Given a loginEmail or contactID, I’m trying to get a member’s roles from the backend. One way I thought of doing it would be to query the prvateMembersData collection referenced with one or more other collections, eg some kind of roles collection. Is there such a thing?
If not, what is the recommended way of doing this? getRoles() doesn’t do what I want because it just gives the roles for the currently logged-in member.
Currently no, there is no separate roles collection to query independently of the loggedIn user and privateMembersData will not return this information to you. You can request an additional backend roles API call here .
I do not have a definite recommendation for a workaround. I think it will depend on your use case. If you can share some more detail perhaps myself or another member here can help problem solve.
Thanks for the reply. Yes, I’ll submit an additional backend roles API call request.
In the meantime my use case is as follows. I am writing a web page that runs on a third party server. When users login to that web page I can authenticate them against Wix and retrieve their details through some Wix backend code I have written for http-functions.js. What I’d like to be able to do is to assign Wix members roles that determine what they are allowed to do in my third party web page. However in order to be able to do that I need to be able to retrieve a member’s roles in the backend given their loginEmail or contactId.
I can see how to do this by using badges instead of roles for this purpose, but it seems more appropriate to use roles instead of badges, partly because, as far as I understand, badges are visible to other members whereas roles are not.
The other way I had initially thought of solving the problem was by using a custom field in contacts, but there doesn’t seem to be a way of making a custom field only editable by the site administrator.
I think you are likely on the correct path with either the use of a custom field or a separate collection you create and maintain in tandem with the inaccessible site members role data (not ideal, i know…)
As far as only allowing site admins to make changes, you could check this in your code and only allow data updates by users that meet your criteria. I’m making the assumption that the user updating data is logged in and you are using getRoles to check the users role and only allow the action if they meet your criteria.
Let me know if you think you can get something like that working for your situation or if you have more questions.
I don’t think that will work, unless I’m missing something. What I mean is that if I create a custom contact field then as far as I can see the contact is able to edit that field themselves in their profile settings, which is no good if I am using that field for determining what the contact is allowed to do in the third party app.
Until getRoles() takes an optional memberId parameter (or there’s some other way of getting a member’s roles) then the only way I can see of doing what I want to do is to use badges to determine what a member is allowed to do.
Or did you mean that I could write some Velo code which will prevent a contact editing that particular field, unless they have a certain role?
I see. When I tested it briefly I was not automatically able to see the custom field in my members area, but it is possible I missed it. I will look into this some more as this is not an area I have done much work in yet.
If you are not able to hide the custom field if it is in contacts, you could make a separate collection you have complete control over that houses your roles information and anything specifically needed for the third party app. Would something like that potentially work?
It could work, but I think the badge solution would be easier if it’s not possible to prevent users editing custom fields. That’s because I want to roll this app out over a number of Wix sites, all with different owners and with different skill levels.
Of course, the best solution in the longer term would be to provide an API that would allow me to get any member’s roles, but I have already raised this as an API request and it is awaiting consideration.
Yes, definitely use whatever workaround is the easiest for your use case and thank you for adding the request to the wishlist.
I’m not able to replicate a site member being able to edit contact information from their profile page so unfortunately I’m not able to test anything to prevent what you are seeing as far as restricting an edit or hiding a field from the view.