[web2py] Re: Contribution to validators
I seems like I forgot to add IS_TITLE() to the __all__ declaration or whatever is its name in validators.py (I am not an developer, sorry for the inapropriate vocabulary). It seems to work for now. I am still open to some explanations (what is validators.pyc). -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] Re: Contribution
Hi Anthony, thanks, that looks promising, maybe we can find something in one of the links. We also had a brief look at the issue list before, but were uncertain whether or not its up to date or if the mentioned issues are of interest to the project. I guess we will have a closer look to filter some issues we can possibly fix. Again, thanks a lot. Matteo Am 29.10.2011 16:06, schrieb Anthony: Maybe look here for bugs and some feature requests: http://code.google.com/p/web2py/issues/list Some other threads to check out for ideas: https://groups.google.com/forum/#!topic/web2py/DHZ8NhRkeKc/discussion https://groups.google.com/forum/#!topic/web2py/Z_Ffj1GzTZg/discussion https://groups.google.com/forum/#!topic/web2py/3nbrYP7uAkI/discussion https://groups.google.com/forum/#!msg/web2py/e21KNkXky0w/-rOk5SMKKPMJ I like the idea of a "search abstraction layer" for full text search: https://groups.google.com/forum/#!msg/web2py/3nbrYP7uAkI/kT6Z5k2AK0oJ Anthony
Re: [web2py] Re: Contribution
On Saturday, October 29, 2011 8:58:23 AM UTC-4, Hong-Khoan wrote: > > Hi, > > sure. But unfortunately for our practical course we need to fix at least > one non-trivial bugfix or implement a feature. > Maybe look here for bugs and some feature requests: http://code.google.com/p/web2py/issues/list Some other threads to check out for ideas: https://groups.google.com/forum/#!topic/web2py/DHZ8NhRkeKc/discussion https://groups.google.com/forum/#!topic/web2py/Z_Ffj1GzTZg/discussion https://groups.google.com/forum/#!topic/web2py/3nbrYP7uAkI/discussion https://groups.google.com/forum/#!msg/web2py/e21KNkXky0w/-rOk5SMKKPMJ I like the idea of a "search abstraction layer" for full text search: https://groups.google.com/forum/#!msg/web2py/3nbrYP7uAkI/kT6Z5k2AK0oJ Anthony
Re: [web2py] Re: Contribution
Hi, sure. But unfortunately for our practical course we need to fix at least one non-trivial bugfix or implement a feature. Regards Hong-Khoan Am 27.10.2011 23:29, schrieb Triquetra: > I'm sure assistance with documentation would be appreciated by all! > > On Oct 26, 10:16 am, Hong-Khoan Quach > wrote: >> I want to thank you all for your suggestions so far and please >> post further suggestions :). >> >> Massimo, Anthony or other contributors/committers, do you >> have anything on your TODO list ? >> >> Regards >> >> Hong-Khoan >> >> Am 21.10.2011 12:52, schrieb Hong-Khoan Quach: >> >> >> >> >> >> >> >>> Hi there. >> >>> We would like to contribute to web2py for a university open source >>> practical course. Does anyone have an idea for an important/cool feature >>> that we could propose to our supervisor? >>> Furthermore, are there any low hanging fruits, we can start with? >> >>> Regards >> >>> Matteo and Hong-Khoan >> >> >> >> signature.asc >> < 1KViewDownload signature.asc Description: OpenPGP digital signature
[web2py] Re: Contribution
I'm sure assistance with documentation would be appreciated by all! On Oct 26, 10:16 am, Hong-Khoan Quach wrote: > I want to thank you all for your suggestions so far and please > post further suggestions :). > > Massimo, Anthony or other contributors/committers, do you > have anything on your TODO list ? > > Regards > > Hong-Khoan > > Am 21.10.2011 12:52, schrieb Hong-Khoan Quach: > > > > > > > > > Hi there. > > > We would like to contribute to web2py for a university open source > > practical course. Does anyone have an idea for an important/cool feature > > that we could propose to our supervisor? > > Furthermore, are there any low hanging fruits, we can start with? > > > Regards > > > Matteo and Hong-Khoan > > > > signature.asc > < 1KViewDownload
[web2py] Re: Contribution
I don't think web2py supports this currently, but I think you are on the right track. I think what I would suggest is an extension to auth.add_permission. Something like auth.add_permission(group.id, 'name', 'object', record_id, 'column_name', state_bool) where column_name is the name of the table column(field) and NULL or unspecified equals all columns; and where state_bool is any expression returning a boolean value such that a "true" value means the permission is active, and a "false" value means it is not (e.g. db.articles.published == true; or time.now - db.articles.date > 30 days) and NULL or unspecified equals all/any states. Of course this would also require respective extensions to auth.has_permission. On Oct 26, 1:17 pm, Richard Vézina wrote: > I just read the doc... Not sure what I suggest is possible... According to > the doc it would need something like this to work: > > auth.has_permission(group_id, 'read', 'table123', field123 == 'something') > > This would lead to check if a user as the permission read on table123 when > field123 has the value something... > > It would be great if it is possible... > > Richard > > On Wed, Oct 26, 2011 at 2:03 PM, Richard Vézina > > > > > > > > wrote: > > And why the object could not be a query that can return a list of records > > having the state you are looking for?? > > > Richard > > > On Mon, Oct 24, 2011 at 8:25 PM, Triquetra < > > trique...@triquetradevelopment.com> wrote: > > >> No, I don't think this helps, unless I'm misunderstanding something > >> (which is possible). > > >> When using "auth.add_permission(group_id, 'name', 'object', > >> record_id)" the CRUD permissions are only enforced if the object is a > >> table (according to the book). So, even assuming one could pass a > >> column as the object (to enable field based access control), the > >> web2py access system will not automatically enforce CRUD permissions > >> on this object (like it would with tables or records). This level of > >> access control would require additional manual enforcement in the > >> controllers. > > >> This doesn't help with state based permissions either. The issue here > >> is that permissions may change depending upon the state of the > >> object. Workflows are a good example. If A is in group author and E > >> is in group editor, a workflow may demand that A has full CRUD rights > >> until the article is submitted for editing, then A only has read > >> rights over the SAME record and editor group gets read and update > >> rights only after submission of the article for editing. Same record, > >> same groups, same users -- different permissions based on the state of > >> the record (which could be indicated by the content of a field). > > >> > On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: > > >> > > I'd like to see > >> > > web2py's access control beefed up (thus permitting easy development of > >> > > workflows, among other things). Specifically, the current web2py RBAC > >> > > has two levels of granularity: table and record (row). This should be > > >> > extended to include field(column), type(controller), and > > >> > > context(state). > > >> > auth.add_permission(group_id, 'name', 'object', record_id) > > >> > In the above, 'object' can be any user-defined object, not just a DB > >> table > >> > (record_id is only relevant if the object is a table). Does that help? > > >> > > Although the type(controller) access control is currently implemented > >> > > via decorators in web2py, this is restricted to coders. > > >> > You don't have to use decorators. You can directly check for permissions > >> via > >> > auth.has_membership() and auth.has_permission().
Re: [web2py] Re: Contribution
I just read the doc... Not sure what I suggest is possible... According to the doc it would need something like this to work: auth.has_permission(group_id, 'read', 'table123', field123 == 'something') This would lead to check if a user as the permission read on table123 when field123 has the value something... It would be great if it is possible... Richard On Wed, Oct 26, 2011 at 2:03 PM, Richard Vézina wrote: > And why the object could not be a query that can return a list of records > having the state you are looking for?? > > Richard > > > On Mon, Oct 24, 2011 at 8:25 PM, Triquetra < > trique...@triquetradevelopment.com> wrote: > >> No, I don't think this helps, unless I'm misunderstanding something >> (which is possible). >> >> When using "auth.add_permission(group_id, 'name', 'object', >> record_id)" the CRUD permissions are only enforced if the object is a >> table (according to the book). So, even assuming one could pass a >> column as the object (to enable field based access control), the >> web2py access system will not automatically enforce CRUD permissions >> on this object (like it would with tables or records). This level of >> access control would require additional manual enforcement in the >> controllers. >> >> This doesn't help with state based permissions either. The issue here >> is that permissions may change depending upon the state of the >> object. Workflows are a good example. If A is in group author and E >> is in group editor, a workflow may demand that A has full CRUD rights >> until the article is submitted for editing, then A only has read >> rights over the SAME record and editor group gets read and update >> rights only after submission of the article for editing. Same record, >> same groups, same users -- different permissions based on the state of >> the record (which could be indicated by the content of a field). >> >> > On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: >> > >> > > I'd like to see >> > > web2py's access control beefed up (thus permitting easy development of >> > > workflows, among other things). Specifically, the current web2py RBAC >> > > has two levels of granularity: table and record (row). This should be >> > >> > extended to include field(column), type(controller), and >> > >> > > context(state). >> > >> > auth.add_permission(group_id, 'name', 'object', record_id) >> > >> > In the above, 'object' can be any user-defined object, not just a DB >> table >> > (record_id is only relevant if the object is a table). Does that help? >> > >> > > Although the type(controller) access control is currently implemented >> > > via decorators in web2py, this is restricted to coders. >> > >> > You don't have to use decorators. You can directly check for permissions >> via >> > auth.has_membership() and auth.has_permission(). >> > >
Re: [web2py] Re: Contribution
And why the object could not be a query that can return a list of records having the state you are looking for?? Richard On Mon, Oct 24, 2011 at 8:25 PM, Triquetra < trique...@triquetradevelopment.com> wrote: > No, I don't think this helps, unless I'm misunderstanding something > (which is possible). > > When using "auth.add_permission(group_id, 'name', 'object', > record_id)" the CRUD permissions are only enforced if the object is a > table (according to the book). So, even assuming one could pass a > column as the object (to enable field based access control), the > web2py access system will not automatically enforce CRUD permissions > on this object (like it would with tables or records). This level of > access control would require additional manual enforcement in the > controllers. > > This doesn't help with state based permissions either. The issue here > is that permissions may change depending upon the state of the > object. Workflows are a good example. If A is in group author and E > is in group editor, a workflow may demand that A has full CRUD rights > until the article is submitted for editing, then A only has read > rights over the SAME record and editor group gets read and update > rights only after submission of the article for editing. Same record, > same groups, same users -- different permissions based on the state of > the record (which could be indicated by the content of a field). > > > On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: > > > > > I'd like to see > > > web2py's access control beefed up (thus permitting easy development of > > > workflows, among other things). Specifically, the current web2py RBAC > > > has two levels of granularity: table and record (row). This should be > > > > extended to include field(column), type(controller), and > > > > > context(state). > > > > auth.add_permission(group_id, 'name', 'object', record_id) > > > > In the above, 'object' can be any user-defined object, not just a DB > table > > (record_id is only relevant if the object is a table). Does that help? > > > > > Although the type(controller) access control is currently implemented > > > via decorators in web2py, this is restricted to coders. > > > > You don't have to use decorators. You can directly check for permissions > via > > auth.has_membership() and auth.has_permission(). >
[web2py] Re: Contribution
I want to thank you all for your suggestions so far and please post further suggestions :). Massimo, Anthony or other contributors/committers, do you have anything on your TODO list ? Regards Hong-Khoan Am 21.10.2011 12:52, schrieb Hong-Khoan Quach: > Hi there. > > We would like to contribute to web2py for a university open source > practical course. Does anyone have an idea for an important/cool feature > that we could propose to our supervisor? > Furthermore, are there any low hanging fruits, we can start with? > > Regards > > Matteo and Hong-Khoan > signature.asc Description: OpenPGP digital signature
[web2py] Re: Contribution
No, I don't think this helps, unless I'm misunderstanding something (which is possible). When using "auth.add_permission(group_id, 'name', 'object', record_id)" the CRUD permissions are only enforced if the object is a table (according to the book). So, even assuming one could pass a column as the object (to enable field based access control), the web2py access system will not automatically enforce CRUD permissions on this object (like it would with tables or records). This level of access control would require additional manual enforcement in the controllers. This doesn't help with state based permissions either. The issue here is that permissions may change depending upon the state of the object. Workflows are a good example. If A is in group author and E is in group editor, a workflow may demand that A has full CRUD rights until the article is submitted for editing, then A only has read rights over the SAME record and editor group gets read and update rights only after submission of the article for editing. Same record, same groups, same users -- different permissions based on the state of the record (which could be indicated by the content of a field). > On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: > > > I'd like to see > > web2py's access control beefed up (thus permitting easy development of > > workflows, among other things). Specifically, the current web2py RBAC > > has two levels of granularity: table and record (row). This should be > > extended to include field(column), type(controller), and > > > context(state). > > auth.add_permission(group_id, 'name', 'object', record_id) > > In the above, 'object' can be any user-defined object, not just a DB table > (record_id is only relevant if the object is a table). Does that help? > > > Although the type(controller) access control is currently implemented > > via decorators in web2py, this is restricted to coders. > > You don't have to use decorators. You can directly check for permissions via > auth.has_membership() and auth.has_permission().
[web2py] Re: Contribution
It would be nice if we could nest groups. How about that for a proposal? On Oct 21, 4:08 pm, Anthony wrote: > On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: > > > I'd like to see > > web2py's access control beefed up (thus permitting easy development of > > workflows, among other things). Specifically, the current web2py RBAC > > has two levels of granularity: table and record (row). This should be > > extended to include field(column), type(controller), and > > > context(state). > > auth.add_permission(group_id, 'name', 'object', record_id) > > In the above, 'object' can be any user-defined object, not just a DB table > (record_id is only relevant if the object is a table). Does that help? > > > Although the type(controller) access control is currently implemented > > via decorators in web2py, this is restricted to coders. > > You don't have to use decorators. You can directly check for permissions via > auth.has_membership() and auth.has_permission().
[web2py] Re: Contribution
On Friday, October 21, 2011 3:54:26 PM UTC-4, Triquetra wrote: > > I'd like to see > web2py's access control beefed up (thus permitting easy development of > workflows, among other things). Specifically, the current web2py RBAC > has two levels of granularity: table and record (row). This should be extended to include field(column), type(controller), and > context(state). auth.add_permission(group_id, 'name', 'object', record_id) In the above, 'object' can be any user-defined object, not just a DB table (record_id is only relevant if the object is a table). Does that help? > Although the type(controller) access control is currently implemented > via decorators in web2py, this is restricted to coders. You don't have to use decorators. You can directly check for permissions via auth.has_membership() and auth.has_permission().
[web2py] Re: Contribution
I think a standalone workflow system is too high level. Workflow type systems (among other things) can be more than adequately developed with robust access control mechanisms. I'd like to see web2py's access control beefed up (thus permitting easy development of workflows, among other things). Specifically, the current web2py RBAC has two levels of granularity: table and record (row). This should be extended to include field(column), type(controller), and context(state). The first is implemented in other RBAC systems (e.g. Drupal), but not in web2py (at least not that I can tell). The latter two are ideas borrowed from SELinux. If these were in place, then workflows could easily be implemented by, e.g. specifying different permissions for a given role for each context(state) of a record or table(record type). Although the type(controller) access control is currently implemented via decorators in web2py, this is restricted to coders. Providing an extra layer of abstraction to this mechanism would permit this level of access control to be manipulated by users (eg. non-coder site managers). On Oct 21, 7:55 am, António Ramos wrote: > May i suggest a workflow framework in web2py? > Django has one > I want one :( > > 2011/10/21 Hong-Khoan Quach > > > > > > > > > Hi there. > > > We would like to contribute to web2py for a university open source > > practical course. Does anyone have an idea for an important/cool feature > > that we could propose to our supervisor? > > Furthermore, are there any low hanging fruits, we can start with? > > > Regards > > > Matteo and Hong-Khoan