In an app, we have certain data tables that work similar to Notion/Google drive share capabilities. If the data is shared with a certain list of users, they need to enter their email to access it.
The privacy rules are also set accordingly.
When the user enters there email, I check their access via backend workflow (which ignores privacy rules) and returns yes/no.
I update the state on my page and show the group with the details.
My problem is that the privacy rules do not refresh until I refresh the page, which creates a bit of bad UX for the end user.
Have any of you tried something similar and do you have a better solution?
Maybe if you put a data field on the thing, list of UIDs of users that have access, buts it just list of text, not users. Then privacy rule is things list of text, contains current users UID.
This is a secondary privacy rule, not the main one, as you don’t want to store the list text indefinitely.
I have set it is as you have mentioned. Data contains list of Users (for signed up users) and list of text (emails of users not signed up on platform). Privacy rules for both.
Caution: Privacy rules do not update automatically on the page if the privacy rules impacting a user change while the user is on that page.
For example, if a user has a page open where they can see a Thing, then they click a button on that page that changes which privacy rules apply to them such that they can no longer see that Thing, this new privacy rule outcome will not reflect on the page until the page is refreshed.