Saturday, January 30, 2016

Role Based Access control using web2py framework

This post having how to provide Role based access to particular users. More information about web2py framework You can check my previous posts.
Getting started with web2py and blog app using web2py
Role Based Access control having

Account Registration
Providing Security
Adding to Groups
Access to Groups

and users can be

Standard User

Now we can see how we will provide these roles using web2py

1. Start the web2py and provide the password an d start the server.

2. Click this link to open the web2py homepage

Click on the Admin link and provide the password.
Edit the sivaweb2py application

After edit, the application will be look like this

Click on the database administration tab which is under Models section, you can view the below page related to database table details

Now we are going to create role based access for exiting project, which is available in my previous post(blog app using web2py). Click the below link to open the exiting project results

Now we need to signup this blog and screen will look like as below.

After entering the details and click on signup then you will be redirected to view page. With message as Logged In

Now we have created user and logged in successfully, Now we can check in the database administrator for db details.

We can edit this record and we can see the details. Click on the 1 and see the details, password is encrypted.
Now we have to create auth group, allowing that only same group users only can post the topics in blog.
Go to Databaseadministrator under Models Section
Click on the db.auth_group
Click on the New Record and provide the Role as blog_users and description as you like

After submit the record table details look like below

Now we need to create authentication membership Click on db.auth_membership

Click on the New Record and assign the new memebership for this user and select the Group ID as blog_users

Now it’s time to provide access control
Edit the our existing
If any user want to post requires authentication and who ever there under blog_users membership only can post the topics in blog.
Users are if login then only they can able to view the page.

# -*- coding: utf-8 -*-
# try something like
def index(): return dict(message="hello from")

def post():
    form =SQLFORM(
    return locals()
def view():
    rows = db(
    return locals()

def display_form():
   form = SQLFORM(
   if form.process().accepted:
       response.flash = 'form accepted'
   elif form.errors:
       response.flash = 'form has errors'
       response.flash = 'please fill out the form'
   return locals()
def update():
    record = or redirect (URL(post))
    form = SQLFORM(,record)
    if form.process().accepted:
        response.flash = T('Record Updated')
        response.flash=T('Please complete the form')
    return locals()

After updating the with requires_membership and requires_login for post and view respectively, then

If we try to or
Then it will redirected us to login page

Once we enter correct details after successful login , then it will redirected to blog post page or view page

Now I am going to create one more user, who does not have any privileges to post.

New user is not part of post_users group, If we try to click the below link

So it will redirect us to not authorized page.

This is how access control can be given to users and user groups using web2py.

Thanks for viewing this page....


Contact Form


Email *

Message *