A tricky one: Nested Repeating Groups and Data Privacy Roles

Hey team,

Boy I’ve been trying to troubleshoot this one all weekend, and the solution is evading me!

I’ve put together an app to demonstrate the issue I’m facing.

Essentially, we have “Packages” and “Components”.

Packages can be hidden (by being unpublished), or by a user type flag - User / Manager etc.

Packages contain Components, which themselves can be hidden based on user type, published status etc.

For some reason - everything works perfectly, except for nested repeating groups. It appears the groups continue to draw (regardless of permission/role status), when a user is not allowed to view.

See below when logged in as “God” (see everything):

09 PM1698×1526 228 KB

See below when logged in as “Manager” (see only Manager items based on Roles):

39 PM1678×980 74 KB

Those blank groups shouldn’t be there… they should not render!

It is much easier to demonstrate this than explain it… So take a look here:

You can review the editor here:

Make sure you switch between Users using the Data tab. God Mode will let you see ALL data listed. Manager will show you items the Manager should be able to see. User for items the user can see and so on.

Also, it is weird to note, that logging out, returns items in the list (which it shouldn’t), whereas user “Guest”, see’s the expected result (nothing should show up!).

Anyone care to take a bite out of this one?

I’m getting redirected and can’t get to the editor.

Hi @blueback09, sorry about that! I’ve updated the link. Does it work now?

Got in.

Are you controlling what each user sees just with the privacy settings? I don’t see anything in the page that alters the search based on the user’s permission level.

So I think you’re running the same search for everyone, which means the same list of results gets put into the display area, and some of the results are “empty” because all of the fields are hidden by privacy rules. But you’ve still got the result.

You can inspect the repeating group when debug_mode=true by clicking “inspect” and picking the repeating group out of the list. You’ll see that its list of components has 5 items, but for 2 of them the only field the user can see is the unique id. So you’re giving the repeating group a list with 5 things in it, but 2 of those things don’t have the field the group expects to display.

I think you need to alter the repeating group’s way of getting that list. Try setting conditions like “user’s role = manager” and then set the repeating group’s data source to a search that only returns components that role can see. Also, it will probably be cleaner to make one “role” field and set its text to different roles rather than create multiple role fields. That way you only have to check one place.

Thanks for having a look into it.

So, one of the challenges with this particular example is that the Packages and Components lists need to be displayed in ALL of these cases:

1. Guest View (No Login / Assigned Bubble’s Temporary Account)
2. User View (Standard Login)
3. Manager View (Advanced Login)
4. God View

Ideal states should be:
Guest View = See Nothing but an Empty List or Place Holder to (Login!)
User View = Only See Packages (and/or) Components Marked Visible to Users
Manager View = Only See Packages (and/or) Components Marked Visible to Managers
God View = See Everything

You’re right that I’ve tightly controlled the “privacy” settings, and they are working as intended (yay!).

However, I only wish to use a single repeating item group (with the nested “component” repeating item group). If I were to take your approach, wouldn’t I need to create a RG for each User Type? How would I run multiple conditions on a search with a RG?

I agree with your suggestion that I should combine the user types into a single list field. I’ve avoided this because I find lists really challenging to work with in Bubble. I can never seem to get them to work properly. Yes/No’s are really easy to evaluate… But I agree that it could be better. I’m definitely open to suggestions, and I really appreciate you taking the time to help me on this.

I don’t mean to put the user types into a list, I mean create a text field and just put “guest” or “manager” into it. Then check that text later. If the user’s type is “god” it won’t match up with “user”.

You can change the repeating group’s “data source” by setting a condition in the condition tab. Something like “when current user’s role is guest” or “when current user’s role is manager”. Make a different condition for each role and set the data source to a different search.

You can see what is happening when you do an Inspect.

image1174×114 9.24 KB

So you are still picking up the row in the search, you just can’t see the data. Hence the blanks.

Using Permissions like that isn’t how you usually prevent Users from seeing things.

Thanks to your guidance team, I’ve been able to solve my issue. Many thanks for teaching me about conditionals for data sources… That was a brand new concept to me.

36 PM848×654 29.8 KB

58 PM730×1106 65.4 KB

Re: the unusual approach to controlling content using permissions roles, this is because I’m super paranoid about data being shown to the wrong users… but I’m super stoked now to have found out there are multiple ways to lock down content.

Thanks again team.