Now I understand better. Please open an issue for enhancement and link this
thread. For now you'll have to handle with the suggested logic or perhaps:
if *request.controller!='appadmin':*
* if not session.org: redirect('some_error_page')
* db.auth_group._common_filter=lambda query: (db.auth_group.org==
session.org)
On Tuesday, 21 August 2012 09:12:15 UTC-5, mweissen wrote:
>
> Maybe I can say it in other words:
>
> (1) If I am normal user, I should only see "my" part of the table and I
> can work with it.
> This is perfectly assured by
> db.auth_group._common_filter=**lambda query: (db.auth_group.org==session.*
> *org <http://session.org/>)
>
> (2) If I am the admin and if I use the admin application I want to see all
> whole tables and of course I want to have the right to edit all tables with
> common filters, independent of the value of session.org.
>
> Or, more simple: an admin (using the admin application) has access to all
> tables and all fields.
> ignore_rw does it for the readonly/writonly attribute and the same should
> be done with ignore_common_filters
>
> 2012/8/21 Massimo Di Pierro <massimo....@gmail.com <javascript:>>
>
>> I think you want:
>>
>> from gluon.fileutils import check_credentials
>> if not *check_credentials(request):*
>> * if not session.org: redirect('some_error_page')
>> * db.auth_group._common_filter=**lambda query: (db.auth_group.org==
>> session.**org <http://session.org/>)
>>
>>
>>
>> On Tuesday, 21 August 2012 01:04:38 UTC-5, mweissen wrote:
>>
>>> This is the new code:
>>>
>>> from gluon.fileutils import check_credentials
>>> db.auth_group._common_filter=**lambda query: \
>>> (db.auth_group.org==session.**org <http://session.org>) *or
>>> check_credentials(request)*
>>>
>>> I have tested check_credentials(request): it returns True - good!
>>> But - sorry! - it did not solve the problem:
>>>
>>> - Let's say I have 100 auth_group rows with org==1 and 100
>>> auth_group rows with org==2
>>> - The admin application tells me "100 selected", but I can *see all
>>> 200* rows.
>>> - I have tried to change one record. I can open this row, change any
>>> field and submit it.
>>> - I get the flash "*Done*" But nothing has happened - the old values
>>> are in the table.
>>>
>>> About the message "value not in database": my fault - a wrong
>>> db.auth_group.org.requires
>>> somewhere in the model.
>>>
>>> 2012/8/21 Massimo Di Pierro <massimo....@gmail.com>
>>>
>>> Apologies
>>>>
>>>> check_credentials(request)
>>>>
>>>> instead of
>>>>
>>>> check_credentials('admin')
>>>>
>>>>
>>>> On Monday, 20 August 2012 14:33:55 UTC-5, mweissen wrote:
>>>>
>>>>> A little bit more code:
>>>>>
>>>>> db.define_table('org',
>>>>> Field('orgnr',
>>>>> Field(shortname',
>>>>> length=20,
>>>>> requires=IS_LENGTH(maxsize=20,****minsize=3)),
>>>>> ...
>>>>> )
>>>>>
>>>>>
>>>>> auth.settings.extra_fields['**au**th_group']=[
>>>>> Field('org','reference org',
>>>>> default=lambda: session.org,
>>>>> requires=IS_IN_DB(db, 'org.id', '%(shortname)s',
>>>>> error_message=T('Not allowed')),
>>>>> ),...
>>>>>
>>>>> from gluon.fileutils import check_credentials
>>>>>
>>>>> db.auth_group._common_filter=**l**ambda query:
>>>>> (db.auth_group.org==session.**or**g <http://session.org>) or
>>>>> check_credentials('admin')
>>>>>
>>>>>
>>>>>
>>>>> Now I am using the admin interface and I try to change one row of
>>>>> auth_group. The same result as before (without
>>>>> check_credentials('admin'))
>>>>>
>>>>> - The value of auth_group.org==1.
>>>>> - The error messae is "value not in database"
>>>>> - And, of course, there is a record in db.org with db.org.id==1
>>>>>
>>>>> To learn more about check_credentials I added:
>>>>>
>>>>> if check_credentials('admin'): print 'Admin'
>>>>>
>>>>> Only for the test.
>>>>>
>>>>> And I get a new error message:
>>>>>
>>>>> 127.0.0.1.2012-08-20.21-05-04.****43dc8360-a22d-408d-8889-**00fe62**
>>>>> ef4a38
>>>>> <type 'exceptions.AttributeError'> 'str' object has no attribute 'env'
>>>>> Version web2py™ (2, 0, 0, datetime.datetime(2012, 8, 9, 8, 57, 54),
>>>>> 'dev') Python Python 2.7.2: D:\Python27\python.exe Traceback
>>>>>
>>>>> 1.
>>>>> 2.
>>>>> 3.
>>>>> 4.
>>>>> 5.
>>>>> 6.
>>>>> 7.
>>>>> 8.
>>>>> 9.
>>>>>
>>>>> Traceback (most recent call last):
>>>>> File "D:\...\web2py\gluon\**restricte**d.py", line 205, in restricted
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> exec ccode in environment
>>>>> File "D:/.../web2py/applications/**se**cure/models/db.py"
>>>>> <http://127.0.0.1:8000/admin/default/edit/secure/models/db.py>, line 389,
>>>>> in <module>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> if check_credentials('admin'): print 'Admin'
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> File "D:\...\web2py\gluon\**fileutils**.py", line 328, in
>>>>> check_credentials
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> if request.env.web2py_runtime_gae****:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> AttributeError: 'str' object has no attribute 'env'
>>>>>
>>>>>
>>>>>
>>>>> 2012/8/20 Massimo Di Pierro <massimo....@gmail.com>
>>>>>
>>>>> You can do:
>>>>>>
>>>>>> db.define_table(...., common_filter = None if not session.org else
>>>>>> (lambda query:(db.my_table.org==sessio****n.org <http://session.org/>
>>>>>> )))
>>>>>>
>>>>>> you can also use the check:
>>>>>>
>>>>>> from gluon.fileutils import check_credentials
>>>>>> check_credentials('admin') #returns true if you are logged as admin.
>>>>>>
>>>>>>
>>>>>> On Monday, 20 August 2012 12:48:29 UTC-5, mweissen wrote:
>>>>>>
>>>>>>> (1) session.org will be set with the login. But I am an
>>>>>>> administrator: I think I should use the admin application without a
>>>>>>> login
>>>>>>> to the application itself.
>>>>>>>
>>>>>>> (2) Lets say session.org==1: now it is not possible to change a
>>>>>>> record with my_table.org==2 using the admin app.
>>>>>>>
>>>>>>> (3) Did you mean:
>>>>>>>
>>>>>>> common_filter = lambda query:
>>>>>>> (db.my_table.org==session.org)****** if session.org else True
>>>>>>>
>>>>>>>
>>>>>>> Interesting idea!
>>>>>>>
>>>>>>> 2012/8/20 Massimo Di Pierro <massimo....@gmail.com>
>>>>>>>
>>>>>>> How do you set the common filter? Seems to me if session.org is not
>>>>>>>> set, the common filter should not be set. web2py cannot ignore it
>>>>>>>> because
>>>>>>>> it does the wrong thing.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Monday, 20 August 2012 11:41:41 UTC-5, mweissen wrote:
>>>>>>>>>
>>>>>>>>> I have an application which should be used by some organizations.
>>>>>>>>> Therefore I have added
>>>>>>>>>
>>>>>>>>> Field('org','reference org', default=lambda:session.org),
>>>>>>>>>
>>>>>>>>> and
>>>>>>>>>
>>>>>>>>> common_filter = lambda query: db.my_table.org==session.org
>>>>>>>>>
>>>>>>>>> to my_table. session.org contails the id of the respective
>>>>>>>>> organization.
>>>>>>>>> Great feature,works fine! But using the database administration of
>>>>>>>>> the admin-application the common filter is still active.
>>>>>>>>> There is an "ignore_rw=True" in the admin application and I think
>>>>>>>>> I have read somewhere that there is also an "
>>>>>>>>> ignore_common_filters=True".
>>>>>>>>>
>>>>>>>>> If session.org is not set, a "database db select" shows strange
>>>>>>>>> effects:
>>>>>>>>>
>>>>>>>>> - I can see the first 100 rows.
>>>>>>>>> - But the message is "0 selected"
>>>>>>>>> - It is not possible to Update a record
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> A simple "ignore_common_filters=True" at the appropriate location
>>>>>>>>> should solve the problem. I have taken a quick look at the code, but
>>>>>>>>> I
>>>>>>>>> think this statement has to be "very inside", therefore I have no
>>>>>>>>> concrete
>>>>>>>>> proposal.
>>>>>>>>>
>>>>>>>>> Regards, Martin
>>>>>>>>>
>>>>>>>>
>
--
