any method to control column access
6 views
Skip to first unread message
phneoix
Mar 8, 2009, 10:01:51 PM3/8/09
to web2py Web Framework
hi,
i would like to know to know whether it is possibe to control the
column access for users. i am having multiple users accessing the same
table where i need to control the column access individually for each
user and generate the forms automatically based on the column
priviliges. is there any way to achieve this in web2py.
thanks
i would like to know to know whether it is possibe to control the
column access for users. i am having multiple users accessing the same
table where i need to control the column access individually for each
user and generate the forms automatically based on the column
priviliges. is there any way to achieve this in web2py.
thanks
mdipierro
Mar 8, 2009, 11:58:31 PM3/8/09
to web2py Web Framework
yes. for example:
# use the new group based authenticaion
auth=Auth(globals(),db)
# create a group
gid=auth.add_group('administrator')
# chose a user, for example the user logged in
uid=auth.user.id
# make the user member of the group
auth.add_membership(gid, pid)
# give members of the group a certain permission, let's call it
"edit_somefield" on db.sometable
auth.add_perimission(gid,"edit_somefield", db.sometable)
# explain web2py what "edit_somefield" mean
db.sometable.somefield.writable=auth.has_permission
("edit_somefield",db.sometable)
Hope this helps. I wish I had time to document this better. Hopefully
in a couple of weeks.
Massimo
# use the new group based authenticaion
auth=Auth(globals(),db)
# create a group
gid=auth.add_group('administrator')
# chose a user, for example the user logged in
uid=auth.user.id
# make the user member of the group
auth.add_membership(gid, pid)
# give members of the group a certain permission, let's call it
"edit_somefield" on db.sometable
auth.add_perimission(gid,"edit_somefield", db.sometable)
# explain web2py what "edit_somefield" mean
db.sometable.somefield.writable=auth.has_permission
("edit_somefield",db.sometable)
Hope this helps. I wish I had time to document this better. Hopefully
in a couple of weeks.
Massimo
David Marko
Mar 9, 2009, 4:16:17 AM3/9/09
to web2py Web Framework
Its very usefull feature. Does it mean that field is not generate
using SQLFORM only or its not saved even when user submit this field
to server in any(spoof) way?
David
using SQLFORM only or its not saved even when user submit this field
to server in any(spoof) way?
David
mdipierro
Mar 9, 2009, 9:36:52 AM3/9/09
to web2py Web Framework
SQLFORM(db.sometable)
only displays somefield IF db.sometable.somefield.writable==True
and
SQLFORM(db.sometable, readonly=True)
only displays somefield IF db.sometable.somefield.readable==True
only displays somefield IF db.sometable.somefield.writable==True
and
SQLFORM(db.sometable, readonly=True)
only displays somefield IF db.sometable.somefield.readable==True
phneoix
Mar 15, 2009, 1:29:36 AM3/15/09
to web2py Web Framework
thanks a lot mdipierro, column privileges working quite nicely.
is there any similar method for SQLTABLE whereby only columns with
readonly privileges are displayed.
thanks
is there any similar method for SQLTABLE whereby only columns with
readonly privileges are displayed.
thanks
mdipierro
Mar 15, 2009, 2:24:14 AM3/15/09
to web2py Web Framework
db.sometable.somefield.writable==True
should work for SQLTABLE too. Does it not?
Massimo
should work for SQLTABLE too. Does it not?
Massimo
phneoix
Mar 15, 2009, 7:05:28 AM3/15/09
to web2py Web Framework
i have set permissions for individual fields and implemented them
successfully using
SQLFORM(db.sometable, writable=True)
but if i want to create a custom form it does not work.
eg: SQLFORM(db.sometable,fields=
['somef1','somef2','somef3'],writable=True) #somef3 is denied access
is there a way out.
and i could not find the syntax for SQLTABLE to do the same job of
hiding fields.
thanks
successfully using
SQLFORM(db.sometable, writable=True)
but if i want to create a custom form it does not work.
eg: SQLFORM(db.sometable,fields=
['somef1','somef2','somef3'],writable=True) #somef3 is denied access
is there a way out.
and i could not find the syntax for SQLTABLE to do the same job of
hiding fields.
thanks
mdipierro
Mar 15, 2009, 10:16:03 AM3/15/09
to web2py Web Framework
You can overwrite
db.table.field.writable=True or False
just before you call SQLFROM
db.table.field.writable=True or False
just before you call SQLFROM
phneoix
Mar 15, 2009, 12:06:53 PM3/15/09
to web2py Web Framework
SORRY put my question in wrong way.
somefield1 and somefield2 have create permission. while somefield has
been denied access by me.
SQLFORM(db.sometable, writable=True) # it works here. sqlform
generates a form with somefield1 and somefield2.
but if i want to create a custom form it does not work.
eg: SQLFORM(db.sometable,fields=
['somefield1','somefield2','somefield3'],writable=True) #it fails
here. iam able to access all 3 fields
sorry for the trouble.
somefield1 and somefield2 have create permission. while somefield has
been denied access by me.
SQLFORM(db.sometable, writable=True) # it works here. sqlform
generates a form with somefield1 and somefield2.
but if i want to create a custom form it does not work.
eg: SQLFORM(db.sometable,fields=
here. iam able to access all 3 fields
sorry for the trouble.
phneoix
Mar 15, 2009, 12:12:18 PM3/15/09
to web2py Web Framework
CORRECTION
somefield1 and somefield2 have create permission. while
***somefield3*** has
been denied access by me.
Reply all
Reply to author
Forward
0 new messages