I was running into some issue with SQLFORM.grid and after going through the
code, I realized that the grid does not include request.vars when
calculating the URL signature (ref: v2.21.1, gluon/sqlhtml.py @ 2440).
Please correct me if I would be wrong,... else it may be useful to add
something about this behavior in the web2py documentation:
SQLFORM.grid validates the signature without taking into account
request.vars
As such, any constructed URL that contains a user_signature and that is
pointing to the page that uses the controller function which creates this
grid, should have this signature created without including request.vars!
Thus, hash_vars should be set to False in that case. If not, you may get a
‘not authorized’ flash message and you will be redirected.
E.g. a signed URL pointing to such page should look like:
URL(‘mypage_with_grid’, args=[‘a’, ‘b’, ‘c’], vars={‘var1’:’val1’},
*user_signature=True,* *hash_vars=False*)
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/web2py/4de8ab7e-497a-4bc7-8ee8-872fec9ea49en%40googlegroups.com.
