Authentication/Filtering

#1

So, you helped me get the login to work, now I need to carry the session into the app. For example, user logs in and should see a list of only his trips, not all of the trips in the trips table. User creates a new trip, it gets stored and is available to the user only. After log in, user goes to “cloudList,” which should be a list of only his trips. I cannot seem to get the filter on the get record collection to only pull records tied to the user. Something with the meta data, I think. Big stumbling block for me and would appreciate some help. App 95940.

As always, I appreciate the help.

#2

At the moment, there’s no user-level ACL available when using AppGyver Auth, so the only way to do this is for the app to fetch all trips and then filter them client-side, which can be a security issue.

In any case, what you can do is to add a field e.g. createdBy to the trip data resource schema, and when creating a record, save the current user ID there (should be available as appVars.currentUser.id if you are using the default auth page logic). Then, you can fetch all the trips to a data variable such as data.allTrips, and simply show only those that were created by the current user:

SELECT(data.allTrips, item.createdBy == appVars.currentUser.id)
2 Likes
#3

Have been at this for a while. I created a “username” field in AirTable, which corresponds to the appVar.currentUser.username (“demo”). I insert the following into search query in the GET record collection:

SELECT(data.AirTableLocations1, item.fields.username == appVars.currentUser.username)

I think this matches up to your recommendation above, but it does not filter the records and I get the following message “List type is not assignable to text type”

Important as this is how I plan to segregate records by user once auth is flipped on. Any help appreciated.

#4

I solved this using the CONTAINS function in the Advanced Properties section of the Repeating List by comparing the appVars.currentUser.username with current.fields.username and following the documentation on the CONTAINS logic.
Thank you

#5

@Harri_Sarsa

“In any case, what you can do is to add a field e.g. createdBy to the trip data resource schema, and when creating a record, save the current user ID there”

Trying to do the above but with little luck. Could you please expand on the approach :slight_smile:

Include the current user in POST message

image
image1211×655 62.3 KB

image
image1230×562 33.7 KB

#6

Well… Not sure if there’s something else going wrong, but you’re sending pageVars.UserID when appVars.currentUser.id is what you should send. And it’s not good to have this as something the user can edit in an input field :disappointed_relieved: