Update and delete

[annet]

I have my authentication, authorization, create and read functions
working, however, I don't get update and delete function to function
without flaws. The problem lies in the fact that the vistor can tamper
with the URL in the browser's address bar.


In a view I have got:


<td>
{{=A(row.adressoort,_href=URL(r=request,f='update_address',args=
[row.id]))}}
</td>


The update_address function reads like:


@auth.requires_membership('user_3')
def update_address():
record_id=request.args[0]
record=db(db.adres.id==record_id).select(db.adres.bedrijf)
if record==[]:
redirect(URL(r=request,f='crud_address'))
elif not record[0].bedrijf==auth.user.bedrijf:
redirect(URL(r=request,f='crud_address'))
form=crud.update(db.adres,request.args[0])
return dict(form=form)


When the user clicks the link in the view the correct record is
displayed, when the user tampers the arg in the URL two things happen:
if he changes the arg to a record_id of an existing record the elif
redirects to the crud_address function, however, when he changes the
arg to a record_id that is not in the database the following error
ticket is issued:


Traceback (most recent call last):
File "/Library/Python/2.5/site-packages/mockpy/gluon/restricted.py",
line 98, in restricted
File "/Users/iannet/mockpy/applications/mock/controllers/crud.py",
line
41, in <module>
File "/Library/Python/2.5/site-packages/mockpy/gluon/globals.py",
line
75, in <lambda>
File "/Users/iannet/mockpy/gluon/tools.py", line 1049, in f
return action(*a, **b)
File "/Users/iannet/mockpy/applications/mock/controllers/crud.py",
line
31, in update_address
elif not record[0].bedrijf==auth.user.bedrijf:
File "/Library/Python/2.5/site-packages/mockpy/gluon/sql.py", line
2109,
in __getitem__
SyntaxError: SQLRows: no such row


So, if record==[]: is the cause of a syntax error, what is the correct
syntax of this statement?



Kind regards,

Annet.

[mdipierro]

if record:

[annet....@gmail.com]

Massimo,

if record:

doesn't work because the statement should be true if the query doesn't
return any result.

if not record:

results in the following error ticket:

Traceback (most recent call last):
File "/Library/Python/2.5/site-packages/mockpy/gluon/restricted.py",
line 98, in restricted
File "/Users/iannet/mockpy/applications/mock/controllers/crud.py",
line 41, in <module>
File "/Library/Python/2.5/site-packages/mockpy/gluon/globals.py",
line 75, in <lambda>
File "/Users/iannet/mockpy/gluon/tools.py", line 1049, in f
return action(*a, **b)
File "/Users/iannet/mockpy/applications/mock/controllers/crud.py",

line 28, in update_address
record=db(db.adres.id==record_id).select(db.adres.bedrijf)[0]

File "/Library/Python/2.5/site-packages/mockpy/gluon/sql.py", line
2109, in __getitem__
SyntaxError: SQLRows: no such row

Kind regards,

Annet.

[mdipierro]

if not record:

[Kacper Krupa]

if not len(record):

or:

query=db(db.adres.id==record_id)

if query.count() == 0:

and then: row = query.select(field)[0]

[mdipierro]

I repeat

if not record:

[Kacper Krupa]

Yes, sorry - i've checked. I always used len().

[annet....@gmail.com]

Massimo,

After restarting the server if not record: worked.

However, further down the workflow there is an error ticket issued
when the user clicks the submit button.

My custom update function:

@auth.requires_membership('core_manager')
def update_address():
response.view='core/update.html'
response.navigationfunction= T('Update/delete address')
db.adres.bedrijf.writable=False
record_id=request.args[0]
record=db(db.adres.id==record_id).select(db.adres.bedrijf)[0]
form=[]
if not record:
redirect(URL(r=request,f='crud_address'))
elif not record.bedrijf==auth.user.bedrijf:

redirect(URL(r=request,f='crud_address'))
form=crud.update(db.adres,request.args[0])
return dict(form=form)

The error traceback:

Traceback (most recent call last):

File "/Library/Python/2.5/site-packages/web2pyfitwise/gluon/

restricted.py", line 98, in restricted

exec ccode in environment
File "/Library/Python/2.5/site-packages/web2pyfitwise/applications/
cms/controllers/core.py", line 68, in <module>
File "/Library/Python/2.5/site-packages/web2pyfitwise/gluon/

globals.py", line 75, in <lambda>

self._caller = lambda f: f()
File "/Library/Python/2.5/site-packages/web2pyfitwise/gluon/
tools.py", line 1045, in f
return action(*a, **b)
File "/Library/Python/2.5/site-packages/web2pyfitwise/applications/
cms/controllers/core.py", line 31, in update_address
record_id=request.args[0]
IndexError: list index out of range


I guess I need something like:

next=URL(r=request,f='core/crud_address')

In the update_address() function to return to the previous function.

@auth.requires_membership('core_manager')
def crud_address():
response.functionname= T('CRUD adres')
db.adres.bedrijf.writable=False
db.adres.bedrijf.default=auth.user.bedrijf
form=crud.create(db.adres)
records=db(db.adres.bedrijf==auth.user.bedrijf)\
.select(db.adres.ALL,orderby=db.adres.adressoort)
if form.accepts(form.vars,session):
response.flash=T('new record created')
elif form.errors:
response.flash=T('form has errors')
else:
response.flash=T('please fill the form')
return dict(form=form,records=records)


I look forward to your reply.

Annet.

[Kacper Krupa]

if not request.args:
return redirect()

[annet....@gmail.com]

Kacper,

Thanks for your reply. Problem solved.


Annet.