[web2py] Re: setting up using auth confusion
On Monday, October 24, 2011 8:04:25 AM UTC-4, lucas wrote: first i want to shutoff the default of creating a new group for each registered person. what is the setting to override that default behavior? auth.settings.create_user_groups = False See http://web2py.com/book/default/chapter/08#Settings-and-Messages i am auth.settings.registration_requires_approval = True so that i can manually manage users and the group they belong to and their associated permissions. when i approve the user by erasing pending under auth_user, i want to assign them to one of six groups i setup in auth_group. each group has its own permission under auth_permission. what is the best way to setup groups (roles) and permissions in web2py and then assign that group or role to the newly allowed user? is their a web2py admin interface for this besides the web2py database admin interface? No. You'll have to use appadmin or create your own interface, which is very easy to do with Crud or now with the new SQLFORM.grid/smartgrid (though that still isn't documented in the book). You can also do it programmatically by writing DAL inserts/updates -- either in a web2py shell or by running a script via the command line (see http://web2py.com/book/default/chapter/04#Command-Line-Options). Note, when doing DB operations via the shell or scripts, you need to explicitly commit transactions via db.commit() (see http://web2py.com/book/default/chapter/06#commit-and-rollback). and lastly, how to decorate my functions with either group/role or permissions to either allow or deny that function? @auth.requires_membership(...) @auth.requires_permission(...) @auth.requires(any_set_of_conditions) See http://web2py.com/book/default/chapter/08#Decorators, http://web2py.com/book/default/chapter/08#Combining-Requirements. also, what is the best way to check in a controller function or view that group/role or permission once the user is logged in to verify the user and either display or not display certain information? if auth.has_membership(...): do something else: don't do it Similarly for auth.has_permission(...). See http://web2py.com/book/default/chapter/08#Authorization. Anthony
[web2py] Re: setting up using auth confusion
ok, that was totally helpful, thanx for all of the help. i have gotten far, using has_membership and requires_membership often and working perfectly, both in controllers and views. having a bit of a problem with auth.has_permission(). i have a group/ role, auth_group id=2, called Guest and under auth_permission, id=2 also, with group_id=2 with name=News Restricted. table_name is Null and record_id=0. i also have an entry under auth_user with id=2, email 'f...@gmail.com' just for fun, and an entry under auth_membership, id=4, with user_id=2 and group_id=2. so all that means is that user f...@gmail.com should be a Guest with permission set to true for News Restricted. ok? how come when f...@gmail.com is logged in, auth.has_permission('News Restricted') proves False. Shouldn't it be True? thanx in advance and have a good day. lucas
[web2py] Re: setting up using auth confusion
On Monday, October 24, 2011 5:29:41 PM UTC-4, lucas wrote: ok, that was totally helpful, thanx for all of the help. i have gotten far, using has_membership and requires_membership often and working perfectly, both in controllers and views. having a bit of a problem with auth.has_permission(). i have a group/ role, auth_group id=2, called Guest and under auth_permission, id=2 also, with group_id=2 with name=News Restricted. table_name is Null and record_id=0. i also have an entry under auth_user with id=2, email 'fd...@gmail.com' just for fun, and an entry under auth_membership, id=4, with user_id=2 and group_id=2. so all that means is that user fd...@gmail.com should be a Guest with permission set to true for News Restricted. ok? how come when fd...@gmail.com is logged in, auth.has_permission('News Restricted') proves False. Shouldn't it be True? From your description, sounds like it should be True. Maybe try specifying an object in the permission as well -- e.g., auth.add_permission(group_id=2, name=read, table_name=news). Note, table_name doesn't have to be an actual table -- it can be any arbitrary concept. For example, if you have a function that returns some news, you could decorate it with @auth.requires_permission('read', 'news'). Anthony
[web2py] Re: setting up using auth confusion
ok, i tried the auth.add_permission(group_id=2, name=read, table_name=news) line and just stuck it under db.py. i still can't get a True out of the has_permission('read') or has_permission(2, 'read') or has_permission(group_id=2, name='read'), nothing. your second suggestion gets me thinking. can i add a field under the news table, field named say security, and add the value restricted to certain records that i don't want guests seeing. is there a way to decorate or automatically have web2py filter out the restricted rows, compile and display only the unrestricted rows? interesting suggestion. but i still can't get a True out of has_permission. that one first. thanx again. lucas
[web2py] Re: setting up using auth confusion
btw, i am using 1.98.2 and will probably upgrade to 1.99.2 soon.
[web2py] Re: setting up using auth confusion
On Monday, October 24, 2011 7:06:12 PM UTC-4, lucas wrote: ok, i tried the auth.add_permission(group_id=2, name=read, table_name=news) line and just stuck it under db.py. i still can't get a True out of the has_permission('read') or has_permission(2, 'read') or has_permission(group_id=2, name='read'), nothing. It would have to be auth.has_permission('read', 'news'). See the example at the end of this section: http://web2py.com/book/default/chapter/08#Authorization. your second suggestion gets me thinking. can i add a field under the news table, field named say security, and add the value restricted to certain records that i don't want guests seeing. is there a way to decorate or automatically have web2py filter out the restricted rows, compile and display only the unrestricted rows? interesting suggestion. I suppose you could do it that way. You can also assign permissions to individual records, and check those permissions (including checking for all allowed records for a given user via auth.accessible_query). See the section referenced above as well as http://web2py.com/book/default/chapter/08#Authorization-and-CRUD. Anthony