使用 web2py 的 grid/smartgrid 将编辑和删除仅限于创建 post 的用户的最佳方法是什么
Using web2py's grid/smartgrid what is the best way to limit editing and deleting to only the user that made the post
这里是索引,很简单
def index():
grid = SQLFORM.smartgrid(db.image, linked_tables=['image'])
return dict(grid=grid)
这是模型,我使用的是基本授权包:
db = DAL("sqlite://storage.sqlite")
import datetime
from gluon.tools import Auth
auth = Auth(db)
auth.define_tables(username=False, signature=False)
auth.settings.registration_requires_verification = False
auth.settings.registration_requires_approval = False
auth.settings.reset_password_requires_verification = True
db.define_table('image',
Field('user_id', 'reference auth_user', default=auth.user_id),
Field('post_subject'),
Field('post_content', 'text'),
Field('created_on', 'datetime', default=datetime.datetime.utcnow()),
Field('updated_on', 'datetime', update=datetime.datetime.utcnow()),
)
db.define_table('post',
Field('image_id', 'reference image'),
Field('author'),
Field('email'),
Field('body', 'text'))
db.image.user_id.readable = db.image.user_id.writable = False
db.image.post_subject.requires = IS_NOT_EMPTY()
db.image.post_content.requires = IS_NOT_EMPTY()
db.image.created_on.writable = False
db.image.updated_on.writable = False
我正在尝试按照书中的说明进行操作,书中说要这样做:
grid = SQLFORM.grid(db.auth_user,
editable = auth.has_permission('edit','auth_user'),
deletable = auth.has_permission('delete','auth_user'))
然而,它不起作用,它只是让任何人都无法编辑任何东西
谢谢。
auth.has_permission
仅在您在某处设置权限时才有用,但您似乎还没有这样做。相反,您应该通过 editable
和 deletable
参数传递函数——该函数将在 table 中接收一行并且应该 return True
如果允许当前用户编辑行:
SQLFORM.grid(..., editable=lambda r: r.user_id == auth.user_id)
来自文档:
deletable
, editable
and details
are usually boolean values but they
can be functions which take the row object and decide whether to
display the corresponding button or not.
这里是索引,很简单
def index():
grid = SQLFORM.smartgrid(db.image, linked_tables=['image'])
return dict(grid=grid)
这是模型,我使用的是基本授权包:
db = DAL("sqlite://storage.sqlite")
import datetime
from gluon.tools import Auth
auth = Auth(db)
auth.define_tables(username=False, signature=False)
auth.settings.registration_requires_verification = False
auth.settings.registration_requires_approval = False
auth.settings.reset_password_requires_verification = True
db.define_table('image',
Field('user_id', 'reference auth_user', default=auth.user_id),
Field('post_subject'),
Field('post_content', 'text'),
Field('created_on', 'datetime', default=datetime.datetime.utcnow()),
Field('updated_on', 'datetime', update=datetime.datetime.utcnow()),
)
db.define_table('post',
Field('image_id', 'reference image'),
Field('author'),
Field('email'),
Field('body', 'text'))
db.image.user_id.readable = db.image.user_id.writable = False
db.image.post_subject.requires = IS_NOT_EMPTY()
db.image.post_content.requires = IS_NOT_EMPTY()
db.image.created_on.writable = False
db.image.updated_on.writable = False
我正在尝试按照书中的说明进行操作,书中说要这样做:
grid = SQLFORM.grid(db.auth_user,
editable = auth.has_permission('edit','auth_user'),
deletable = auth.has_permission('delete','auth_user'))
然而,它不起作用,它只是让任何人都无法编辑任何东西
谢谢。
auth.has_permission
仅在您在某处设置权限时才有用,但您似乎还没有这样做。相反,您应该通过 editable
和 deletable
参数传递函数——该函数将在 table 中接收一行并且应该 return True
如果允许当前用户编辑行:
SQLFORM.grid(..., editable=lambda r: r.user_id == auth.user_id)
来自文档:
deletable
,editable
anddetails
are usually boolean values but they can be functions which take the row object and decide whether to display the corresponding button or not.