Hi,
I have Dynamic Pages and each item are people in dynamicDataset. Before i create item myself, i made input form so Member from member area can create “item” for that dynamic page. That way _owner is assigned to each item.
Now my question, how to allow item to be read&write only for owner, so no one else can see or edit this.
I went thru many topics in this forum and found that creating custom login is one of the elements. True or false? Otherwise i could not find any specific for that, only clues which i am not able to pull out with my current code level.
Many thanks for help.
@ahmadnasriya
Hi 
The best way to do that is to set all the permissions of the given collection to “Admin”, create a function on the backend to bypass the collection permissions when you create (insert) new items , and on the page that was built to create items, call the backend function and pass the details of the submitted form as a parameter.
This way, only admins have access to the collection (Read / Write / Update / Delete), with the only possible exception of the bypassing the permissions on the backend whenever you need it.
Hope this helps~!
Ahmad
@ahmadnasriya i know you are helping me alot. I really wont forget that and once i finished with my project, i will figure out how to pay you back man.
This makes lot of sense what you wrote. Is there any way you could guide me code?
No need for othet steps, only code wise. I already made those:
Thanks again!
I’ve already wrote a tutorial about bypassing permissions.
Check it out here .
Regarding your code in the screenshot, this is the data.js file, which is a file on the backend that has functions that are triggered on certain events, for example before an item is updated or after an item is inserted. This level is reached after the operation is accepted (Permissions are okay), you need to bypass the permissions on the operation itself, for example:
// When inserting an item:
wixData.insert('collection', itemToInsert, { suppressAuth: true });
// When getting an item
wixData.get('collection', itemId, { suppressAuth: true });
// When querying
wixData.query('collection').find({ suppressAuth: true });
// When updating
wixData.update('collection', itemToBeUpdated, { suppressAuth: true });
Hope this helps~!
@ahmadnasriya Im working on your tutorial now, ill let you know when i am stuck haha 
The code you pasted in this comment, this one goes to backend or frontend.
@juozmant You can only bypass permissions on the Backend.
On BACK-END function,
lett finalResult = {
name: item.title,
email: item.email,
Possible to let all items at once? All of them are in use on repeater.
Same in FRONT-END:
function getDetails() {
return getMemberID(wixUsers.currentUser.id).then((result) => {
let name = result.title;
let email = result.email;
$w('#text26').text = name;
all item to get/edit is in repeater. just make repeater hidden on load and let it expand after this query?
UPDATE CLICK:
Do i need to add anything else when values are edited in repeater and are submited - so it double checks that its same owner info to be updated.
Because i think correctly all permisions are set to Admin, so bypass is also neccery.
@Ahmad
CURRENT STATUS:
Im here, and nothing is working.
PERMISSIONS COLLECTION: admin x 4
Permissions getMembersData.jsw admin x 2
BackEnd:
import wixData from 'wix-data';
export function getMemberID(ownerID) {
let options = {
"suppressAuth": true
}
return wixData.query('FishUploads').eq('_id', ownerID)
.find(options)
.then((result) => {
let item = result.items[0];
let finalResult = {
title: item.title,
email: item.email,
}
return finalResult;
})
}
FrontEnd:
import wixData from 'wix-data';
import wixUsers from 'wix-users';
import { getMemberID } from 'backend/getMemberDetails.jsw';
function getDetails() {
return getMemberID(wixUsers.currentUser.id).then((result) => {
let title = result.title;
let email = result.email;
$w('#text26').text = title;
$w('#text32').text = email;
}).catch((err) => {
console.warn('searching the database failed!')
console.error(err);
})
}
Not even title appears as set.
@Ahmad
Using the user ID ad the " _id " of the entry is only valid for the members collection since the " _id " in this collection is the member ID returned by the wixUsers module.
return wixData.query('FishUploads').eq('_id', ownerID) // Wrong
return wixData.query('FishUploads').eq('_owner', ownerID) // Correct
Also, make sure that the fields that you’re using exist on your collection, or you’ll get an undefined error.
Thanks Ahmad. I tried this before and it gives nothing. No changes happening when entering page. It states that you have no access there.
However, i figure out another way which seems to work but at the same time no.
- I changed collection permissions for site members:
2. On DynamicPage menu settings, i added few fields for some of the pages.
The pages that are for Members are the pages where they upload content.
All other pages permission set to Everyone (pages with All).
As you can see here, i added ID and Title fields for those pages. That way when user navigates to these pages, it selects owner and his title. And that works pretty well.It read which user is logged in and selects his item. I created few demo users and did all the steps, it navigates to their item without any problems. Reads the data from their title aswell. I also tried to access other user pages and permission were denied. I could not access any of other user items. So thats good.
The problem now is that it reads the item title and fields, but i cannot update them. After inputs are filled and submit button is clicked, nothing happens.
I only have 3 fields to update: Tag, Text Input, Picture.
What i am thinking this is because it does not understand where these values should be placed. At the moment inputs and submit button is connected with dataset directly. What i am thinking this has to be code based, so after submit click it reads current item, current user, user fields, and lets submit content to those fields only. And i have to disconnect them from dataset. Am i thinking wrong or good here?
P.S I double checked all dataset settings, all is set to Read&Write. I also used to user dynamicDataset, but on input pages i created another dataset(same dataset but separate) where i applied filter Owner(logged in user). I thought this would solve upload problem, but it didnt.
So in general i assume i still need to get current user and his fields.
Am i on good path or wrong? Could you please guide me to that? And how does the code should look if this solution is possible?
@ahmadnasriya
Ok guys - SOLVED!
I just uploaded previous comment and i saw permissions for collection and i noticed that Update permissions are for admin.
I set them to Site member(owner).
ALL IS WORKING PERFECTLY WITH UPPER MODEL!
No code is written for this model. The only codes im gonna write so it will disable inputs if they are filled up already!
@ahmadnasriya - super thanks for all the efforts!!
