使用 web2py 的 grid/smartgrid 将编辑和删除仅限于创建 post 的用户的最佳方法是什么

Using web2py's grid/smartgrid what is the best way to limit editing and deleting to only the user that made the post

这里是索引,很简单

def index():
grid = SQLFORM.smartgrid(db.image, linked_tables=['image'])
return dict(grid=grid)

这是模型,我使用的是基本授权包:

db = DAL("sqlite://storage.sqlite")
import datetime
from gluon.tools import Auth
auth = Auth(db)
auth.define_tables(username=False, signature=False)

auth.settings.registration_requires_verification = False
auth.settings.registration_requires_approval = False
auth.settings.reset_password_requires_verification = True


db.define_table('image',
            Field('user_id', 'reference auth_user', default=auth.user_id),
            Field('post_subject'),
            Field('post_content', 'text'),
            Field('created_on', 'datetime', default=datetime.datetime.utcnow()),
            Field('updated_on', 'datetime', update=datetime.datetime.utcnow()),
            )


db.define_table('post',
            Field('image_id', 'reference image'),
            Field('author'),
            Field('email'),
            Field('body', 'text'))



db.image.user_id.readable = db.image.user_id.writable = False

db.image.post_subject.requires = IS_NOT_EMPTY()
db.image.post_content.requires = IS_NOT_EMPTY()

db.image.created_on.writable = False
db.image.updated_on.writable = False

我正在尝试按照书中的说明进行操作,书中说要这样做:

grid = SQLFORM.grid(db.auth_user,
     editable = auth.has_permission('edit','auth_user'),
     deletable = auth.has_permission('delete','auth_user'))

然而,它不起作用,它只是让任何人都无法编辑任何东西

谢谢。

auth.has_permission 仅在您在某处设置权限时才有用,但您似乎还没有这样做。相反,您应该通过 editabledeletable 参数传递函数——该函数将在 table 中接收一行并且应该 return True 如果允许当前用户编辑行:

SQLFORM.grid(..., editable=lambda r: r.user_id == auth.user_id)

来自文档:

deletable, editable and details are usually boolean values but they can be functions which take the row object and decide whether to display the corresponding button or not.