On Apr 30, 2010, at 7:22 AM, Thadeus Burgess wrote: > You need to store the preferences in the database, what seems to be > happening is you are setting the disabled actions, but its being lost > on the next request. > > So along with your auth_user table you probably need to add a couple > boolean columns to disable these options, this way it is persistant.
Unless I'm missing something, this seems like a natural application for web2py's roles and permissions. If so, Rohan can look at chapter 8 of the book: http://web2py.com/book/default/section/8/0. I use it to divide my users into 3 roles, and it's very straightforward to implement. > > But for normal users they can still retrieve_password and > change_password, so you need to check this before you call the auth > form. > > def user(): > # get the user token here, use request.args to determine URL (ie: > user/reset_password) > # then pull the user from the database using the email/username > > if my_user.retrieve_password_disabled: > auth.settings.actions_disabled.append('retrieve_password') > > return dict(form=auth()) > > -- > Thadeus > > > > > > On Fri, Apr 30, 2010 at 1:15 AM, Rohan <yourbuddyro...@gmail.com> wrote: >> Hi All, >> >> I am creating a session for a user logged in from facebook and wants >> to disable certain functions like retrieve_password, change_password >> etc. here is the code for this >> >> if not auth.is_logged_in(): >> user_obj = Storage(user_table._filter_fields(user, >> id=True)) >> #print 'user is not logged in' >> session.auth = Storage(user=user_obj, >> last_visit=request.now, expiration=auth.settings.expiration) >> auth.user = user_obj >> auth.settings.actions_disabled.append('retrieve_password') >> auth.settings.actions_disabled.append('change_password') >> >> but user is still able to access these functions. As an alternate, I >> was thinking of creating a group for facebook users and disable these >> functions at group level. Is this feasible? Is there any simpler way >> without need to create user groups? >> >> Thanks >>