Not Authorized - but I don't know why
432 views
Skip to first unread message
Simon Carr
May 8, 2016, 3:58:08 PM5/8/16
to web2py-users
Here is the code in my controller.
I can get to manage_suppliers just fine, but when I click "View" against one of the suppliers I get "Not Authorized".
# -*- coding: utf-8 -*-# try something likedef index(): return dict(message="hello from supplier.py")
def manage_suppliers(): links = [lambda row: A(SPAN(_class='glyphicon glyphicon-search'),' View',_class='button btn btn-default',_href=URL("supplier","view",args=[row.id]))] form = SQLFORM.grid(db.suppliers,links=links,details=False) return locals()
def view(): supplier = db.suppliers(request.args(0)) form = SQLFORM.grid(db.supplier_contacts) return supplier
I can get to manage_suppliers just fine, but when I click "View" against one of the suppliers I get "Not Authorized".
If I remove
form = SQLFORM.grid(db.supplier_contacts)
from the the view method. It works fine, so the issue seems with this line of code.
DenesL
May 8, 2016, 4:04:52 PM5/8/16
to web2py-users
http://www.web2py.com/books/default/chapter/29/07/forms-and-validators#login-required-by-default-for-data-updates
By default all the URLs generated by the grid are digitally signed and verified. This means one cannot perform certain actions (create, update, delete) without being logged-in.
By default all the URLs generated by the grid are digitally signed and verified. This means one cannot perform certain actions (create, update, delete) without being logged-in.
Simon Carr
May 8, 2016, 6:34:22 PM5/8/16
to web2py-users
I found the problem, I had to add
to the SQLFORM.grid i.e. (SQLFORM.grid(.............,user_signature=False)
user_signature=False
This sorted out the problem
Manuele Pesenti
May 9, 2016, 8:12:27 AM5/9/16
to web...@googlegroups.com
Il 08/05/16 20:34, Simon Carr ha
scritto:
I found the problem, I had to add
to the SQLFORM.grid i.e. (SQLFORM.grid(.............,user_signature=False)
This sorted out the problem
Now I think you can just decorate your controller function to
prevent not logged user to cerate/edit records...
M.
M.
Anthony
May 9, 2016, 3:33:00 PM5/9/16
to web2py-users
Also, note that there is another problem with your view() function. You are using the first URL arg to identify a record, but the grid doesn't know about this, so when it generates its own internal URLs, it will not preserve the URL arg with the record ID. To tell the grid to preserve existing URL args in the URLs it generates, you must specify the "args" argument.
Anthony
Anthony
Reply all
Reply to author
Forward
0 new messages