Let's say you have a model to upload static files db.define_table('album',SQLField('image','upload'))
and Auth and Crud enabled. from tools import * auth=Auth(globals(),db) auth.define_tables() crud=Crud(globals(),db) In controller you have @auth.requires_login() def post(): return dict(form=crud.create(db.album)) def download(): return response.download(request,db) def user(): return dict(form=auth()) How do make sure that only the poster can download the images he/she posted? def give_permission(form): auth.add_permission(0,'read',db.album,form.vars.id) def check_permission(row): return auth.is_logged_in() and auth.has_permission ('read',db.album,row.id) db.album.image.authorize=check_permission @auth.requires_login() def post(): return dict(form=crud.create (db.album,onaccept=give_permission)) def download(): return response.download(request,db) def user(): return dict(form=auth()) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---