Let’s suppose, on my Web I keep users’ phonebook in a collection Phonebook like
user_id / user_email / phone_name / phone_no
I want that users see just phone numbers that belong to them. I create a Dataset, connect it to a Collection, and… What is the best strategy?
If I don’t set any filters, the whole collection (ok, top-20 records) is downloaded by the browser. And users can see other users’ phonebook (part of it).
Well, I set a filter in the Editor to some condition that never met. Then, in Wix Code, I filter the collection to user_id - and I get what I need. Is it the right approach?
What if bad guy tweaks JS and sets another filter and requests other user phonebook?
What I suggest: to have a backend for each page, that allows to manage properties / variables / element at backend side, before a single byte is sent to the client.
Well, probably Wix code… But look, storing user_id in a collection - is a wide spread practice, I think, when storing user’s data. Why not to allow specific filter in the Dataset Filters? Then you may not need Wix code at all.
Hey
This is truly a Wix Code question but it is also very simple to answer and you do not need to code to make this happen.
When you have a page on your site which is restricted to members only and you have placed a form on that page using 1) A Dataset 2) Input fields from User Input Area in Wix Editor 3) A submit button connected to the Datasets Submit action — All records stored will have the _owner field populated with the logged in users id.
So on the page where you want to show phone numbers added by the logged in user just add a Dataset and click Manage Dataset, scroll down to Filters and Add a filter. Set the field _owner to “Logged in user” and voila. This will filter out all records created by that logged in user.