@ Richard, (1) regarding this line {{if auth.has_permission('update', request.args(0)):}}, how does user get permissions in the first place (2) what would the args look like?
@ Massimo, column-value-based permission would be very useful in situations like a data-mart where different users share same table but should not be allowed to see each other's data. Access control in auth_permission would only need to be in one place, but if done through the controller it introduces more opportunity for programmer error to expose sensitive data in many places if there are many controller functions for various purposes accessing the table throughout the app. Think of a police or intelligence app where all persons are in one table but only want secret operatives revealed to restricted group. Or state licensing boards sharing same data but should not be allowed to view each other's licensee SSNs and investigative data. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.