Changes between Version 107 and Version 108 of S3/S3AAA
- Timestamp:
- 06/13/14 12:00:10 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
S3/S3AAA
v107 v108 197 197 To configure the system-wide policy to use ACLs, set {{{security.policy}}} to: 198 198 199 {{{ 199 {{{#!python 200 200 settings.security.policy = 3 # Apply Controller ACLs 201 201 }}} … … 203 203 or: 204 204 205 {{{ 205 {{{#!python 206 206 settings.security.policy = 4 # Apply both Controller and Function ACLs 207 207 }}} … … 209 209 or: 210 210 211 {{{ 211 {{{#!python 212 212 settings.security.policy = 5 # Apply Controller, Function and Table ACLs 213 213 }}} … … 219 219 This can be done by setting the respective controller to {{{restricted=True}}} in {{{deployment_settings.modules}}} ({{{models/000_config.py}}}): 220 220 221 {{{ 221 {{{#!python 222 222 dvi = Storage( 223 223 name_nice = T("Disaster Victim Identification"), … … 267 267 To check permissions to access a table (or a particular record) with a certain method, use the {{{auth.s3_has_permission()}}} method: 268 268 269 {{{ 269 {{{#!python 270 270 authorised = auth.s3_has_permission("read", db.my_table) 271 271 if authorised: … … 273 273 }}} 274 274 275 {{{ 275 {{{#!python 276 276 authorised = auth.s3_has_permission("read", db.my_table, record_id=x) 277 277 if authorised: … … 289 289 You can build a query for all records in a table which are accessible for the current user with a certain method, by using {{{auth.s3_accessible_query}}}: 290 290 291 {{{ 291 {{{#!python 292 292 # Define your query: 293 293 query = ... … … 317 317 All this is covered by the {{{auth.permission.fail()}}} method: 318 318 319 {{{ 319 {{{#!python 320 320 authorised = auth.shn_has_permission("delete", db.my_table) 321 321 if not authorised: … … 330 330 Example: redirect to {{{my/index}}} rather than to {{{default/index}}} in case of insufficient privileges of an authenticated user: 331 331 332 {{{ 332 {{{#!python 333 333 authorised = auth.shn_has_permission("delete", db.my_table) 334 334 if not authorised: