  How to do that?
>>>
>>> grid = SQLFORM.grid(query,links = [dict(header='Virtual 
>>> Field',body=lambda id, r: A('Add a comment!', 
>>> _href=URL('comment_on_a_suggestion', vars=dict(filter=id])
>>>
>>> On Friday, September 13, 2013 1:33:35 PM UTC-7, villas wrote:

 Hope this helps...

 From the book:

 links is used to display new columns which can be links to other 
 pages. The links argument must be a list of 
 dict(header='name',body=lambda 
 row: A(...)) where header is the header of the new column and bodyis a 
 function that takes a row and returns a value. In the example, the 
 value is a A(...) helper.

 Example:

 linkbtns = [
  lambda row: SPAN('Mag',_class="label 
 label-success") \
   if row.status =='Y' else '',
  lambda row: SPAN('Web',_class="label 
 label-success") \
   if row.is_active else '',
  lambda row: A( I('',_class="icon-eye-open")+' 
 View',
 _href=URL("view",args=[row.id
 ]),
 _class="btn btn-small"
   ),
  lambda row: A( I('',_class="icon-edit")+' Edit',
 _href=URL(

[web2py] Re: web2py 2.6.3 is OUT (security update)

[黄祥]

great, very responsive. thank you so much

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: _before_delete callback function to update the other table

[黄祥]

yeah, you are right, your solution is work, i've tested it with the new 
app, with the simple tables (only 2) and it work well, thank you so much, 
but in my application that more complex it doesn't work.
i've already commenting my code that maybe affect the table in the model 
(something like, label, required, represent, writable i commenting all) and 
just use requires and default (for insert date), the result is same still 
not work.
even test the simple after update that refer to it's own table is not work. 
e.g.

def __onvalidation_purchase_order(s, f):
purchase_order = s.select().first()
purchase_order.status = 'Purchase Order Authorized'

db.purchase_order_header._after_update.append(lambda s,f: 
__onvalidation_purchase_order(s, f))

btw, is there any exception, limitation for using _before and _after 
callback in the database?
any idea what is the root cause for this problem?

p.s.
tested update and delete from database administration and smartgrid (using 
delete button and tick mark field in edit). all return the same result.

thanks and best regards,
stifan

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] syntax for deletion confirm in grid

[Alex Glaros]

Could somebody please type in syntax for displaying *"Are you sure?  All 
comments  on your suggestion will also be deleted." if user chooses to 
delete their record?"*

w2p displays the standard 3 buttons for user-created record: view, edit, 
delete. What is confirmation syntax when user chooses delete?

@auth.requires_login()
def view_suggestions(): 
is_owner = (lambda row: row.created_by == auth.user_id) if auth.user 
else False  
grid = SQLFORM.grid(db.Idea,editable=is_owner, deletable=is_owner, 
user_signature=True,fields=[db.Idea.id,db.Idea.ideaShortSummary,db.Idea.created_by,],
 
headers={ 'Idea.ideaShortSummary':'Description'}, maxtextlengths={ 
'Idea.ideaShortSummary':140},links = [dict(header='Post comment', 
body=lambda row: A('Post comment',_class="btn btn-mini", 
_href=URL('comment_on_a_suggestion', vars=dict(filter=row.id]),  
return dict(grid = grid)  

thanks,

Alex Glaros




-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: web2py 2.6.3 is OUT (security update)

[samuel bonill]

+1

El domingo, 15 de septiembre de 2013 12:13:21 UTC-5, Massimo Di Pierro 
escribió:
>
> This is very similar to 2.6.1 but fixes some problem with a missing admin 
> file (also fixed in 2.6.2) and a potential DoS security issue.
>
> The issue was first discovered in Django 
> https://www.djangoproject.com/weblog/2013/sep/15/security/ 
> We thank them for discovering and reporting it.
>
> In web2py 2.5.x and earlier we suffer from the same problem. This is 
> because while the default password validator checks for length, the check 
> is performed after hashing, before inserting the hashed password in 
> database. In 2.6.1/2 we have a different implementation of the hashing 
> algorithm and we do not know how severe the problem is.
>
> In any case 2.6.3 fixes the problem by truncating the password to 1024 
> chars when passed to the CRYPT validator.
>
> You should upgrade.
>
> Massimo
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Django vulnerability and web2py

[samuel bonill]

thanks massimo...

El domingo, 15 de septiembre de 2013 08:32:12 UTC-5, Massimo Di Pierro 
escribió:
>
> A serious DoS vulnerability was found in reported in Django today:
>
> https://www.djangoproject.com/weblog/2013/sep/15/security/
>
> We use the same default hashing algorithm for password, PBKDF2, so some 
> of you may worry about the same vulnerability affecting web2py. Well NO! We 
> are safe, This is because web2py always validates (and always did) the 
> length of the password strings and it is capped to 256 bytes. 
>
> https://github.com/web2py/web2py/blob/master/gluon/dal.py#L6892
>
> This is also the time to point our that web2py (since 2.6.x) uses its own 
> implementation of PBKDF2, written by Michele Comitini which is 10x faster 
> than the original version used by Flask and Django.
>
> Given this vulnerability (in Django) probably we will modify our library 
> so that, if used outside of web2py, there is a max password length enforced 
> by the library itself. You may see this patch in the near future. Again 
> this does not affect us but may affect others in case they choose to use it.
>
> Massimo
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: upgrading from 2.6 to 2.61 issue.

[Avi A]

Thanks, that solved the problem.

On Sunday, September 15, 2013 2:58:14 AM UTC+3, Peter Etchells wrote:
>
> I had the same problem. the error in admin/errors showed that 
> gluon/tools.py had not been updated. 
> replaced my tools.py with the one in 
> https://raw.github.com/web2py/web2py/master/gluon/tools.py 
> & things are better.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Active/Ldap directory and Group restrictions access

[Luca Guerrieri]

Hi people,
i'm developing an application with web2py (very awesome project) and I'm 
able to bind it with an AD server (also with a Samba as AD) 
I'm able to restrict the login chain to the ldap users but I'm not able to 
define then to restrict, e.g.. for a page, the access to a particular group 
defined into the ldap tree ... 

so, if i've ou=MyOU and inside 2 groups Group1 and Group2and I've 2 pages 
PageGroup1 and PageGroup2 in which way I can auth the access 
for every group to its respective page ? 

Thank you in advance 

Luca


-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: web2py 2.6.3 is OUT (security update)

[Raul Monares]

Thanks Massimo

On Sunday, September 15, 2013 11:13:21 AM UTC-6, Massimo Di Pierro wrote:
>
> This is very similar to 2.6.1 but fixes some problem with a missing admin 
> file (also fixed in 2.6.2) and a potential DoS security issue.
>
> The issue was first discovered in Django 
> https://www.djangoproject.com/weblog/2013/sep/15/security/ 
> We thank them for discovering and reporting it.
>
> In web2py 2.5.x and earlier we suffer from the same problem. This is 
> because while the default password validator checks for length, the check 
> is performed after hashing, before inserting the hashed password in 
> database. In 2.6.1/2 we have a different implementation of the hashing 
> algorithm and we do not know how severe the problem is.
>
> In any case 2.6.3 fixes the problem by truncating the password to 1024 
> chars when passed to the CRYPT validator.
>
> You should upgrade.
>
> Massimo
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] web2py 2.6.3 is OUT (security update)

[Massimo Di Pierro]

This is very similar to 2.6.1 but fixes some problem with a missing admin 
file (also fixed in 2.6.2) and a potential DoS security issue.

The issue was first discovered in 
Django https://www.djangoproject.com/weblog/2013/sep/15/security/ 
We thank them for discovering and reporting it.

In web2py 2.5.x and earlier we suffer from the same problem. This is 
because while the default password validator checks for length, the check 
is performed after hashing, before inserting the hashed password in 
database. In 2.6.1/2 we have a different implementation of the hashing 
algorithm and we do not know how severe the problem is.

In any case 2.6.3 fixes the problem by truncating the password to 1024 
chars when passed to the CRYPT validator.

You should upgrade.

Massimo

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: Jessica McKellar talking about windows and the future of Python

[Samuel Marks]

Everything I use seems to be cross platform anyway…

virtualenv, pip, web2py, Bottle, Flask, PyCharm, Eclipse, nano, curl,
Firefox, Chrome, Opera

The only real learning curve was getting Visual Studio setup properly to
compile Python packages containing C extensions.


Samuel Marks
http://linkedin.com/in/samuelmarks


On Sun, Sep 15, 2013 at 8:11 PM, LightDot  wrote:

> The metric from the presentation shows python is gaining popularity quite
> nicely. Great!
>
> Let me just remind those of you who are using Windows as a development
> workstation - there is a great open source project: Python Tools (Apache
> License 2.0) which gives you a completely free Python environment in Visual
> Studio (yes, the Visual Studio + Python Tools combination is free to
> install & use), with working debugger etc.
>
> There is a great blog post describing everything you need to know to
> install it and begin using it:
>
>
> http://www.hanselman.com/blog/OneOfMicrosoftsBestKeptSecretsPythonToolsForVisualStudioPTVS.aspx
>
> I'm not a proponent of MS products for various ideological reasons, but
> this IDE combination looks really nice... I'm not going to start using
> Windows to use it, though. :) But if you already have to...
>
> Regards
>
>
> On Thursday, September 12, 2013 9:00:39 AM UTC+2, rochacbruno wrote:
>>
>> Hi,
>>
>> I found this talk interesting http://www.**youtube.com/watch?v=d1a4Jbjc-*
>> *vU&feature=share
>>
>> Jessica McKeller talks about how "windows OS" is important to the future
>> of Python, and how it is complicated to use Python on windows nowadays.
>>
>> And I think that *web2py is the only framework that does a good job
>> working on windows*, any other framework has too many problems to run on
>> windows.
>>
>> So web2py is helping to build the future of Python!
>>
>>
>> --
>>
>> *Bruno Rocha - @rochacbruno*
>> http://github.com/rochacbruno
>> http://rochacbruno.com.br
>> http://pythonhub.com
>>
>  --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Django vulnerability and web2py

[Massimo Di Pierro]

I was wrong. The IS_LENGTH is default but overwritten by Auth. I am not 
sure we have the vulnerability of not since we use a different 
implementation of PBKDF2.

I have released 2.6.3 to address the issue.

Massimo

On Sunday, 15 September 2013 08:32:12 UTC-5, Massimo Di Pierro wrote:
>
> A serious DoS vulnerability was found in reported in Django today:
>
> https://www.djangoproject.com/weblog/2013/sep/15/security/
>
> We use the same default hashing algorithm for password, PBKDF2, so some 
> of you may worry about the same vulnerability affecting web2py. Well NO! We 
> are safe, This is because web2py always validates (and always did) the 
> length of the password strings and it is capped to 256 bytes. 
>
> https://github.com/web2py/web2py/blob/master/gluon/dal.py#L6892
>
> This is also the time to point our that web2py (since 2.6.x) uses its own 
> implementation of PBKDF2, written by Michele Comitini which is 10x faster 
> than the original version used by Flask and Django.
>
> Given this vulnerability (in Django) probably we will modify our library 
> so that, if used outside of web2py, there is a max password length enforced 
> by the library itself. You may see this patch in the near future. Again 
> this does not affect us but may affect others in case they choose to use it.
>
> Massimo
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Where does Web2py save project files OS X?

[Massimo Di Pierro]

Go over web2py.app and right click [Show Package Contents] you will find 
Contents/Resources/applications/


On Sunday, 15 September 2013 09:25:04 UTC-5, Ben Martinek wrote:
>
>  I am pulling my hair out trying to figure out where web2py stores the 
> project files by default in OS X? It is not located in the same directory 
> as the web2py.app .
>
> I can launch the web interface and see project in the admin view but want 
> to edit the files from sublime text as opposed to the admin web interface. 
> I've 
> looked through the web2py book and google user book with no luck. Any 
> suggestions, this seems like it should be fairly obvious...
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: How to make smartgrid redirect to edit after creating new record?

[Alex Glaros]

Thanks Adi,

Alex

On Sunday, September 15, 2013 5:33:36 AM UTC-7, Adi wrote:
>
> Untested, and modified sample:
>
>
>
> *Model:*
> db.define_table('purchase_order',
> Field('po_number', 'string', label=T('PO Number'), unique=
> True),
> Field('status',  'string', default='Processed',
> requires= IS_IN_SET(['Processed', 
> 'Cancelled', 'On Hold', 'Shipped']), label=T('Status')),
> format='%(po_number)s',
> )
>
>
> *Controller:*
> def po_onupdate(form):
>
> # send an email, but only first time (when status changes to 
> 'Shipped', additional record updates will not trigger an email)
> if ((form.vars.status == 'Shipped') & (form.record.status != 'Shipped'
> )):
> mail.send(to=['some...@somewhere.com',], subject='Order %s 
> shipped. Date: %s' % (form.record.po_number, request.now), message="Long 
> message")
> session.flash = ('Updated a %s' % (tbl_name)) + ' ' + 
> (form.vars.po_number 
> if tbl_name == 'purchase_order' else '')
> 
> return
>
> def purchase_order():
> grid=SQLFORM.smartgrid(db.purchase_order, details=True, links_in_grid=
> True,
> paginate=20,
> sortable=True,
> onupdate = po_onupdate,
> editable = True,
> formstyle='bootstrap',
> user_signature=True,
> )
> return dict(grid=grid)
> 
> 
>
>
>
>
>
>
>
> On Sunday, September 15, 2013 12:29:04 AM UTC-4, Alex Glaros wrote:
>>
>> Adi, you had a tiny working example above 
>>
>> *this works:
>> grid=SQLFORM.smartgrid(.*
>>
>> is the data model available for that?
>>
>> I'm looking for any small self-contained working example of smartgrid 
>> redirecting to edit 
>>
>> thanks,
>>
>> Alex
>>
>> On Saturday, September 14, 2013 5:38:58 PM UTC-7, Adi wrote:
>>>
>>> Alex,
>>> Can you please clarify what model do you need? I can post the sample 
>>> code but not sure what exactly do you need. 
>>>
>>>
>>> On Fri, Sep 13, 2013 at 8:13 PM, Alex Glaros  wrote:
>>>
 Adi, 

 can you post the model for this?  

 thanks, 

 Alex Glaros


 On Friday, December 23, 2011 9:44:17 AM UTC-8, Adi wrote:
>
> this works:
>
> grid=SQLFORM.smartgrid(db.**purchase_order, details=False, 
> links_in_grid=True,
> maxtextlengths={'purchase_**
> order.po_number':15,},
> maxtextlength=30,
> paginate=20,
> sortable=True,
> orderby=dict(purchase_order=[~**
> db.purchase_order.modified_on]**, ),
> oncreate = dict(purchase_order=[po_**
> oncreation]),
> csv=False,
> ui='jquery-ui',
> links=dict(purchase_order=[**lambda row: 
> A('Duplicate',
> _class='button', 
> _href=URL('duplicate_purchase_**order',args=[row.id])), lambda row: 
> A('Print',
> _class='button', 
> _href=URL('print_all',args=[ro**w.id ]))]),
> user_signature=False, onupdate=auth.archive,
> )
>
>
> def po_oncreation(form1):
> 
> auth.archive
> 
> last_id = form1.vars.id
> 
> row = db(db.purchase_order.id==last_**id).select().first()
>
> str_po_number = row.po_number + str(row.id)
> row.po_number = str_po_number
> row.update_record()
> 
> #response.flash = 'Added a Purchase Order'
>
> session.flash = 'Added a Purchase Order'
> return
>
>
>
>  -- 
 Resources:
 - http://web2py.com
 - http://web2py.com/book (Documentation)
 - http://github.com/web2py/web2py (Source code)
 - https://code.google.com/p/web2py/issues/list (Report Issues)
 --- 
 You received this message because you are subscribed to the Google 
 Groups "web2py-users" group.
 To unsubscribe from this group and stop receiving emails from it, send 
 an email to web2py+un...@googlegroups.com.
 For more options, visit https://groups.google.com/groups/opt_out.

>>>
>>>
>>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/g

[web2py] Re: Web2Py compute fields not working on update

[Anthony]

On Sunday, September 15, 2013 10:27:51 AM UTC-4, step wrote:

> Sorry for resurrecting such an old thread, but I wanted to add my solution 
> to a very similar issue.
> It might seem obvious to expert web2py users; I found out that when some 
> compute fields weren't updating in my app it was due to unordered 
> cross-dependencies. In other words, if the computation of db.table.field_A 
> depends on the value of db.table.field_B, then db.define_table() must 
> define field_B *before* field_A, for any pair of field_A and field_B in 
> table, otherwise the computation of field_A will silently fail.
> Tested on version 2.6.1.
>

I cannot reproduce this -- can you show an example?

Anthony 

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: _before_delete callback function to update the other table

[Niphlod]

my solution works, I tested it :D

On Sunday, September 15, 2013 2:30:06 PM UTC+2, 黄祥 wrote:
>
> i've followed your hints, but still not worked (no error occured).
>
> def __ondelete_receipt(s):
> purchase_order_no=s.select().first().purchase_order_no
> # for test # purchase_order_no=s.select()[0].purchase_order_no
> db(db.purchase_order_header.id==purchase_order_no).update(status='Purchase 
> Order Authorized')
> # for test # 
> db.purchase_order_header[s.select()[0].purchase_order_no].update_record(status='Purchase
>  
> Order Authorized')
>
> db.receipt_header._before_delete.append(lambda s: __ondelete_receipt(s) )
>
> any idea how to make it work?
>
> thanks and best regards,
> stifan
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Where does Web2py save project files OS X?

[Ben Martinek]

 I am pulling my hair out trying to figure out where web2py stores the 
project files by default in OS X? It is not located in the same directory 
as the web2py.app .

I can launch the web interface and see project in the admin view but want 
to edit the files from sublime text as opposed to the admin web interface. I've 
looked through the web2py book and google user book with no luck. Any 
suggestions, this seems like it should be fairly obvious...

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Web2Py compute fields not working on update

[step]

Sorry for resurrecting such an old thread, but I wanted to add my solution 
to a very similar issue.
It might seem obvious to expert web2py users; I found out that when some 
compute fields weren't updating in my app it was due to unordered 
cross-dependencies. In other words, if the computation of db.table.field_A 
depends on the value of db.table.field_B, then db.define_table() must 
define field_B *before* field_A, for any pair of field_A and field_B in 
table, otherwise the computation of field_A will silently fail.
Tested on version 2.6.1.


On Monday, June 18, 2012 6:24:05 PM UTC+2, Brandon Reynolds wrote:
>
> I have this problem when i try to generate thumbnails. If the field is 
> empty it inserts the photo thumb into the thumbnail. But when i try to 
> update that record the thumbnail doesn't change. 
>
> Here is my model:
>
> # coding: utf8
> from image import THUMBER
>
> db.define_table('park', 
> Field('park_name', requires=IS_NOT_EMPTY()),
> Field('park_city', requires=IS_NOT_EMPTY()),
> Field('park_state', requires=IS_NOT_EMPTY()),
> Field('park_address', requires=IS_NOT_EMPTY()),
> Field('park_zip', requires=IS_NOT_EMPTY()),
> Field('country', default="USA", notnull=True, readable=False, 
> writable=False),
> Field('park_phone', requires=IS_MATCH('[\d\-\(\) ]+')),
> Field('park_fax', requires=IS_EMPTY_OR(IS_MATCH('[\d\-\(\) ]+'))),
> Field('park_phone_2', 'string', requires=IS_EMPTY_OR(IS_MATCH('[\d\-\(\) 
> ]+'))),
> Field('photo1', 'upload'),
> Field('photo_thumb1', 'upload', readable=False, writable=False),
> Field('photo2', 'upload'),
> Field('photo_thumb2', 'upload', readable=False, writable=False),
> Field('photo3', 'upload'),
> Field('photo_thumb3', 'upload', readable=False, writable=False),
> Field('photo4', 'upload'),
> Field('photo_thumb4', 'upload', readable=False, writable=False),
> Field('photo5', 'upload'),
> Field('photo_thumb5', 'upload', readable=False, writable=False),
> Field('manager', requires=IS_NOT_EMPTY()),
> Field('manager_email', requires=IS_EMAIL()),
> Field('spaces', 'integer', requires=IS_NOT_EMPTY()),
> Field('vacant', 'integer'),
> Field('lot_rent', 'integer', requires=IS_NOT_EMPTY()),
> Field('water', 'boolean'),
> Field('sewer', 'boolean'),
> Field('trash', 'boolean'),
> Field('pool', 'boolean'),
> Field('playground', 'boolean'),
> Field('clubhouse', 'boolean'),
> Field('laundromat', 'boolean'),
> Field('rv_spaces', 'boolean'),
> Field('storage', 'boolean'),
> Field('handicap_accessible', 'boolean'),
> Field('community_description', 'text'),
> format='%(park_name)s')
>
> db.define_table('home', 
> Field('pid', notnull=True, readable=False, writable=False),
> Field('lot'),
> Field('year', length=4, requires=IS_NOT_EMPTY()),
> Field('make'),
> Field('model'),
> Field('width', requires=IS_NOT_EMPTY()),
> Field('length', requires=IS_NOT_EMPTY()),
> Field('wide', requires=IS_NOT_EMPTY()),
> Field('for_sale', 'boolean', default=True),
> Field('beds', requires=IS_NOT_EMPTY()),
> Field('baths', requires=IS_NOT_EMPTY()),
> Field('fridge', 'boolean'),
> Field('stove', 'boolean'),
> Field('dishwasher', 'boolean'),
> Field('microwave', 'boolean'),
> Field('washer', 'boolean'),
> Field('dryer', 'boolean'),
> Field('photo1', 'upload'),
> Field('photo1_text'),
> Field('photo_thumb1', 'upload', readable=False, writable=False),
> Field('photo2', 'upload'),
> Field('photo2_text'),
> Field('photo_thumb2', 'upload', readable=False, writable=False),
> Field('photo3', 'upload'),
> Field('photo3_text'),
> Field('photo_thumb3', 'upload', readable=False, writable=False),
> Field('photo4', 'upload'),
> Field('photo4_text'),
> Field('photo_thumb4', 'upload', readable=False, writable=False),
> Field('photo5', 'upload'),
> Field('photo5_text'),
> Field('photo_thumb5', 'upload', readable=False, writable=False),
> Field('price',requires=IS_NOT_EMPTY()),
> Field('description', 'text', requires=IS_NOT_EMPTY()),
> Field('posted_on', 'datetime', readable=False, writable=False))
>
> db.define_table('state',
> Field('name'),
> Field('full_name'))
>
> db.define_table('wide',
> Field('type'),
> format='%(type)s')
>
>
> db.park.park_state.requires = IS_IN_DB(db, 'state.name', '%(full_name)s 
> (%(name)s)', zero=T('Select State'))
> db.home.wide.requires = IS_IN_DB(db, 'wide.type', '%(type)s', 
> zero=T('Select Home Type'))
>
> db.park.photo_thumb1.compute = lambda row: THUMBER(row.photo1, 
> "photo_thumb1", 144, 115)
> db.park.photo_thumb2.compute = lambda row: THUMBER(row.photo2, 
> "photo_thumb2", 144, 115)
> db.park.photo_thumb3.compute = lambda row: THUMBER(row.photo3, 
> "photo_thumb3", 144, 115)
> db.park.photo_thumb4.compute = lambda row: THUMBER(row.photo4, 
> "photo_thumb4", 144, 115)
> db.park.photo_thumb5.compute = lambda row: THUMBER(row.photo5, 
> "photo_thumb5", 144, 115)
> db.home.photo_thumb1.compute = lambda row: THUMBER(row.photo1, 
> "photo_thumb1", 144, 115)
> db.home.photo_thumb2.compute = lambda row: THUMBER(row.photo2, 
> "photo_thumb2", 144, 115)
> db.home.photo_thumb3.compu

Re: [web2py] Django vulnerability and web2py

[Ovidio Marinho]

Web2py King frameworks safely.




 Ovidio Marinho Falcao Neto
  ITJP.NET.BR
 ovidio...@gmail.com
   83   8826 9088 - Oi
   83   9336 3782 - Claro
Brasil



2013/9/15 Massimo Di Pierro 

> A serious DoS vulnerability was found in reported in Django today:
>
> https://www.djangoproject.com/weblog/2013/sep/15/security/
>
> We use the same default hashing algorithm for password, PBKDF2, so some
> of you may worry about the same vulnerability affecting web2py. Well NO! We
> are safe, This is because web2py always validates (and always did) the
> length of the password strings and it is capped to 256 bytes.
>
> https://github.com/web2py/web2py/blob/master/gluon/dal.py#L6892
>
> This is also the time to point our that web2py (since 2.6.x) uses its own
> implementation of PBKDF2, written by Michele Comitini which is 10x faster
> than the original version used by Flask and Django.
>
> Given this vulnerability (in Django) probably we will modify our library
> so that, if used outside of web2py, there is a max password length enforced
> by the library itself. You may see this patch in the near future. Again
> this does not affect us but may affect others in case they choose to use it.
>
> Massimo
>
> --
> Resources:
> - http://web2py.com
> - http://web2py.com/book (Documentation)
> - http://github.com/web2py/web2py (Source code)
> - https://code.google.com/p/web2py/issues/list (Report Issues)
> ---
> You received this message because you are subscribed to the Google Groups
> "web2py-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to web2py+unsubscr...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Django vulnerability and web2py

[Massimo Di Pierro]

A serious DoS vulnerability was found in reported in Django today:

https://www.djangoproject.com/weblog/2013/sep/15/security/

We use the same default hashing algorithm for password, PBKDF2, so some of 
you may worry about the same vulnerability affecting web2py. Well NO! We 
are safe, This is because web2py always validates (and always did) the 
length of the password strings and it is capped to 256 bytes. 

https://github.com/web2py/web2py/blob/master/gluon/dal.py#L6892

This is also the time to point our that web2py (since 2.6.x) uses its own 
implementation of PBKDF2, written by Michele Comitini which is 10x faster 
than the original version used by Flask and Django.

Given this vulnerability (in Django) probably we will modify our library so 
that, if used outside of web2py, there is a max password length enforced by 
the library itself. You may see this patch in the near future. Again this 
does not affect us but may affect others in case they choose to use it.

Massimo

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [web2py] Re: How to make smartgrid redirect to edit after creating new record?

[Adi]

Untested, and modified sample:



*Model:*
db.define_table('purchase_order',
Field('po_number', 'string', label=T('PO Number'), unique=
True),
Field('status',  'string', default='Processed',
requires= IS_IN_SET(['Processed', 
'Cancelled', 'On Hold', 'Shipped']), label=T('Status')),
format='%(po_number)s',
)


*Controller:*
def po_onupdate(form):

# send an email, but only first time (when status changes to 'Shipped', 
additional record updates will not trigger an email)
if ((form.vars.status == 'Shipped') & (form.record.status != 'Shipped'
)):
mail.send(to=['some...@somewhere.com',], subject='Order %s shipped. 
Date: %s' % (form.record.po_number, request.now), message="Long message")
session.flash = ('Updated a %s' % (tbl_name)) + ' ' + (form.vars.po_number 
if tbl_name == 'purchase_order' else '')

return

def purchase_order():
grid=SQLFORM.smartgrid(db.purchase_order, details=True, links_in_grid=
True,
paginate=20,
sortable=True,
onupdate = po_onupdate,
editable = True,
formstyle='bootstrap',
user_signature=True,
)
return dict(grid=grid)









On Sunday, September 15, 2013 12:29:04 AM UTC-4, Alex Glaros wrote:
>
> Adi, you had a tiny working example above 
>
> *this works:
> grid=SQLFORM.smartgrid(.*
>
> is the data model available for that?
>
> I'm looking for any small self-contained working example of smartgrid 
> redirecting to edit 
>
> thanks,
>
> Alex
>
> On Saturday, September 14, 2013 5:38:58 PM UTC-7, Adi wrote:
>>
>> Alex,
>> Can you please clarify what model do you need? I can post the sample code 
>> but not sure what exactly do you need. 
>>
>>
>> On Fri, Sep 13, 2013 at 8:13 PM, Alex Glaros  wrote:
>>
>>> Adi, 
>>>
>>> can you post the model for this?  
>>>
>>> thanks, 
>>>
>>> Alex Glaros
>>>
>>>
>>> On Friday, December 23, 2011 9:44:17 AM UTC-8, Adi wrote:

 this works:

 grid=SQLFORM.smartgrid(db.**purchase_order, details=False, 
 links_in_grid=True,
 maxtextlengths={'purchase_**
 order.po_number':15,},
 maxtextlength=30,
 paginate=20,
 sortable=True,
 orderby=dict(purchase_order=[~**
 db.purchase_order.modified_on]**, ),
 oncreate = dict(purchase_order=[po_**
 oncreation]),
 csv=False,
 ui='jquery-ui',
 links=dict(purchase_order=[**lambda row: 
 A('Duplicate',
 _class='button', 
 _href=URL('duplicate_purchase_**order',args=[row.id])), lambda row: 
 A('Print',
 _class='button', 
 _href=URL('print_all',args=[ro**w.id ]))]),
 user_signature=False, onupdate=auth.archive,
 )


 def po_oncreation(form1):
 
 auth.archive
 
 last_id = form1.vars.id
 
 row = db(db.purchase_order.id==last_**id).select().first()

 str_po_number = row.po_number + str(row.id)
 row.po_number = str_po_number
 row.update_record()
 
 #response.flash = 'Added a Purchase Order'

 session.flash = 'Added a Purchase Order'
 return



  -- 
>>> Resources:
>>> - http://web2py.com
>>> - http://web2py.com/book (Documentation)
>>> - http://github.com/web2py/web2py (Source code)
>>> - https://code.google.com/p/web2py/issues/list (Report Issues)
>>> --- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "web2py-users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to web2py+un...@googlegroups.com.
>>> For more options, visit https://groups.google.com/groups/opt_out.
>>>
>>
>>
>>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: _before_delete callback function to update the other table

[黄祥]

i've followed your hints, but still not worked (no error occured).

def __ondelete_receipt(s):
purchase_order_no=s.select().first().purchase_order_no
# for test # purchase_order_no=s.select()[0].purchase_order_no
db(db.purchase_order_header.id==purchase_order_no).update(status='Purchase 
Order Authorized')
# for test # 
db.purchase_order_header[s.select()[0].purchase_order_no].update_record(status='Purchase
 
Order Authorized')

db.receipt_header._before_delete.append(lambda s: __ondelete_receipt(s) )

any idea how to make it work?

thanks and best regards,
stifan

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: Jessica McKellar talking about windows and the future of Python

[LightDot]

The metric from the presentation shows python is gaining popularity quite 
nicely. Great!

Let me just remind those of you who are using Windows as a development 
workstation - there is a great open source project: Python Tools (Apache 
License 2.0) which gives you a completely free Python environment in Visual 
Studio (yes, the Visual Studio + Python Tools combination is free to 
install & use), with working debugger etc.

There is a great blog post describing everything you need to know to 
install it and begin using it:

http://www.hanselman.com/blog/OneOfMicrosoftsBestKeptSecretsPythonToolsForVisualStudioPTVS.aspx

I'm not a proponent of MS products for various ideological reasons, but 
this IDE combination looks really nice... I'm not going to start using 
Windows to use it, though. :) But if you already have to...

Regards

On Thursday, September 12, 2013 9:00:39 AM UTC+2, rochacbruno wrote:
>
> Hi,
>
> I found this talk interesting 
> http://www.youtube.com/watch?v=d1a4Jbjc-vU&feature=share
>
> Jessica McKeller talks about how "windows OS" is important to the future 
> of Python, and how it is complicated to use Python on windows nowadays.
>
> And I think that *web2py is the only framework that does a good job 
> working on windows*, any other framework has too many problems to run on 
> windows.
>
> So web2py is helping to build the future of Python!
>
>
> -- 
>
> *Bruno Rocha - @rochacbruno*
> http://github.com/rochacbruno
> http://rochacbruno.com.br
> http://pythonhub.com
>  

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[web2py] Re: _before_delete callback function to update the other table

[Niphlod]

sorry, my bad. The Set is indeed not a Query ...

def __ondelete_receipt_order(s):
receipt_order = s.select().first()

db(db.purchase_order_header.id==receipt_order.purchase_order_no).update(status='Purchase
 
Order Authorized')

db.receipt_order_header._before_delete.append(__ondelete_receipt_order)

On Sunday, September 15, 2013 12:46:27 AM UTC+2, 黄祥 wrote:
>
> yeah, my goal is when i delete receipt order it will update the purchase 
> order status.
> i've followed your suggestion, but still not update the status of purchase 
> order when i delete the receipt order (no error occured, just not update 
> the purchase order).
>
> def __ondelete_receipt_order(s):
> receipt_order=db(s).select()
> # for test # receipt_order=db(s).select().first()
> db(db.purchase_order_header.id==receipt_order.purchase_order_no).update(status='Purchase
>  
> Order Authorized')
>
> db.receipt_order_header._before_delete.append(lambda s: 
> __ondelete_receipt_order(s.select()[0]) )
>
> and here is the table field :
> db.define_table('purchase_order_header', 
> Field('purchase_order_no'), 
> Field('purchase_order_date', 'date', notnull=True),
> Field('supplier', 'reference supplier', notnull=True), 
> Field('payment_type', 'reference payment_type', notnull=True), 
> Field('is_delivery', 'boolean'),
> Field('notes', 'text'),
> Field('is_authorized', 'boolean'),
> Field('status', notnull=True),
> Field('grand_total', 'decimal(10,2)'), 
> format='%(purchase_order_no)s')
>
> db.define_table('receipt_order_header', 
> Field('receipt_order_no'), 
> Field('receipt_order_date', 'date', notnull=True),
> Field('purchase_order_no', 'reference purchase_order_header', 
> notnull=True), 
> Field('supplier', 'reference supplier', notnull=True), 
> Field('payment_type', 'reference payment_type', notnull=True), 
> Field('notes', 'text'),
> Field('is_authorized', 'boolean'),
> Field('status', notnull=True),
> format='%(receipt_order_no)s')
>
> any other idea how to accomplished this?
>
> thanks and best regards,
>
> stifan
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.