Hi all. New to Wix Velo and have been working to suppress authorization for a collection in order to show it in a table that’s only accessible by one Role. I used (from https://support.wix.com/en/article/velo-security-best-practices#code-visibility)
:
I mport { currentMember } from ‘wix-members-backend’;
import wixData from ‘wix-data’;
async function isPermitted() {
try {
let hasPermittedRole = currentMember.getRoles()
.then((roles) => {
const staffRoleCheck = roles.filter(obj => obj.title === ‘Staff’);
if (staffRoleCheck.length > 0) {
return true ;
} else {
return false ;
}
})
return hasPermittedRole
} catch (error) {
console.error(error);
return false ;
}
}
export async function queryCollection() {
const accessGranted = await isPermitted();
if (accessGranted) {
try {
let collectionData = wixData.query(‘myCollection’)
.find({ suppressAuth: true })
return collectionData;
} catch (error) {
console.log(error);
}
} else {
return “Access denied”;
}
}
This was placed a web module and the queryCollection() function was imported into the webpage’s code to populate the table.
Oddly, this method didn’t work until I used double quotes on the role (=== ‘Staff’) changed to (=== “Staff”), which I thought were equivalent. Can anyone tell me why this could be the case?