Search This Blog

Follow by Email

Saturday, January 30, 2016

Role Based Access control using web2py framework


This post having how to provide Role based access to particular users. More information about web2py framework You can check my previous posts.
Getting started with web2py and blog app using web2py
Usually
Role Based Access control having

Account Registration
Providing Security
Adding to Groups
Access to Groups

and users can be

Administrator
Standard User
Manager

Now we can see how we will provide these roles using web2py

1. Start the web2py and provide the password an d start the server.

2. Click this link to open the web2py homepage http://127.0.0.1:8000/welcome/default/index




Click on the Admin link and provide the password.
Edit the sivaweb2py application




After edit, the application will be look like this





Click on the database administration tab which is under Models section, you can view the below page related to database table details




Now we are going to create role based access for exiting project, which is available in my previous post(blog app using web2py). Click the below link to open the exiting project results
http://127.0.0.1:8000/sivaweb2py/blog/view




Now we need to signup this blog and screen will look like as below.



After entering the details and click on signup then you will be redirected to view page. With message as Logged In




Now we have created user and logged in successfully, Now we can check in the database administrator for db details.





We can edit this record and we can see the details. Click on the 1 and see the details, password is encrypted.
Now we have to create auth group, allowing that only same group users only can post the topics in blog.
Go to Databaseadministrator under Models Section
Click on the db.auth_group
Click on the New Record and provide the Role as blog_users and description as you like




After submit the record table details look like below




Now we need to create authentication membership Click on db.auth_membership




Click on the New Record and assign the new memebership for this user and select the Group ID as blog_users





Now it’s time to provide access control
Edit the our existing blog.py.
If any user want to post requires authentication and who ever there under blog_users membership only can post the topics in blog.
@auth.requires_membership('blog_users')
Users are if login then only they can able to view the page.
@auth.requires_login()

# -*- coding: utf-8 -*-
# try something like
def index(): return dict(message="hello from blog.py")

@auth.requires_membership('blog_users')
def post():
    form =SQLFORM(db.blog).process()
    return locals()
@auth.requires_login()
def view():
    rows = db(db.blog).select(orderby=~db.blog.id)
    return locals()

def display_form():
   form = SQLFORM(db.blog)
   if form.process().accepted:
       response.flash = 'form accepted'
       redirect(URL('thanks'))
   elif form.errors:
       response.flash = 'form has errors'
   else:
       response.flash = 'please fill out the form'
   return locals()
def update():
    record = db.blog(request.args(0)) or redirect (URL(post))
    form = SQLFORM(db.blog,record)
    if form.process().accepted:
        response.flash = T('Record Updated')
    else:
        response.flash=T('Please complete the form')
    return locals()


After updating the blog.py with requires_membership and requires_login for post and view respectively, then

If we try to http://127.0.0.1:8000/sivaweb2py/blog/view or
http://127.0.0.1:8000/sivaweb2py/blog/post
Then it will redirected us to login page




Once we enter correct details after successful login , then it will redirected to blog post page or view page





Now I am going to create one more user, who does not have any privileges to post.




New user is not part of post_users group, If we try to click the below link
http://127.0.0.1:8000/sivaweb2py/blog/post

So it will redirect us to not authorized page.




This is how access control can be given to users and user groups using web2py.

Thanks for viewing this page....

AddToAny

Contact Form

Name

Email *

Message *