Let's say you have a model to upload static files
db.define_table('album',SQLField('image','upload'))
and Auth and Crud enabled.
from tools import *
auth=Auth(globals(),db)
auth.define_tables()
crud=Crud(globals(),db)
In controller you have
@auth.requires_login()
def post(): return dict(form=crud.create(db.album))
def download(): return response.download(request,db)
def user(): return dict(form=auth())
How do make sure that only the poster can download the images he/she
posted?
def give_permission(form):
auth.add_permission(0,'read',db.album,form.vars.id)
def check_permission(row):
return auth.is_logged_in() and auth.has_permission
('read',db.album,row.id)
db.album.image.authorize=check_permission
@auth.requires_login()
def post(): return dict(form=crud.create
(db.album,onaccept=give_permission))
def download(): return response.download(request,db)
def user(): return dict(form=auth())
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to
web2py+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---
