Awesome! Thanks Anthony, I think that's precisely the solution I was hoping existed. The login issue should not be a problem since I already have @auth.requires('login') in front of every controller function.
So if I'm understanding common filters correctly, the common_filter on my t_circuits table will need to be something like def circuit_filter(query): """ Allow only records where auth_user matches the organization, site or building that owns the system that owns this circuit. """ eml = auth.user.email sys = db.t_circuit.f_system bldg = sys.f_building site = bldg.f_site org = site.f_organization filter = ((bldg.f_contact_email == eml) | (site.f_contact_email == eml) | (org.f_contact_email == eml)) return filter Does that look right? On Sat, Apr 21, 2012 at 5:10 PM, Anthony <abasta...@gmail.com> wrote: > http://web2py.com/books/default/chapter/29/6#Common-filters