Something quick for you to try... 1. Make sure your owner_id field has a user_id saved in there. Take a look through the admin.
2. You may wish to add this to the field definition so it will save your logged in user: default=auth.user_id Field('owner_id', db.auth_user,default=auth.user_id, readable=False, writable=False) 3. Make a function like this in your default.py controller file: @auth.requires_login() def test(): rows = db(db.detail.owner_id==auth.user_id).select() return dict(rows=rows, message='Hello to %s (Id: %s)'% (auth.user.first_name,auth.user_id)) The decorator @auth.requires_login() forces you to log in. The message=... part is just a bit of fun, it shows who is currently logged in. 4. Try it in your browser: e.g. http://yourserver/yourapp/default/test Good luck :) On Feb 11, 8:54 pm, Ed Greenberg <greenberg...@gmail.com> wrote: > I am adding authentication and limitations to an app. Consider two > tables: > > db_define_table('detail', > , Field('detail_item', type='string',label=T('Item')) > , FIeld('owner_id', db.auth_user, readable=False, writable=False) > ) > > I have a controller that includes a method to list all records in the > detail tale, and now I need to limit it to records owned by the logged > in user. > > I've reviewed all of chapter 8, and also the source code for the Auth > class. I still don't see how to implement this. If I could know who > is logged in, I could handle it in my select. > > There's probably a web2py best practice for this, as well. > > Can somebody please explain. > > Thanks, > Ed Greenberg