Dynamic Page Permissions Question

Hi
Not sure whether I’m missing something simple or am just confused but…

How can I ensure only the database item owner can access a dynamic page created from that item?

  1. I have a owner only filter on baico.co/my-tenders so only tenders matching the owner of the item are displayed so this works.
  2. When I click on the view button the item ID is displayed in the URL as expected and I can see the item for that user.
  3. However the page URL for the dynamic page including the ID is not restricted to the owner of that item - if I copy the URL, any logged in user can view the page which doesn’t seem very private.
    If I make the entire collection private to the member-author, it secures the page, but I can’t reference or consume that data anywhere else on my site.

To explain the scenario I have:

  1. a customer user creates their requirements on https://www.baico.co/member-create-mt-tender
  2. data is submitted to a collection
  3. a supplier user can read parts of that data in order to give the customer a price

If the supplier can’t access any of the the customer’s inputted data they can’t create a price, at the same time, it don’t want it to be possible for any logged in user to access any other customer’s data (I’ve tried labelling the users into groups, but this would still mean that anyone in the “customer” group could see any other customer’s data if they were able to get the correct URL for the dynamic page).

Thanks

Euan

Check by using code if the currently logged in user is the owner of the record you are about to show, if not show a box over the data that says “Permission Denied” and a link back to your main page. If it is the correct user don’t display the box so they can see the data.

Ah, okay, thanks, I was hoping I’d missed something simpler in my set up.

Any pointers on how to create the code I would need for this to work?

1 Like

i have exact problem. How does the code looks for this scenario?? T @ahmadnasriya @yisrael-wix

Please add your own issue into a new post instead of bumping up an old post. Explain what you are trying to do, what works, and what doesn’t. Also, add any code in a code block as stated in the Forum Guidelines.

See the Corvid Tutorial: Building Your Own Members Area which will give you a good place to start.

This post is an old post and is being closed.