Done - thank you! 2012/8/21 Massimo Di Pierro <massimo.dipie...@gmail.com>
> Now I understand better. Please open an issue for enhancement and link > this thread. For now you'll have to handle with the suggested logic or > perhaps: > > if *request.controller!='appadmin':* > * if not session.org: redirect('some_error_page') > * db.auth_group._common_filter=**lambda query: (db.auth_group.org== > session.**org <http://session.org/>) > > On Tuesday, 21 August 2012 09:12:15 UTC-5, mweissen wrote: > >> Maybe I can say it in other words: >> >> (1) If I am normal user, I should only see "my" part of the table and I >> can work with it. >> This is perfectly assured by >> db.auth_group._common_filter=**l**ambda query: (db.auth_group.org== >> session.**or**g <http://session.org/>) >> >> (2) If I am the admin and if I use the admin application I want to see >> all whole tables and of course I want to have the right to edit all tables >> with common filters, independent of the value of session.org. >> >> Or, more simple: an admin (using the admin application) has access to all >> tables and all fields. >> ignore_rw does it for the readonly/writonly attribute and the same should >> be done with ignore_common_filters >> >> 2012/8/21 Massimo Di Pierro <massimo....@gmail.com> >> >> I think you want: >>> >>> from gluon.fileutils import check_credentials >>> if not *check_credentials(request):* >>> * if not session.org: redirect('some_error_page') >>> * db.auth_group._common_filter=****lambda query: (db.auth_group.org== >>> session.**or**g <http://session.org/>) >>> >>> >>> >>> On Tuesday, 21 August 2012 01:04:38 UTC-5, mweissen wrote: >>> >>>> This is the new code: >>>> >>>> from gluon.fileutils import check_credentials >>>> db.auth_group._common_filter=**l**ambda query: \ >>>> (db.auth_group.org==session.**or**g <http://session.org>) *or >>>> check_credentials(request)* >>>> >>>> I have tested check_credentials(request): it returns True - good! >>>> But - sorry! - it did not solve the problem: >>>> >>>> - Let's say I have 100 auth_group rows with org==1 and 100 >>>> auth_group rows with org==2 >>>> - The admin application tells me "100 selected", but I can *see all >>>> 200* rows. >>>> - I have tried to change one record. I can open this row, change >>>> any field and submit it. >>>> - I get the flash "*Done*" But nothing has happened - the old >>>> values are in the table. >>>> >>>> About the message "value not in database": my fault - a wrong >>>> db.auth_group.org.requires >>>> somewhere in the model. >>>> >>>> 2012/8/21 Massimo Di Pierro <massimo....@gmail.com> >>>> >>>> Apologies >>>>> >>>>> check_credentials(request) >>>>> >>>>> instead of >>>>> >>>>> check_credentials('admin') >>>>> >>>>> >>>>> On Monday, 20 August 2012 14:33:55 UTC-5, mweissen wrote: >>>>> >>>>>> A little bit more code: >>>>>> >>>>>> db.define_table('org', >>>>>> Field('orgnr', >>>>>> Field(shortname', >>>>>> length=20, >>>>>> requires=IS_LENGTH(maxsize=20,******minsize=3)), >>>>>> ... >>>>>> ) >>>>>> >>>>>> >>>>>> auth.settings.extra_fields['**au****th_group']=[ >>>>>> Field('org','reference org', >>>>>> default=lambda: session.org, >>>>>> requires=IS_IN_DB(db, 'org.id', '%(shortname)s', >>>>>> error_message=T('Not allowed')), >>>>>> ),... >>>>>> >>>>>> from gluon.fileutils import check_credentials >>>>>> >>>>>> db.auth_group._common_filter=**l****ambda query: >>>>>> (db.auth_group.org==session.**or****g <http://session.org>) or >>>>>> check_credentials('admin') >>>>>> >>>>>> >>>>>> >>>>>> Now I am using the admin interface and I try to change one row of >>>>>> auth_group. The same result as before (without >>>>>> check_credentials('admin')) >>>>>> >>>>>> - The value of auth_group.org==1. >>>>>> - The error messae is "value not in database" >>>>>> - And, of course, there is a record in db.org with db.org.id==1 >>>>>> >>>>>> To learn more about check_credentials I added: >>>>>> >>>>>> if check_credentials('admin'): print 'Admin' >>>>>> >>>>>> Only for the test. >>>>>> >>>>>> And I get a new error message: >>>>>> >>>>>> 127.0.0.1.2012-08-20.21-05-04.******43dc8360-a22d-408d-8889-**00fe62* >>>>>> ***ef4a38 >>>>>> <type 'exceptions.AttributeError'> 'str' object has no attribute 'env' >>>>>> Version web2py™ (2, 0, 0, datetime.datetime(2012, 8, 9, 8, 57, 54), >>>>>> 'dev') Python Python 2.7.2: D:\Python27\python.exe Traceback >>>>>> >>>>>> >>>>>> 1. >>>>>> 2. >>>>>> 3. >>>>>> 4. >>>>>> 5. >>>>>> 6. >>>>>> 7. >>>>>> 8. >>>>>> 9. >>>>>> >>>>>> >>>>>> Traceback (most recent call last): >>>>>> File "D:\...\web2py\gluon\**restricte****d.py", line 205, in restricted >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> exec ccode in environment >>>>>> File "D:/.../web2py/applications/**se****cure/models/db.py" >>>>>> <http://127.0.0.1:8000/admin/default/edit/secure/models/db.py>, line >>>>>> 389, in <module> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> if check_credentials('admin'): print 'Admin' >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> File "D:\...\web2py\gluon\**fileutils****.py", line 328, in >>>>>> check_credentials >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> if request.env.web2py_runtime_gae******: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> AttributeError: 'str' object has no attribute 'env' >>>>>> >>>>>> >>>>>> >>>>>> 2012/8/20 Massimo Di Pierro <massimo....@gmail.com> >>>>>> >>>>>> You can do: >>>>>>> >>>>>>> db.define_table(...., common_filter = None if not session.org else >>>>>>> (lambda query:(db.my_table.org==sessio******n.org<http://session.org/> >>>>>>> ))) >>>>>>> >>>>>>> you can also use the check: >>>>>>> >>>>>>> from gluon.fileutils import check_credentials >>>>>>> check_credentials('admin') #returns true if you are logged as admin. >>>>>>> >>>>>>> >>>>>>> On Monday, 20 August 2012 12:48:29 UTC-5, mweissen wrote: >>>>>>> >>>>>>>> (1) session.org will be set with the login. But I am an >>>>>>>> administrator: I think I should use the admin application without a >>>>>>>> login >>>>>>>> to the application itself. >>>>>>>> >>>>>>>> (2) Lets say session.org==1: now it is not possible to change a >>>>>>>> record with my_table.org==2 using the admin app. >>>>>>>> >>>>>>>> (3) Did you mean: >>>>>>>> >>>>>>>> common_filter = lambda query: >>>>>>>> (db.my_table.org==session.org)******** if session.org else True >>>>>>>> >>>>>>>> >>>>>>>> Interesting idea! >>>>>>>> >>>>>>>> 2012/8/20 Massimo Di Pierro <massimo....@gmail.com> >>>>>>>> >>>>>>>> How do you set the common filter? Seems to me if session.org is >>>>>>>>> not set, the common filter should not be set. web2py cannot ignore it >>>>>>>>> because it does the wrong thing. >>>>>>>>> >>>>>>>>> >>>>>>>>> On Monday, 20 August 2012 11:41:41 UTC-5, mweissen wrote: >>>>>>>>>> >>>>>>>>>> I have an application which should be used by some organizations. >>>>>>>>>> Therefore I have added >>>>>>>>>> >>>>>>>>>> Field('org','reference org', default=lambda:session.org), >>>>>>>>>> >>>>>>>>>> and >>>>>>>>>> >>>>>>>>>> common_filter = lambda query: db.my_table.org==session.org >>>>>>>>>> >>>>>>>>>> to my_table. session.org contails the id of the respective >>>>>>>>>> organization. >>>>>>>>>> Great feature,works fine! But using the database administration >>>>>>>>>> of the admin-application the common filter is still active. >>>>>>>>>> There is an "ignore_rw=True" in the admin application and I >>>>>>>>>> think I have read somewhere that there is also an " >>>>>>>>>> ignore_common_filters=True". >>>>>>>>>> >>>>>>>>>> If session.org is not set, a "database db select" shows strange >>>>>>>>>> effects: >>>>>>>>>> >>>>>>>>>> - I can see the first 100 rows. >>>>>>>>>> - But the message is "0 selected" >>>>>>>>>> - It is not possible to Update a record >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> A simple "ignore_common_filters=True" at the appropriate location >>>>>>>>>> should solve the problem. I have taken a quick look at the code, but >>>>>>>>>> I >>>>>>>>>> think this statement has to be "very inside", therefore I have no >>>>>>>>>> concrete >>>>>>>>>> proposal. >>>>>>>>>> >>>>>>>>>> Regards, Martin >>>>>>>>>> >>>>>>>>> >> > -- > > --