This feature request was inspired by this Q&A post.
The request is to enhance the various login methods (e.g.,
anvil.users.login_with_form()) to accept
views on the
This allows applications sharing a
users table to select subsets of it rows (a view) that’s suitable for that application, and present only that subset to the login method.
For example, Application-A may only want users with role employee to be able to log in; while Application-B may allow users with role employee or customer to login in. Currently, logic for this must be implemented post login, where a developer must do something like this:
user_row = anvil.users.login_with_form() # User logs in. if user_row: # Post login. if user_row['role'] == 'employee': pass # Allow or Reject. elif user_row['role'] == 'customer': pass # Reject or Allow.
If, instead, something like the following were possible, security would be enhanced because it permits the decision to occur pre-login:
1. role = 'customer' # or 'employee' (or whatever the qualifiers). 2. users_view = app_tables.users.client_readable(role=role) 3. user_row = anvil.users.login_with_form(users_view=users_view) 4.
Here, users not meeting the
view qualifier(s) (
dimensions) will be unable to log in since they are filtered-out of the
view. This happens pre-login (no
if/elif conditionals needed). And, if login is permitted, more is already known about the user by code-line
Security is enhanced because the allow/reject decision occurs pre-login; and because less critical code (and possibly accompanying bugs) is necessary; and because you’re confident that the only users accessing an application are the ones you want.