On Apr 30, 2010, at 8:34 AM, Thadeus Burgess wrote: > I don't think that this is the case. Because since you have both > normal users and facebook users =? And you do not have to be logged in > to retrieve password.
Maybe so. But you're retrieving a password associated with a user, and that user can have an assigned role with permissions. You'll still have to *check* the permissions. > > -- > Thadeus > > > > > > On Fri, Apr 30, 2010 at 9:38 AM, Jonathan Lundell <jlund...@pobox.com> wrote: >> On Apr 30, 2010, at 7:22 AM, Thadeus Burgess wrote: >> >>> You need to store the preferences in the database, what seems to be >>> happening is you are setting the disabled actions, but its being lost >>> on the next request. >>> >>> So along with your auth_user table you probably need to add a couple >>> boolean columns to disable these options, this way it is persistant. >> >> Unless I'm missing something, this seems like a natural application for >> web2py's roles and permissions. If so, Rohan can look at chapter 8 of the >> book: http://web2py.com/book/default/section/8/0. I use it to divide my >> users into 3 roles, and it's very straightforward to implement. >> >>> >>> But for normal users they can still retrieve_password and >>> change_password, so you need to check this before you call the auth >>> form. >>> >>> def user(): >>> # get the user token here, use request.args to determine URL (ie: >>> user/reset_password) >>> # then pull the user from the database using the email/username >>> >>> if my_user.retrieve_password_disabled: >>> auth.settings.actions_disabled.append('retrieve_password') >>> >>> return dict(form=auth()) >>> >>> -- >>> Thadeus >>> >>> >>> >>> >>> >>> On Fri, Apr 30, 2010 at 1:15 AM, Rohan <yourbuddyro...@gmail.com> wrote: >>>> Hi All, >>>> >>>> I am creating a session for a user logged in from facebook and wants >>>> to disable certain functions like retrieve_password, change_password >>>> etc. here is the code for this >>>> >>>> if not auth.is_logged_in(): >>>> user_obj = Storage(user_table._filter_fields(user, >>>> id=True)) >>>> #print 'user is not logged in' >>>> session.auth = Storage(user=user_obj, >>>> last_visit=request.now, expiration=auth.settings.expiration) >>>> auth.user = user_obj >>>> auth.settings.actions_disabled.append('retrieve_password') >>>> auth.settings.actions_disabled.append('change_password') >>>> >>>> but user is still able to access these functions. As an alternate, I >>>> was thinking of creating a group for facebook users and disable these >>>> functions at group level. Is this feasible? Is there any simpler way >>>> without need to create user groups? >>>> >>>> Thanks >>>> >> >> >>
