web2py CRUD example

530 views
Skip to first unread message

Gian Luca Decurtins

unread,
Jan 27, 2012, 6:01:54 AM1/27/12
to web...@googlegroups.com
Hi all

I'm trying to use the CRUD-feature of web2py (1.99.4). At the moment I'm stuck at "invalid view (default/data.html)" while accessing https://localhost/init/default/data/tables.
So far I've created a simple application "init" and changed the following:

In controllers/default.py I've disabled required_signature (I did not want to play around with permissions at this time):
@auth.requires_login()
# @auth.requires_signature()
def data(): return dict(form=crud())

In views/default.html I've added a link beneath the message:
{{=A('table',_href=URL('data/tables',user_signature=True))}}

If I follow this link (after authenticating) I just receive the error message:
invalid view (default/data.html)
I did expect something like a list of tables.

Out of the box there seems to be no default/data.html view.
Do I have to write my own data.html view to test the CRUD functionality? Or did I do something wrong in the setup?

Regards
-Gian.

Bruno Rocha

unread,
Jan 27, 2012, 10:29:10 AM1/27/12
to web...@googlegroups.com
include response.generic_patterns = ['*'] in your models or in your data controller, so you will be able to use generic views.
--

Gian Luca Decurtins

unread,
Jan 27, 2012, 10:43:53 AM1/27/12
to web...@googlegroups.com
Thank you!

I had to edit models/db.py:
# response.generic_patterns = ['*'] if request.is_local else []
response.generic_patterns = ['*']

Regards
-Gian.

BTW: In the original post I've replaced the FQDN with localhost. If the application did run on localhost this modification should not be necessary.

Anthony

unread,
Jan 27, 2012, 11:42:49 AM1/27/12
to web...@googlegroups.com
On Friday, January 27, 2012 10:43:53 AM UTC-5, Gian Luca Decurtins wrote:
Thank you!

I had to edit models/db.py:
# response.generic_patterns = ['*'] if request.is_local else []
response.generic_patterns = ['*']

Note, there's a reason that generic views are enabled only on localhost by default -- they can create a security risk by allowing unintended data to leak. For example, generic.json will display everything returned to the view by the controller, including db fields selected but not intended for display and variables only intended to control view display logic. You should be more precise when enabling generic views in production. For example:

response.generic_patterns = ['data.html']

or

def data():
    response.generic_patterns = ['html']

will only enable generic.html (not the other generic views), and only when the "data" action is called.

Anthony
 
Reply all
Reply to author
Forward
0 new messages