Something quick for you to try...
1. Make sure your owner_id field has a user_id saved in there. Take a
look through the admin.
2. You may wish to add this to the field definition so it will save
your logged in user: default=auth.user_id
Field('owner_id', db.auth_user,default=auth.user_id, readable=False,
writable=False)
3. Make a function like this in your default.py controller file:
@auth.requires_login()
def test():
rows = db(db.detail.owner_id==auth.user_id).select()
return dict(rows=rows, message='Hello to %s (Id: %s)'%
(auth.user.first_name,auth.user_id))
The decorator @auth.requires_login() forces you to log in.
The message=... part is just a bit of fun, it shows who is currently
logged in.
4. Try it in your browser: e.g. http://yourserver/yourapp/default/test
Good luck :)
On Feb 11, 8:54 pm, Ed Greenberg <greenberg...@gmail.com> wrote:
> I am adding authentication and limitations to an app. Consider two
> tables:
>
> db_define_table('detail',
> , Field('detail_item', type='string',label=T('Item'))
> , FIeld('owner_id', db.auth_user, readable=False, writable=False)
> )
>
> I have a controller that includes a method to list all records in the
> detail tale, and now I need to limit it to records owned by the logged
> in user.
>
> I've reviewed all of chapter 8, and also the source code for the Auth
> class. I still don't see how to implement this. If I could know who
> is logged in, I could handle it in my select.
>
> There's probably a web2py best practice for this, as well.
>
> Can somebody please explain.
>
> Thanks,
> Ed Greenberg
