I’m trying to use the data privacy rules a certain way but I don’t know if Bubble it’s built for this. Can someone clarify?
I have a table called USER PROFILE used to define what users can do in the application. This table has two fields:
Profile Name (text)
Profile Users (List of User)
One of the records says:
Profile Name: Requester
Profile Users: User 1, User 3, User 5
I have another table called REQUEST to keep the requests that users create
I would like to protect the table REQUEST using the Data Privacy tab, in a way that only the Users who have the Requester profile can access its data.
However, I cannot find a way to do that. Any suggestions?
Add a field to the User type to save the User Profie:
User
First Name (text)
Last Name (text)
…etc…
User Profile (User Profile)
Then in Data Privacy for Request data type, you can create this permission: “When Current User’s User Profile’s Name is Requester” > allow access.
And create an opposite permission: “When Current User’s User Profile’s Name is not Requester” > restrict access
So this just means that whenever you add a user to a User Profile’s List of Users field, you should also save the User Profile to that user’s “User Profile” field.
That will do the trick.
I was trying to avoid the double reference but given the way the privacy rules have to be constructed, it seems that it’s unavoidable.
@romanmg,
Actually, for some reason, the editor does not allow me to see the fields of a referenced thing. Effectively, when trying to build the expression
When Current User’s User Profile**’s Name** is not Requester
after selecting the field Linked Profiles (a list of PROFILEs), I do not get the names of the fields in the thing PROFILE as options; I only get “contains” and “does not contain”, as shown below:
