Anvil.users.get_user() and security

Hi @Tony.Nguyen,

You can also further customise the @anvil.server.callable decorator. require_user can take a boolean value, or a function. That function will receive the currently logged-in user (the return value of anvil.users.get_user()). For example, if your Users table has a boolean column called ‘admin’, you could restrict your server functions to admin users like this:

Using a lambda function:

@anvil.server.callable(require_user = lambda u: u['admin'])

or a regular function:

def validate_user(u):
  return u['admin']

@anvil.server.callable(require_user = validate_user)
def test():
  print("passed the test!")

If the logged in user isn’t an admin, the server will raise a anvil.server.PermissionDenied Exception.

@david.wylie, @stucork - It’s on my list to add this to the documentation!

9 Likes