I am trying to create a site where users can create pages. The user has a "wall" which lists all the pages that they have created. They can then view any of the pages that they have created. I am trying to set an authorisation so that only the page author can view the respective page.
What I have done follows: In my model I create a table called "pages". Each page that is created has a reference key to the author that created it. db.define_table('pages', Field('user_id', 'reference auth_user', default=auth.user_id), Field('name', 'string', required=True), Field('created_on', 'datetime', default=request.now)) The wall method in the controller shows that each user has a "wall" that lists all the pages that they have created. They can then click on an item in the list and be directed to the relevant page by passing the page pk in the url. @auth.requires_login() def wall(): pages = db(db.pages.user_id == auth.user.id).select(db.pages.ALL) return dict(pages = pages) I have tried two different decorators above the "page" method (seen as comments) in an attempt to make these pages only viewable by their respective authors. The decorators that I have tried do only let their creator view them but they cause the rest of the site to return a 404 page. I am not sure why. #@auth.requires(auth.user_id==db.pages(request.args(0, cast = int)).user_id, requires_login=True) #@auth.requires_membership('user_' + str(db.pages(request.args(0, cast = int)).user_id)) def page(): this_page = db.pages(request.args(0, cast = int)) or redirect(URL('wall' )) ... return ... What is the best method to give only the creator of a page permission to view it? -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.