Sorry, I made a silly error is using the user_signature. It should be a part of URL call. This line should read (note the change in ")" bracket)
grid = SQLFORM.grid(query, links = [lambda row: A('Results', _class='btn',_href =URL("default","calculate", args=[row.id],user_signature=True, hash_vars= True))],csv=False, oncreate=scenario_create) On Wednesday, October 2, 2013 2:39:42 PM UTC-5, P T wrote: > > I am using version 2.6.4 on Windows 7 machine and having a problem with > using user_signature and auth.requires_signature. > > I am using SQLFORM.grid to display a list of scenarios created by the > logged-in user. I included an additional button "Results", which calls > another function "calculate" and passing the row.id. This works fine but > the logged-in user can simply type an url like " > http://127.0.0.1:8000/test/default/calculate/12" and view results from > other users' scenarios. > > @auth.requires_login() > def listscenarios(): > query = (db.scenario.created_by == auth.user.id) > grid = SQLFORM.grid(query, links = [lambda row: A('Results', _class= > 'btn', _href=URL("default","calculate", args=[row.id]))],csv=False,oncreate > =scenario_create) > return dict(grid=grid) > > def calculate(): > if not request.args(0): > return '' > else: > ## do the required calculations > > redirect(URL('voltageprofile')) > > > By reading the book and searching the group, I decorated the functions > with user_signature and auth.requires_signature. But, now I get "Not > authorized" page for all users. > > > @auth.requires_login() > def listscenarios(): > query = (db.scenario.created_by == auth.user.id) > grid = SQLFORM.grid(query, links = [lambda row: A('Results', _class= > 'btn', _href=URL("default","calculate", args=[row.id]),user_signature=True > , hash_vars=True)],csv=False, oncreate=scenario_create) > return dict(grid=grid) > > > @auth.requires_signature() > def calculate(): > > if not request.args(0): > return '' > else: > ## do the required calculations > > redirect(URL('voltageprofile')) > > Please help in correctly implementing this. > > Thanks, > PT > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.