CODEWITHSUNDEEP
web2py
datasci
datasci

Reputation: 1029

Web2py: Can you password protect a page?

The specific functionality I'm looking for:

A member creates a page to display information. The member can keep the page public, or set to "private" so that only a select group can view it. When the member sets the page to private, they enter a password. The member then shares this password with people they want to view the page. When a visitor gets to the page, they are prompted to enter the password. If the password is correct, the page can be viewed by the visitor.

Do I need to force visitors to register, then check against a list to see if the visitor has been approved to access the page? Is there a good / better way to think about this in Web2py?

Upvotes: 0

Views: 213

Answers (2)

Joe T. Boka
Joe T. Boka

Reputation: 6581

You can have a link on an other page or email the user the link to the test page. For the test page, you can have this in the controller:

@auth.requires_login()
def test():
    redirect(URL('sign_page',user_signature=True))
    return dict(link=link)

On the test page the user can register and login. The test page then redirects the user to the page you only want this user to access, so this page requires the user's signature:

@auth.requires_signature() 
def sign_page():
    return dict(message='Welcome to this page')

Upvotes: 0

Himel Das
Himel Das

Reputation: 1218

Web2py has some powerful access control features built in. See this link. Basically you can create groups and add/remove users (members) to these groups. If the user is a member of a group, you can allow or disallow access to certain things.

For example, lets create a group and add some memberships in a model or controller:

#get the id of the user logged in
user_id = auth.user_id

#make a new group just for viewing this page
new_group_id = auth.add_group(
     "private_page_by_user_%s" % user_id,
     "This is a private page made by user id # %s" % user_id
)

#make the creator a member
auth.add_membership(new_group_id, user_id)

#for simplicity
friend_id = 5

#add friends to the group, so they can view the private page
auth.add_membership(new_group_id, friend_id)

Now in the "page" controller you can allow or block users based on their membership:

def page():
     #... stuff
     #... more stuff
     if page_is_private and not auth.has_membership(group_id=group_id): #or you can do auth.has_membership(role="private_page_by_user_1")
          redirect(URL("access_denied"))
     #... continue

Upvotes: 1

Related Questions