Here is the deal. I want to prevent a member that would have the UserID of another member to be able to access is member profile.
I have created a custom profile login, a profil page and a profil update page. I want to put in the code of that last page something that would say, if the currentUser does not equal to the user in the URL, then refuse access…
Option1: You can create it as Member Page in the member area . Only the member can access to their own members area
Option2: create a dynamic page based on the Members/PrivateData collection. I think it will automatically block you if you’re not the member (or Site Admin).
Option3: create a dynamic page (based on another collection) and write a function in backend/routers.js that checks if the logged-in member fits to the page url path (if not - redirect to a ‘forbidden’ message page.
Option4: (less secured): create a dynamic page (based on anther collection) and filter the dataset based on the user id.
@yvesblache create a js file named routers.js in the backend root directory (if not already exists).
Put this line at the top:
import { currentMember } from 'wix-members-backend';
Create pageName__beforeRouter function, inside this function query for the current member, compare its ._id property value to the request.path and if they are not equal use the forbidden module. or redirect to whatever page you like.