Does this help: patterns = [ "/friends[person]", "/{person.name}/:field", ... ("/dogs[pet]", db.pet.info=='dog'), ("/mydogs[pet]/{pet.name.startswith}", db.pet.owner==auth.user.id), #<<<<< ]
On Sunday, 7 April 2013 08:28:10 UTC-5, Philipp Müller wrote: > > Hello, > > yes, all the methods are decorated with @requires_login(). The login > itself is not the problem, that works fine. > The issue is, that I want to return user-specific results in my api. > Exposing one table by writing something along the lines of: > > @request.restful() > @auth.requires_login() > def v1(): > response.view = 'api.json'# +request.extension > def GET(*args, **vars): > > patterns = [ > "/stores[store]" ] > > parser = db.parse_as_rest(patterns, args, vars) > if parser.status == 200: > return dict(content=parser.response) > else: > raise HTTP(parser.status, parser.error) > > works fine. > > When I write "normal" database queries, that I want to return (logged in) > user-specific data, I can do it like this, i.e. to return the pets of a > user: > > def petsForOwnerQuery(): > pets = (db.pets.owner == db.owner.auth) > return selectedStores > > then i can go on and retrieve the currently logged in owner like this: > > def ownerFromAuthUserQuery(): > loggedInOwner = (db.owner.auth == auth.user.id) > return loggedInCustomer > > Combining these queries, I can retrieve the pets for the currently logged > in user. > > My question now is, how I can accomplish this, using the > @require_restful() decorator in my API. > > Thank you & regards, > Philipp > > > Am Samstag, 6. April 2013 19:40:39 UTC+2 schrieb Christian Foster Howes: >> >> have you tried decorating your GET/PUT/POST/DELETE methods with the >> @requires_login()? >> >> @request.restful() >> def user(): >> @requires_login() >> def GET(*args, **kwargs): >> .... >> >> i'm doing something similar to that...but with a custom decorator rather >> than requires_login. >> >> cfh >> >> >> On Friday, April 5, 2013 2:58:17 PM UTC-7, Philipp Müller wrote: >>> >>> Hello, >>> >>> I have written a restful API in web2py using @request_restful() and then >>> specified the patterns and tables that I wanted to expose in the API. >>> The whole API uses basic auth, which is fine. I'm used to retrieving the >>> user, that currently uses a service by calling auth.user.id. If I >>> wanted to check what items in the database are associated with the >>> currently logged in user, I could do that with a db query. >>> >>> Using @request_restful, I would like to do the exact thing, i.e. return >>> only values, that are associated with the user, that is currently using my >>> API. I have been able to figure out how to do this, any help regarding this >>> problem would be highly appreciated. >>> >>> Kind regards, >>> Philipp >>> >> -- --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.