My app requires users to login via login form.
Once logged-in, Data Source should expose just data according to user’s role.
That’s working fine when showing a table containing records, however if user edit the URL (let’s say from /client-1 to client-2) manually, he can see also client-2 even if the role isn’t compatible.
Is this the correct behaviour?
How can I protect /client-2 to be seen and modified only by it’s related users / role?
Thanks in advance!
Hi @Luciano!
We can offer some controls for you, such as:
If you need to control access to client-2, you could restrict the page to a specific role, but it’s not very scalable.
What I suggest is to have a single client page, with a query parameter for the clientId. That way, when the page loads, you can check if the logged-in user is related to the clientId.
Imagine a data structure such as this in your database:
client: id, name, ...user: id, first_name, last_name, …representative: client (link row), user (link row). To enable filtering, set the primary field to a formula of field(‘user’).Back in the application builder, you could:
client database table.client = Parameter > clientIdrepresentative → contains → User > Id (You’ll need to turn formulas on for the filter value).The data source is now returning rows for a specific client and where the logged-in user is a “representative” (i.e. they belong to that client).
If the logged-in user isn’t a representative for this client, and they tweak clientId to a different value, then the table will be empty.
Hopefully, you can extract some bits from this so that it applies to your schema. The general idea is to have an intermediary table between client and user to determine if a specific user belongs to a client.
Cheers,
Peter Evans