Now I understand better. Please open an issue for enhancement and link this thread. For now you'll have to handle with the suggested logic or perhaps:
if *request.controller!='appadmin':* * if not session.org: redirect('some_error_page') * db.auth_group._common_filter=lambda query: (db.auth_group.org== session.org) On Tuesday, 21 August 2012 09:12:15 UTC-5, mweissen wrote: > > Maybe I can say it in other words: > > (1) If I am normal user, I should only see "my" part of the table and I > can work with it. > This is perfectly assured by > db.auth_group._common_filter=**lambda query: (db.auth_group.org==session.* > *org <http://session.org/>) > > (2) If I am the admin and if I use the admin application I want to see all > whole tables and of course I want to have the right to edit all tables with > common filters, independent of the value of session.org. > > Or, more simple: an admin (using the admin application) has access to all > tables and all fields. > ignore_rw does it for the readonly/writonly attribute and the same should > be done with ignore_common_filters > > 2012/8/21 Massimo Di Pierro <massimo....@gmail.com <javascript:>> > >> I think you want: >> >> from gluon.fileutils import check_credentials >> if not *check_credentials(request):* >> * if not session.org: redirect('some_error_page') >> * db.auth_group._common_filter=**lambda query: (db.auth_group.org== >> session.**org <http://session.org/>) >> >> >> >> On Tuesday, 21 August 2012 01:04:38 UTC-5, mweissen wrote: >> >>> This is the new code: >>> >>> from gluon.fileutils import check_credentials >>> db.auth_group._common_filter=**lambda query: \ >>> (db.auth_group.org==session.**org <http://session.org>) *or >>> check_credentials(request)* >>> >>> I have tested check_credentials(request): it returns True - good! >>> But - sorry! - it did not solve the problem: >>> >>> - Let's say I have 100 auth_group rows with org==1 and 100 >>> auth_group rows with org==2 >>> - The admin application tells me "100 selected", but I can *see all >>> 200* rows. >>> - I have tried to change one record. I can open this row, change any >>> field and submit it. >>> - I get the flash "*Done*" But nothing has happened - the old values >>> are in the table. >>> >>> About the message "value not in database": my fault - a wrong >>> db.auth_group.org.requires >>> somewhere in the model. >>> >>> 2012/8/21 Massimo Di Pierro <massimo....@gmail.com> >>> >>> Apologies >>>> >>>> check_credentials(request) >>>> >>>> instead of >>>> >>>> check_credentials('admin') >>>> >>>> >>>> On Monday, 20 August 2012 14:33:55 UTC-5, mweissen wrote: >>>> >>>>> A little bit more code: >>>>> >>>>> db.define_table('org', >>>>> Field('orgnr', >>>>> Field(shortname', >>>>> length=20, >>>>> requires=IS_LENGTH(maxsize=20,****minsize=3)), >>>>> ... >>>>> ) >>>>> >>>>> >>>>> auth.settings.extra_fields['**au**th_group']=[ >>>>> Field('org','reference org', >>>>> default=lambda: session.org, >>>>> requires=IS_IN_DB(db, 'org.id', '%(shortname)s', >>>>> error_message=T('Not allowed')), >>>>> ),... >>>>> >>>>> from gluon.fileutils import check_credentials >>>>> >>>>> db.auth_group._common_filter=**l**ambda query: >>>>> (db.auth_group.org==session.**or**g <http://session.org>) or >>>>> check_credentials('admin') >>>>> >>>>> >>>>> >>>>> Now I am using the admin interface and I try to change one row of >>>>> auth_group. The same result as before (without >>>>> check_credentials('admin')) >>>>> >>>>> - The value of auth_group.org==1. >>>>> - The error messae is "value not in database" >>>>> - And, of course, there is a record in db.org with db.org.id==1 >>>>> >>>>> To learn more about check_credentials I added: >>>>> >>>>> if check_credentials('admin'): print 'Admin' >>>>> >>>>> Only for the test. >>>>> >>>>> And I get a new error message: >>>>> >>>>> 127.0.0.1.2012-08-20.21-05-04.****43dc8360-a22d-408d-8889-**00fe62** >>>>> ef4a38 >>>>> <type 'exceptions.AttributeError'> 'str' object has no attribute 'env' >>>>> Version web2py™ (2, 0, 0, datetime.datetime(2012, 8, 9, 8, 57, 54), >>>>> 'dev') Python Python 2.7.2: D:\Python27\python.exe Traceback >>>>> >>>>> 1. >>>>> 2. >>>>> 3. >>>>> 4. >>>>> 5. >>>>> 6. >>>>> 7. >>>>> 8. >>>>> 9. >>>>> >>>>> Traceback (most recent call last): >>>>> File "D:\...\web2py\gluon\**restricte**d.py", line 205, in restricted >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> exec ccode in environment >>>>> File "D:/.../web2py/applications/**se**cure/models/db.py" >>>>> <http://127.0.0.1:8000/admin/default/edit/secure/models/db.py>, line 389, >>>>> in <module> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> if check_credentials('admin'): print 'Admin' >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> File "D:\...\web2py\gluon\**fileutils**.py", line 328, in >>>>> check_credentials >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> if request.env.web2py_runtime_gae****: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> AttributeError: 'str' object has no attribute 'env' >>>>> >>>>> >>>>> >>>>> 2012/8/20 Massimo Di Pierro <massimo....@gmail.com> >>>>> >>>>> You can do: >>>>>> >>>>>> db.define_table(...., common_filter = None if not session.org else >>>>>> (lambda query:(db.my_table.org==sessio****n.org <http://session.org/> >>>>>> ))) >>>>>> >>>>>> you can also use the check: >>>>>> >>>>>> from gluon.fileutils import check_credentials >>>>>> check_credentials('admin') #returns true if you are logged as admin. >>>>>> >>>>>> >>>>>> On Monday, 20 August 2012 12:48:29 UTC-5, mweissen wrote: >>>>>> >>>>>>> (1) session.org will be set with the login. But I am an >>>>>>> administrator: I think I should use the admin application without a >>>>>>> login >>>>>>> to the application itself. >>>>>>> >>>>>>> (2) Lets say session.org==1: now it is not possible to change a >>>>>>> record with my_table.org==2 using the admin app. >>>>>>> >>>>>>> (3) Did you mean: >>>>>>> >>>>>>> common_filter = lambda query: >>>>>>> (db.my_table.org==session.org)****** if session.org else True >>>>>>> >>>>>>> >>>>>>> Interesting idea! >>>>>>> >>>>>>> 2012/8/20 Massimo Di Pierro <massimo....@gmail.com> >>>>>>> >>>>>>> How do you set the common filter? Seems to me if session.org is not >>>>>>>> set, the common filter should not be set. web2py cannot ignore it >>>>>>>> because >>>>>>>> it does the wrong thing. >>>>>>>> >>>>>>>> >>>>>>>> On Monday, 20 August 2012 11:41:41 UTC-5, mweissen wrote: >>>>>>>>> >>>>>>>>> I have an application which should be used by some organizations. >>>>>>>>> Therefore I have added >>>>>>>>> >>>>>>>>> Field('org','reference org', default=lambda:session.org), >>>>>>>>> >>>>>>>>> and >>>>>>>>> >>>>>>>>> common_filter = lambda query: db.my_table.org==session.org >>>>>>>>> >>>>>>>>> to my_table. session.org contails the id of the respective >>>>>>>>> organization. >>>>>>>>> Great feature,works fine! But using the database administration of >>>>>>>>> the admin-application the common filter is still active. >>>>>>>>> There is an "ignore_rw=True" in the admin application and I think >>>>>>>>> I have read somewhere that there is also an " >>>>>>>>> ignore_common_filters=True". >>>>>>>>> >>>>>>>>> If session.org is not set, a "database db select" shows strange >>>>>>>>> effects: >>>>>>>>> >>>>>>>>> - I can see the first 100 rows. >>>>>>>>> - But the message is "0 selected" >>>>>>>>> - It is not possible to Update a record >>>>>>>>> >>>>>>>>> >>>>>>>>> A simple "ignore_common_filters=True" at the appropriate location >>>>>>>>> should solve the problem. I have taken a quick look at the code, but >>>>>>>>> I >>>>>>>>> think this statement has to be "very inside", therefore I have no >>>>>>>>> concrete >>>>>>>>> proposal. >>>>>>>>> >>>>>>>>> Regards, Martin >>>>>>>>> >>>>>>>> > --