I have a collection that has Create privileges to site members, but should have read and update privileges only to the site member author of the row, and to one other person (also site member) that person is someone the “row” was assigned to, its login email is also a column in this row.
Currently, I had to open the read and update privileges to Site Members, but I really do not want all site members to be able to read and update rows that are not theirs.
Is there a way, perhaps also with WixDataOptions that I can return the privileges to only the site member author and open it to that specific person assigned to the row?
If so, any examples I can see?
Cheers
Anat
Hey
If you want more granular control of the security of your data you will need to set your permissions to read only at all times and then create your own data collection permission checker and updater in code. In code in Wix Code you can suppress auth in the options parameter so you will be able to create this. But it will be using code and some bit advanced as well.
Sample below shows you how to use the suppressAuth parameter which will make this code update the data no matter the logged in users role.
let toUpdate = {
"_id": "00001",
"title": "Mr.",
"first_name": "John",
"last_name": "Doe"
};
let options = {
"suppressAuth": true,
"suppressHooks": true
};
wixData.update("myCollection", toUpdate, options)
.then( (results) => {
let item = results; //see item below
} )
.catch( (err) => {
let errorMsg = err;
} );
So you will need to check the wixUsers a lot to check the users role and then decide if the user can see the item(s) or not.
Thanks! Can you also give an example of the backend code check?