Hello, yes, all the methods are decorated with @requires_login(). The login itself is not the problem, that works fine. The issue is, that I want to return user-specific results in my api. Exposing one table by writing something along the lines of:
@request.restful() @auth.requires_login() def v1(): response.view = 'api.json'# +request.extension def GET(*args, **vars): patterns = [ "/stores[store]" ] parser = db.parse_as_rest(patterns, args, vars) if parser.status == 200: return dict(content=parser.response) else: raise HTTP(parser.status, parser.error) works fine. When I write "normal" database queries, that I want to return (logged in) user-specific data, I can do it like this, i.e. to return the pets of a user: def petsForOwnerQuery(): pets = (db.pets.owner == db.owner.auth) return selectedStores then i can go on and retrieve the currently logged in owner like this: def ownerFromAuthUserQuery(): loggedInOwner = (db.owner.auth == auth.user.id) return loggedInCustomer Combining these queries, I can retrieve the pets for the currently logged in user. My question now is, how I can accomplish this, using the @require_restful() decorator in my API. Thank you & regards, Philipp Am Samstag, 6. April 2013 19:40:39 UTC+2 schrieb Christian Foster Howes: > > have you tried decorating your GET/PUT/POST/DELETE methods with the > @requires_login()? > > @request.restful() > def user(): > @requires_login() > def GET(*args, **kwargs): > .... > > i'm doing something similar to that...but with a custom decorator rather > than requires_login. > > cfh > > > On Friday, April 5, 2013 2:58:17 PM UTC-7, Philipp Müller wrote: >> >> Hello, >> >> I have written a restful API in web2py using @request_restful() and then >> specified the patterns and tables that I wanted to expose in the API. >> The whole API uses basic auth, which is fine. I'm used to retrieving the >> user, that currently uses a service by calling auth.user.id. If I wanted >> to check what items in the database are associated with the currently >> logged in user, I could do that with a db query. >> >> Using @request_restful, I would like to do the exact thing, i.e. return >> only values, that are associated with the user, that is currently using my >> API. I have been able to figure out how to do this, any help regarding this >> problem would be highly appreciated. >> >> Kind regards, >> Philipp >> > -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.