Hello,
yes, all the methods are decorated with @requires_login(). The login itself
is not the problem, that works fine.
The issue is, that I want to return user-specific results in my api.
Exposing one table by writing something along the lines of:
@request.restful()
@auth.requires_login()
def v1():
response.view = 'api.json'# +request.extension
def GET(*args, **vars):
patterns = [
"/stores[store]" ]
parser = db.parse_as_rest(patterns, args, vars)
if parser.status == 200:
return dict(content=parser.response)
else:
raise HTTP(parser.status, parser.error)
works fine.
When I write "normal" database queries, that I want to return (logged in)
user-specific data, I can do it like this, i.e. to return the pets of a
user:
def petsForOwnerQuery():
pets = (db.pets.owner == db.owner.auth)
return selectedStores
then i can go on and retrieve the currently logged in owner like this:
def ownerFromAuthUserQuery():
loggedInOwner = (db.owner.auth == auth.user.id)
return loggedInCustomer
Combining these queries, I can retrieve the pets for the currently logged
in user.
My question now is, how I can accomplish this, using the @require_restful()
decorator in my API.
Thank you & regards,
Philipp
Am Samstag, 6. April 2013 19:40:39 UTC+2 schrieb Christian Foster Howes:
>
> have you tried decorating your GET/PUT/POST/DELETE methods with the
> @requires_login()?
>
> @request.restful()
> def user():
> @requires_login()
> def GET(*args, **kwargs):
> ....
>
> i'm doing something similar to that...but with a custom decorator rather
> than requires_login.
>
> cfh
>
>
> On Friday, April 5, 2013 2:58:17 PM UTC-7, Philipp Müller wrote:
>>
>> Hello,
>>
>> I have written a restful API in web2py using @request_restful() and then
>> specified the patterns and tables that I wanted to expose in the API.
>> The whole API uses basic auth, which is fine. I'm used to retrieving the
>> user, that currently uses a service by calling auth.user.id. If I wanted
>> to check what items in the database are associated with the currently
>> logged in user, I could do that with a db query.
>>
>> Using @request_restful, I would like to do the exact thing, i.e. return
>> only values, that are associated with the user, that is currently using my
>> API. I have been able to figure out how to do this, any help regarding this
>> problem would be highly appreciated.
>>
>> Kind regards,
>> Philipp
>>
>
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
