This function returns status code 500 when I attempt to query it. The same code works perfectly for a collection that is not a form. Do collections created from user’s form submissions require a special code, have I made a mistake in this code, is it possible to expose this collection via a function as I did below? The 500 code is : WD_PERMISSION_DENIED when I run the functional test prior to publishing.
export function get_customerInfo(request) {
// URL looks like: https://www.mysite.com/_functions/myFunction/John/Doe
let options = {
"headers": {
"Content-Type": "application/json"
}
};
// query a collection to find matching items
return wixData.query("Forms/poolServiceForm")
.eq("pH", request.path[0])
.find()
.then( (results) => {
// matching items were found
if(results.items.length > 0) {
options.body = {
"items": results.items
};
return ok(options);
}
// no matching items found
options.body = {
"error": `'${request.path[0]}' was not found`
};
return notFound(options);
} )
// something went wrong
.catch( (error) => {
options.body = {
"error": error
};
return serverError(options);
} );
}
The conclusion that I’m coming to is that it is impossible to expose a Wix App Collection. There is no way to edit the permissions to allow “Any” user to query the data. My solution was to create a new collection (not using the Wix automated system) and to set up the permission on the new collection to allow access to those fields which I wanted exposed. You can still hide particular fields if some are “private” data.
I think what you’re looking for is something similar to this:
let options = {
"suppressAuth": true,
};
wixData.query("myCollection")
.eq("title", "Dr.")
.find(options)
.then((results) => {
if(results.items.length > 0) {
console.log(results.items[0]); //see firstItem below
} else {
// handle case where no matching items found
}
})
.catch((err) => {
console.log(err);
});
In the .find() we add the options we’ve set, so it ends up being .find(options).
Be mindful when doing this as using suppressAuth potentially means anyone can access data in the collection through the function this is used in. Worth remembering best practices, like validating who is running the function, and considering if this is the best approach
Thank you @noahlovell . I wasn’t putting the options variable in the find function when I tried to suppressAuth previously. This worked perfectly, status code 200. Thank you for the caution about being mindful about when and how to use suppressAuth.