>
> well I didn't try to give them excess but sounds logical. nevertheless I
> didn't want to give them access to that. But I don't want to access each
> article by myself just because someone did a spelling mistake or wants to
> add a little content.
>
A very simple rights restriction example for editing Articles:
def owns_article(arg=None):
return db((db.Article.owner_id==auth.user_id)&\
(db.Article.id==request.args(1))).count() > 0
@auth.requires(owns_article)
def edit_article():
form = SQLFORM(db.Article, request.args(1))
return dict(form=form)
You must point users to the edit page with urls like
URL(f="edit_article", args=["Article", <article_id>])
And add a Field("owner_id", "reference auth_user", default=auth.user_id,
writable=False) to the Article table definition
web2py also provides an API for fine-grained access control, covered here:
http://www.web2py.com/books/default/chapter/29/09
--
