I would like to know how I can redirect a user if it should not be a on page. I got over 3.5k items (users) in my database. And I use dynamic pages to have there profiles.
Now I have I code that will run first at load of page, it checks if user item is the owner of the item/page. And it will redirect user if is not the owner. And redirect user to the main page. But i found a bug that if i press page back the person who should not have acces can still acces the page . Thank god there is no private info but still…
I need to know how I can redirect a user without loading the page it self so I’m wondering is it possible to check current user before the page is loaded ?
We want to avoid relying exclusively on a check like this within the website frontend itself because a user could always change their browser to not follow what that JavaScript says to do as can be seen with the back button issue.
From what was described you’ll want to set permissions on your data collection to “Site Member Author” so that only the author of the items can see their respective data:
For some cases you could also by default set it so that all sections with data that shouldn’t always be viewable are collapsed and create another ready collapsed section with a message like “You do not have permission to view this page” and a button taking them back to a destination you want, home, login etc. Then in your existing code if they don’t meet the right criteria you can expand the “incorrect permissions” section and if they do meet the requirements you reveal the actual page content, so even if the user does end up on a page they shouldn’t they’ll just see the redirect anyway. Something along those lines should be achievable.
Yea i understand, but if i go to a page where i should not be (the code i made). And if i go back you can still see the page and thus the info of a random user (email,phone etc)… so i cant relay on permissions…
“From what was described you’ll want to set permissions on your data collection to “Site Member Author” so that only the author of the items can see their respective data:”
This will not protect me or others from access the page and seeing private info like Phone numbers etc.
So, for example, this page is fully visible if I got redirected at first (when I try to access the page). It will reroute me through the home page but then when i press page back it will fully load the page and the info in these boxes. (testing it)… i need to prevent this.
It must be possible one way or the other to restrict access, no Mather what?
If permissions are set to “Site Member Author” for reading/deleting/updating then no user can see the info that another user creates. They can only see their own info. When a user loads the page and queries the database it will check their permissions and only return rows where they’re the author.
Can you share any example code recreating the issue?
Gotcha, i was not aware if you have it set to site member author it would only display the current user info, for me (as a edit) i can load/display others people info. But from a normal site member perspective i was not aware of this.
I will give this a shot and ask some people to test this.
So they looked at my page,
It only works on static pages, not dynamic pages. I just got it working like1 hour ago. So for future reference, i would suggest saying that you need to use a static page not a dynamic page (wont work on this). I was not aware of this.
So to get a page that will only display the user info you want to do the following:
create static page.
put a dataset on the page.
open the setting of the dataset.
create a filter
filter set to Owner ID
filter set to user logged in.
this will create a page that only the user can see his own information.
. Thank god there is no private info but still…