Probably handle that in the view.
On Sunday, May 4, 2014 2:28:57 AM UTC-7, Sidney Rubidge wrote:
>
> I am trying to create a site where users can create pages. The user has a
> "wall" which lists all the pages that they have created. They can then view
> any of the pages that they have created. I am trying to set an
> authorisation so that only the page author can view the respective page.
>
> What I have done follows:
>
>
> In my model I create a table called "pages". Each page that is created has
> a reference key to the author that created it.
>
> db.define_table('pages',
> Field('user_id', 'reference auth_user', default=auth.user_id),
> Field('name', 'string', required=True),
> Field('created_on', 'datetime', default=request.now))
>
>
> The wall method in the controller shows that each user has a "wall" that
> lists all the pages that they have created. They can then click on an item
> in the list and be directed to the relevant page by passing the page pk in
> the url.
>
> @auth.requires_login()
> def wall():
> pages = db(db.pages.user_id == auth.user.id).select(db.pages.ALL)
> return dict(pages = pages)
>
>
> I have tried two different decorators above the "page" method (seen as
> comments) in an attempt to make these pages only viewable by their
> respective authors. The decorators that I have tried do only let their
> creator view them but they cause the rest of the site to return a 404 page.
> I am not sure why.
>
> #@auth.requires(auth.user_id==db.pages(request.args(0, cast =
> int)).user_id, requires_login=True)
> #@auth.requires_membership('user_' + str(db.pages(request.args(0, cast =
> int)).user_id))
> def page():
> this_page = db.pages(request.args(0, cast = int)) or redirect(URL(
> 'wall'))
> ...
> return ...
>
> What is the best method to give only the creator of a page permission to
> view it?
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
