I don't think that this is the case. Because since you have both normal users and facebook users =? And you do not have to be logged in to retrieve password.
-- Thadeus On Fri, Apr 30, 2010 at 9:38 AM, Jonathan Lundell <jlund...@pobox.com> wrote: > On Apr 30, 2010, at 7:22 AM, Thadeus Burgess wrote: > >> You need to store the preferences in the database, what seems to be >> happening is you are setting the disabled actions, but its being lost >> on the next request. >> >> So along with your auth_user table you probably need to add a couple >> boolean columns to disable these options, this way it is persistant. > > Unless I'm missing something, this seems like a natural application for > web2py's roles and permissions. If so, Rohan can look at chapter 8 of the > book: http://web2py.com/book/default/section/8/0. I use it to divide my users > into 3 roles, and it's very straightforward to implement. > >> >> But for normal users they can still retrieve_password and >> change_password, so you need to check this before you call the auth >> form. >> >> def user(): >> # get the user token here, use request.args to determine URL (ie: >> user/reset_password) >> # then pull the user from the database using the email/username >> >> if my_user.retrieve_password_disabled: >> auth.settings.actions_disabled.append('retrieve_password') >> >> return dict(form=auth()) >> >> -- >> Thadeus >> >> >> >> >> >> On Fri, Apr 30, 2010 at 1:15 AM, Rohan <yourbuddyro...@gmail.com> wrote: >>> Hi All, >>> >>> I am creating a session for a user logged in from facebook and wants >>> to disable certain functions like retrieve_password, change_password >>> etc. here is the code for this >>> >>> if not auth.is_logged_in(): >>> user_obj = Storage(user_table._filter_fields(user, >>> id=True)) >>> #print 'user is not logged in' >>> session.auth = Storage(user=user_obj, >>> last_visit=request.now, expiration=auth.settings.expiration) >>> auth.user = user_obj >>> auth.settings.actions_disabled.append('retrieve_password') >>> auth.settings.actions_disabled.append('change_password') >>> >>> but user is still able to access these functions. As an alternate, I >>> was thinking of creating a group for facebook users and disable these >>> functions at group level. Is this feasible? Is there any simpler way >>> without need to create user groups? >>> >>> Thanks >>> > > >
