have you tried decorating your GET/PUT/POST/DELETE methods with the @requires_login()?
@request.restful() def user(): @requires_login() def GET(*args, **kwargs): .... i'm doing something similar to that...but with a custom decorator rather than requires_login. cfh On Friday, April 5, 2013 2:58:17 PM UTC-7, Philipp Müller wrote: > > Hello, > > I have written a restful API in web2py using @request_restful() and then > specified the patterns and tables that I wanted to expose in the API. > The whole API uses basic auth, which is fine. I'm used to retrieving the > user, that currently uses a service by calling auth.user.id. If I wanted > to check what items in the database are associated with the currently > logged in user, I could do that with a db query. > > Using @request_restful, I would like to do the exact thing, i.e. return > only values, that are associated with the user, that is currently using my > API. I have been able to figure out how to do this, any help regarding this > problem would be highly appreciated. > > Kind regards, > Philipp > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.