I’d like to allow certain members to certain areas of the site, for example, those who purchase a premium membership, and certain members to other areas rather than just one universal Members list. We can already different lists of contacts, it would be great to assign different levels of access to different lists.
Perhaps this is something that can be done with Code?
Ultimately, I’d like to have a paid membership site. Right now, I would handle payment outside of Wix and manually allow member requests access. It would be great to tie membership with the Wix store. Now that you allow us to sell digital downloads, it would be great to integrate that into members lists.
Hay Jonathan,
Wix does not have a feature for different groups of Site Members. Having said that, Wix Code allows you to develop something like that yourself, using our coding features. I am gonna try directing you at how to build something like this, but not knowing your exact use case you may need to adjust it for it.
First of all, to restrict access to a page, you can do so using three different features, depending on the page type.
For a regular page, you can have in the page code, as part of the onReady event handler, a code that checks for a user access to the page and redirects the user to another page in case of no access.
Such a code looks like
import checkAccess from 'public/check-access';
$w.onReady(() => {
return checkAccess();
});
and the check access file
import wixLocation from "wix-location";
import wixData from "wix-data";
import wixUsers from "wix-users";
export default function checkAccess() {
if (!wixUsers.loggedIn) {
// no user is logged in
wixLocation.to('/');
return new Promise(() => {});
}
return wixData.get('user-access', wixUsers.currentUser.id)
.then(res => {
if (res && res.group === 'a group with access') {
// the user has access to the page
return Promise.resolve();
}
// the user does not have access to the page
wixLocation.to('/');
return new Promise(() => {});
});
}
What happens here is that we check if there is a logged in user. If so, we query a user-access collection, a collection at which we assume for each user we have a group membership. Then we check that the user’s group membership is allowed access to our page.
If the user has access, we return a resolved promise.
If the user does not have access, we redirect the user to the homepage and return a promise that will not be resolved.
Note that in the onReady code we return the promise that is returned from checkAccess. onReady returned promise is used to control when the page is displayed. Resolving the promise makes the page visible. Calling wixLocation.to and returning a promise that will not be resolved ensures that the page will not appear before we redirect to another page.
For a dynamic page, you can use the beforeRouter hook. This is a more secure method, that works only for dynamic pages or router pages. Using this method, you again check the user access and redirect the user or allow the processing to proceed using the next function. The code looks something like
import {next, redirect} from 'wix-router';
export function items_beforeRouter(request) {
return yourCheckAccessLogic(request.user.id)
.then((hasAccess) => {
if (hasAccess)
return next();
else
return redirect('/');
});
}
Wow, this is great! I will study this a bit more and let you know if I run into any issues.
Hey Jonathan,
Just checking if you made some good use of the previous code shared by Yoav.
Please also let us know if you have more feedback around this feature or specific use cases you would like to apply the membership feature for.
Thx
Eric - Wix Product Team
I, too, am needing something like this - a paid membership site with 3 different types of members. In my case, however, the membership types are not mutually exclusive. They are more like categories, as a single member could be in one or more of the three groups. I guess I need what in conventional DB terminology would be referred to as a many-to-many relationship between users and groups (members and categories).
I’m new to Wix but do have a bit of conventional coding experience. Is what I’m trying to accomplish possible?
Hi,
I tried to do something similar, have different lending pages for different type of members after successfully logged on.
However, my problem is, how do I create this “user-access” collection? Seems like I need at least 2 fields: “userId”, and “group”. I can think of 2 difference scenarios:
pre-approved users, before the user actually logged on, the “user-access” for that user is already defined. But what should I put in the “userId” field for that user if the user hasn’t logon yet?
users who already logged on. I setup my site so only those approved by me can logged on. I want to manually update that “user-access” collection with the correct access for that user while approving the access request. I know I can use code like below to get the “userId” but does it mean I need to write that into a collection somewhere to collect the userId first, and then copy & paste into the “user-access” collection?
let user = wixUsers.currentUser;
let userId = user.id;
Or, since I know the email address in advance, should I use the email address instead?
Any suggestion or hints welcomed. Thanks!
I would like to know as well. Trying to make pages with restricted access depending on the User ID/Permissions we set. How can I create the user-access collection?
Hi Justin.Singh, I am now following the examples from “Velo Tutorial: Building Your Own Members Area | Help Center | Wix.com” and trying to understand/modify it to suit my need. Still in progress, may be you can also give it a try.
Hi Al,
Any luck on figuring out how to validate permission/access level to allow a user to view a page if permission validation is true and redirect if the permission is not false.
Hi justin.singh,
I found that I can’t change that Members database too much as if I edited it while I am Admin, the “_id” field was updated with some value, then when the user actually logged on, the _id doesn’t match and that caused problem.
My requirement might be slightly different from yours. I want to (a) prepopulate user’s group info based on email addresses, and (b) show different landing page after logged on depending on the user’s group.
Assuming you are also following the example in Velo Tutorial: Building Your Own Members Area | Help Center | Wix.com correctly. I got what I want by:
(1) create a new Database called “groupCheck” which only contains 2 fields: userEmail and userGroup, which I pre-populate with the values as required (e.g. “user1@test.com” is “group1”, and “user2@test.com” is “group2”, …etc)
(2) in the code from that example mentioned above, between line 46 and 47, insert the code below:
//use current user's email to check against value in groupCheck database
wixData.query("groupCheck")
.eq("userEmail", userEmail)
.find()
.then ((groupChkResult) => {
//if found
if (groupChkResult.items.length !== 0) {
//redirect to "/shop" if in group1
if (groupChkResult.items[0]["userGroup"] === "group1") {
wixLocation.to("/shop");
} else if (groupChkResult.items[0]["userGroup"] === "group2") {
//redirect to "/contact" if in group2
wixLocation.to("/contact");
} else { // not in any special group, redirect to home page
wixLocation.to("/");
}
} else { // groupCheck failed, nothing found, redirect to home page
wixLocation.to("/");
}
});
there might be other more suitable places to do this checking and redirect, as it depends on what you need.
I think to achieve what you mentioned, you might want to create a backend script, and do something similar to check permissions or group type at the beginning of each special pages. If passed, do nothing. failed, redirect to home page or logout .
Hope this helps.
Hi all,
This seems to answer ALMOST one of my needs. The difference in my case is that I’d like to apply the user groups to tables.
My site is : https://merlinregis.wixsite.com/accueil
What I want to acchieve is that group level one (= non-members) only have access to the 4 columns that you see right now in public (LIVE).
Group level 2 would have access to 1 more column (I think I’d need to just add a table with the visibility to only level 2 and up)
Group level 3 a few more columns
and so on…
Any help on this situation would be appreciated 
Thanks in advance
I’m a bit confused by the code that was posted by Yoav. I understand that he is looking into a database to see what access group the user belongs to, but I don’t see how that translates to knowing whether or not that user has access to the page that he’s on. Am I missing something here? I had a situation where I needed to make sure that members did not see other members data. I ended up putting URLs in the database and checking in the database as to whether the user had rights to see the page that he was trying to access.
What I’ve been thinking of is an admin group; so I can restrict pages that (for example) allow you to update the backend databases without going into the Wix editor. It seems that with the current member login process that I’m using (as found at Velo Tutorial: Building Your Own Members Area | Help Center | Wix.com), everyone ends up in one database. At least that’s how I read this:
if(wixUsers.currentUser.loggedIn) {
// log the user out
wixUsers.logout()
.then( () => { // update buttons accordingly
$w("#loginButton").label = "Login";
$w("#profileButton").hide();
} ); }
The check of wixUsers.currentUser.loggedIn in bold above does not seem to differentiate as to how one is logged in. In other words, you are either logged in or not. I can’t have a database of admins, a database of users, etc. So I think that I need a column to differentiate people as being admins from ordinary users or some such. Depending on that column, I could reference another group database of permissions or some such. Thoughts?
Thanks–
Al
IMHO, what we external developers really need is an extensible federated LDAP/ACL/Policies implementation that is natively supported in WIX Code Platform. This is such an important area if you are doing any development that involves properly provisioning access control to web pages in a standard way but to varying degrees depending upon the User’s privileges.
That said, does anyone know of a third party app that will do this for us without the need for developers to write a lot of supporting or custom code?
Thanks,
Tom Tuohy
hi Merlinregis,
I can think of a few options:
Hello Al Learning,
You know what? I think I have answered myself while answering to someone else.
What if I create more than one account, permitting me from there to have different levels of membership?
So from there, account #1 would cover level 1 members, account #2, level 2 members and so on…
Hi Al Learning,
I am a very new user and was following your method outlined above on your March 6 post. I have everything working correctly from the Wix example ( https://support.wix.com/en/article/how-to-create-member-profile-pages-with-wix-code ) then set up the groupCheck database and inserted your code as directed. The only things I changed were the redirect URLs. The login works but no redirects are happening. Any idea what I might have done incorrectly? I did input all the code into the ‘Site’ tab rather than the ‘page’ tab since my buttons are in the header - no idea if that makes a difference. I appreciate any help.
Hi ryan.wills, have you checked permission of groupCheck database? Also not sure how you do your debugging, what I did was, setup a logging database which only contains 2 fields: time & log and with permission anyone can write, have a function called something like “debug” which writes the received line to the logging database. Then for every line which requires debugging, calls that debug function with the required logging info. This way I can dump whatever debugging log as required which can’t be done by preview/console.log.
Once you have a functioning debugging method, insert as many into your code as required, you can then clearly workout which part failed and what was the value returned from database query or function calls or which path did the execution goes, …etc.
Hope this helps.
Thanks for the quick reply. I have no debugging process. This is entirely new territory for me. I will do more homework following your suggestion on setting up a debugging function to narrow down what’s failing.
Regarding permissions, I wasn’t sure how to set the groupCheck permissions. I have it currently set to Private Data (collection type) and Admin for all Roles but clearly that could be completley wrong.
thanks again!! I appreciate your help.
Hi Yoav,
Can you share with me how should the user access collection looks like, for your example on checking access for regular page? Should I create a user access collection with a field name labelled as “User” and enter the userID into the field, and a field name labelled as “Group” and enter “a group with access” into the field? I am having trouble getting it right.