This post having how to provide Role based access to particular users. More information about web2py framework You can check my previous posts.
Getting started with web2py and blog app using web2py
Usually
Role Based Access control having
Account Registration
Providing Security
Adding to Groups
Access to Groups
and users can be
Administrator
Standard User
Manager
Now we can see how we will provide these roles using web2py
1. Start the web2py and provide the password an d start the server.
2. Click this link to open the web2py homepage http://127.0.0.1:8000/welcome/default/index
Click on the Admin link and provide the password
Edit the sivaweb2py application
After edit, the application will be look like this
Click on the database administration tab which is under Models section, you can view the below page related to database table details
Now we are going to create role based access for exiting project, which is available in my previous post(blog app using web2py). Click the below link to open the exiting project results
http://127.0.0.1:8000/sivaweb2py/blog/view
Now we need to signup this blog and screen will look like as below.
After entering the details and click on signup then you will be redirected to view page. With message as Logged In
Now we have created user and logged in successfully, Now we can check in the database administrator for db details.
We can edit this record and we can see the details. Click on the 1 and see the details, password is encrypted.
Now we have to create auth group, allowing that only same group users only can post the topics in blog.
Go to Databaseadministrator under Models Section
Click on the db.auth_group
Click on the New Record and provide the Role as blog_users and description as you like
After submit the record table details look like below
Now we need to create authentication membership Click on db.auth_membership
Click on the New Record and assign the new memebership for this user and select the Group ID as blog_users
Now it’s time to provide access control
Edit the our existing blog.py.
If any user want to post requires authentication and who ever there under blog_users membership only can post the topics in blog.
@auth.requires_membership('blog_users')
Users are if login then only they can able to view the page.
@auth.requires_login()
# -*- coding: utf-8 -*- # try something like def index(): return dict(message="hello from blog.py") @auth.requires_membership('blog_users') def post(): form =SQLFORM(db.blog).process() return locals() @auth.requires_login() def view(): rows = db(db.blog).select(orderby=~db.blog.id) return locals() def display_form(): form = SQLFORM(db.blog) if form.process().accepted: response.flash = 'form accepted' redirect(URL('thanks')) elif form.errors: response.flash = 'form has errors' else: response.flash = 'please fill out the form' return locals() def update(): record = db.blog(request.args(0)) or redirect (URL(post)) form = SQLFORM(db.blog,record) if form.process().accepted: response.flash = T('Record Updated') else: response.flash=T('Please complete the form') return locals()
After updating the blog.py with requires_membership and requires_login for post and view respectively, then
If we try to http://127.0.0.1:8000/sivaweb2py/blog/view or
http://127.0.0.1:8000/sivaweb2py/blog/post
Then it will redirected us to login page
Once we enter correct details after successful login , then it will redirected to blog post page or view page
Now I am going to create one more user, who does not have any privileges to post.
New user is not part of post_users group, If we try to click the below link
http://127.0.0.1:8000/sivaweb2py/blog/post
So it will redirect us to not authorized page.
This is how access control can be given to users and user groups using web2py.
Thanks for viewing this page....