I’ve read a number of forum posts in an effort to get a handle on how best to structure my pages and manage access control. My app will allow users to log in to manage their account, follow other users, etc.; and from what I’ve read, Bubble best practices for controlling access to pages intended only for logged-in users involves the following:
- Creating a “master” group to hold all elements of any page intended only for logged-in users
- Setting that group to “not visible on page load”
- Performing the necessary permission checks in the “Page is loaded” workflow (which could be as simple as “Current user is logged in”)
- Showing/revealing the master group if the permission check succeeds, or redirecting to another page if it doesn’t
Is that correct?
Given that this is [presumably] a common scenario for a membership site, is there a way to hide the page element itself instead of having to create a containing group each time?
Is there any way to issue a 404 (page not found) or 401 (unauthorized) response instead of a redirect for non-logged-in users attempting to access the page?
(Also, I understand that robust data access roles are important, but I’m wondering specifically about best practices for dealing with pages and the UI.)
Any corrections, suggestions, or insights appreciated!