From ea7d82acf902e1701dc420a1e4ccec51503e010b Mon Sep 17 00:00:00 2001
From: mdipierro <massimo.dipierro@gmail.com>
Date: Sat, 2 Mar 2013 12:52:22 -0600
Subject: [PATCH] auth.accessible_query(query or set), isue 1356, thanks Alan

---
 VERSION        |  2 +-
 gluon/tools.py | 15 +++++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/VERSION b/VERSION
index 02d94b92..c3200168 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-Version 2.4.1-alpha.2+timestamp.2013.03.02.11.29.19
+Version 2.4.1-alpha.2+timestamp.2013.03.02.12.51.44
diff --git a/gluon/tools.py b/gluon/tools.py
index 1cfc054a..fa17e6c9 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -32,7 +32,7 @@ from gluon import *
 from gluon.contrib.autolinks import expand_one
 from gluon.contrib.markmin.markmin2html import \
     replace_at_urls, replace_autolinks, replace_components
-from gluon.dal import Row
+from gluon.dal import Row, Set, Query
 
 import gluon.serializers as serializers
 
@@ -3210,12 +3210,23 @@ class Auth(object):
         """
         if not user_id:
             user_id = self.user_id
+        db = self.db
         if isinstance(table, str) and table in self.db.tables():
             table = self.db[table]
+        elif isinstance(table, (Set, Query)):
+            # experimental: build a chained query for all tables
+            if isinstance(table, Set):
+                cquery = table.query
+            else:
+                cquery = table
+            tablenames = db._adapter.tables(cquery)
+            for tablename in tablenames:
+                cquery &= self.accessible_query(name, tablename,
+                                                user_id=user_id)
+            return cquery
         if not isinstance(table, str) and\
                 self.has_permission(name, table, 0, user_id):
             return table.id > 0
-        db = self.db
         membership = self.table_membership()
         permission = self.table_permission()
         query = table.id.belongs(