On Apr 30, 2010, at 7:22 AM, Thadeus Burgess wrote:

> You need to store the preferences in the database, what seems to be
> happening is you are setting the disabled actions, but its being lost
> on the next request.
> 
> So along with your auth_user table you probably need to add a couple
> boolean columns to disable these options, this way it is persistant.

Unless I'm missing something, this seems like a natural application for 
web2py's roles and permissions. If so, Rohan can look at chapter 8 of the book: 
http://web2py.com/book/default/section/8/0. I use it to divide my users into 3 
roles, and it's very straightforward to implement.

> 
> But for normal users they can still retrieve_password and
> change_password, so you need to check this before you call the auth
> form.
> 
> def user():
>    # get the user token here, use request.args to determine URL (ie:
> user/reset_password)
>    # then pull the user from the database using the email/username
> 
>    if my_user.retrieve_password_disabled:
>       auth.settings.actions_disabled.append('retrieve_password')
> 
>    return dict(form=auth())
> 
> --
> Thadeus
> 
> 
> 
> 
> 
> On Fri, Apr 30, 2010 at 1:15 AM, Rohan <yourbuddyro...@gmail.com> wrote:
>> Hi All,
>> 
>> I am creating a session for a user logged in from facebook and wants
>> to disable certain functions like retrieve_password, change_password
>> etc. here is the code for this
>> 
>>        if not auth.is_logged_in():
>>            user_obj = Storage(user_table._filter_fields(user,
>> id=True))
>>            #print 'user is not logged in'
>>            session.auth = Storage(user=user_obj,
>> last_visit=request.now, expiration=auth.settings.expiration)
>>            auth.user = user_obj
>>            auth.settings.actions_disabled.append('retrieve_password')
>>            auth.settings.actions_disabled.append('change_password')
>> 
>> but user is still able to access these functions. As an alternate, I
>> was thinking of creating a group for facebook users and disable these
>> functions at group level. Is this feasible? Is there any simpler way
>> without need to create user groups?
>> 
>> Thanks
>> 


Reply via email to