SQLFORM.factory with upload field - the operation is insecure

88 views
Skip to first unread message

Jim S

unread,
Dec 15, 2014, 10:42:00 AM12/15/14
to web...@googlegroups.com
I've got an issue that is really puzzling me.

I have a form, SQLFORM.factory with one field, an upload field.

When I click on submit to submit the form (adding a new record), I get a javascript error that flashes by quickly in Firebug.  All I can get from it is that the text says 'the operation is insecure'.

Here is the controller code:

@auth.requires_permission('select', db.helpdesk)
def attachments():
    ticket_id
= request.vars['ticketId']
    ticket
= db.ticket(ticket_id)


    updateQuery
= db.ticket_attachment.ticket==ticket_id


    form
= SQLFORM.factory(Field('attachment_file', 'upload', required=True,
                                 uploadfolder
='%s/tickets' % (connect_util.getFileLocation('uploads'))),
                           table_name
='ticket_attachment', submit_button='Add', formstyle=my_formstyle, ui=grid_ui,
                           formname
='attachment_form', _id='attachment_form')


   
if form.process(formname='attachment_form').accepted:
        attachment
= form.vars.attachment_file
        db
.ticket_attachment.insert(ticket=ticket_id, attachment=attachment)


        ticket_notification
(ticket_id, 'new tag added',
                           
'Tag %s added.' % (helpdesk_tag.tag),
                            log_activity
=True)
   
else:
       
print 'err'


Here is the view

<script type="text/javascript">
   
function delete_attachment(ticket_attachment_id) {
        $
.ajax({url: "{{=URL('ticket','delete_ticket_attachment',user_signature=True)}}",
                data
: {ticket_attachment_id:ticket_attachment_id }})
       
.fail(function() {
            alert
('There was a problem removing the attachment from this ticket.  Please contact support.');
       
})
       
.success(function(msg) {
            location
.reload();
       
});
   
}
</script>
<br />
<div class="col-sm-12 col-md-9 col-lg-6">
    {{=form.custom.begin}}
       
<div class="col-sm-12" style="margin-bottom: 10px;">
            {{=form.custom.widget.attachment_file}}
            {{=form.custom.submit}}
       
</div>
    {{=form.custom.end}}
   
<table class="table" style="margin-left: 20px;">
        {{for attachment in ticket_attachments:}}
       
<tr>
           
<td>
                {{=attachment.attachment}}
           
</td>
            {{if can_delete:}}
               
<td>
                   
<a href="javascript:void(0);" onclick="delete_attachment({{=attachment.ticket_attachment.id}});"><i class="fa fa-trash-o"></i></a>
               
</td>
            {{pass}}
       
</tr>
        {{pass}}
   
</table>
</div>


Any ideas on what may be causing this or how to capture the javascript error?

-Jim



Cynthia Butler

unread,
Dec 21, 2014, 1:17:51 PM12/21/14
to web...@googlegroups.com
Did you find an answer to this? Just curious. Thanks.

Jim Steil

unread,
Dec 21, 2014, 9:25:46 PM12/21/14
to web...@googlegroups.com

Yes.  The issue was that I had it in a loaded component.  That is not supported and doesn't work.  And,  I know better,  I've ran into this before and just forgot about that restriction this time.

Jim

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/NGmfPpUVvds/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Cynthia Butler

unread,
Dec 23, 2014, 3:54:42 PM12/23/14
to web...@googlegroups.com
Thank you, very helpful info to me.
Reply all
Reply to author
Forward
0 new messages