Have you tried user_signature=True? On Tuesday, June 20, 2017 at 6:42:11 AM UTC-4, T.R.Rajkumar wrote: > > I have this page from the edit button of the child. > > http://127.0.0.1:8000/web_ocms/amc/new_contract/amc_master/amc_details.amc_id/17/edit/amc_details/10 > Here 17 is the id of the master and 10 is the id of the child. > I have set common_filter in controller so that the records of master and > child belonging to the logged in user is listed in grid. > So in controller I check the master id and child id and if not of the user > I raise a flash tampering not allowed and redirect to the master grid. > So far OK. > But now if 17 and 10 are tampered to say 20 and 25 and the new record also > belongs to the user the form show the record to edit. > I would like that the tampering of url not be allowed. That is if one > clicks the edit button and gets the above url I should allow processing > only with 17 and 10 and not any other record. > Thanks for suggestions. >
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
