Changes between Version 107 and Version 108 of S3/S3AAA


Ignore:
Timestamp:
06/13/14 12:00:10 (10 years ago)
Author:
MattS
Comment:

syntax highlighting

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA

    v107 v108  
    197197To configure the system-wide policy to use ACLs, set {{{security.policy}}} to:
    198198
    199 {{{
     199{{{#!python
    200200settings.security.policy = 3 # Apply Controller ACLs
    201201}}}
     
    203203or:
    204204
    205 {{{
     205{{{#!python
    206206settings.security.policy = 4 # Apply both Controller and Function ACLs
    207207}}}
     
    209209or:
    210210
    211 {{{
     211{{{#!python
    212212settings.security.policy = 5 # Apply Controller, Function and Table ACLs
    213213}}}
     
    219219This can be done by setting the respective controller to {{{restricted=True}}} in {{{deployment_settings.modules}}} ({{{models/000_config.py}}}):
    220220
    221 {{{
     221{{{#!python
    222222    dvi = Storage(
    223223            name_nice = T("Disaster Victim Identification"),
     
    267267To check permissions to access a table (or a particular record) with a certain method, use the {{{auth.s3_has_permission()}}} method:
    268268
    269 {{{
     269{{{#!python
    270270authorised = auth.s3_has_permission("read", db.my_table)
    271271if authorised:
     
    273273}}}
    274274
    275 {{{
     275{{{#!python
    276276authorised = auth.s3_has_permission("read", db.my_table, record_id=x)
    277277if authorised:
     
    289289You can build a query for all records in a table which are accessible for the current user with a certain method, by using {{{auth.s3_accessible_query}}}:
    290290
    291 {{{
     291{{{#!python
    292292# Define your query:
    293293query = ...
     
    317317All this is covered by the {{{auth.permission.fail()}}} method:
    318318
    319 {{{
     319{{{#!python
    320320authorised = auth.shn_has_permission("delete", db.my_table)
    321321if not authorised:
     
    330330Example: redirect to {{{my/index}}} rather than to {{{default/index}}} in case of insufficient privileges of an authenticated user:
    331331
    332 {{{
     332{{{#!python
    333333authorised = auth.shn_has_permission("delete", db.my_table)
    334334if not authorised: