Frankly, I would just store the user as the owner in all of those tables.
Probably using auth.signature().
You could do a very inefficient recursive select but I don't see any
advantage.
Something like:
task = db.tasks[5]
if task.job.project.owner != auth.user_id: # You are doing a select for
each dot you see here:
raise HTTP(403) # Forbidden
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
