Hi
Not sure whether I’m missing something simple or am just confused but…
How can I ensure only the database item owner can access a dynamic page created from that item?
- I have a owner only filter on baico.co/my-tenders so only tenders matching the owner of the item are displayed so this works.
- When I click on the view button the item ID is displayed in the URL as expected and I can see the item for that user.
- However the page URL for the dynamic page including the ID is not restricted to the owner of that item - if I copy the URL, any logged in user can view the page which doesn’t seem very private.
If I make the entire collection private to the member-author, it secures the page, but I can’t reference or consume that data anywhere else on my site.
To explain the scenario I have:
- a customer user creates their requirements on https://www.baico.co/member-create-mt-tender
- data is submitted to a collection
- a supplier user can read parts of that data in order to give the customer a price
If the supplier can’t access any of the the customer’s inputted data they can’t create a price, at the same time, it don’t want it to be possible for any logged in user to access any other customer’s data (I’ve tried labelling the users into groups, but this would still mean that anyone in the “customer” group could see any other customer’s data if they were able to get the correct URL for the dynamic page).
Thanks
Euan