Enabling attachement privacy for a group

Good day fellow Bubblers.

I have an interesting conundrum. When a user signs up, I link him to an “organization” in the user table as part of the signup process.
I would like to enable privacy for uploaded pictures and files but it seems I can only enable privacy for a user which implies only that user will ever be able to see the files he uploaded. I would like everyone in a specific organization to be able to see the files uploaded by their peers whilst still keeping the file private. ie. Not being able to open the file by URL sharing etc if you are not part of the organization and logged into the app. Is this possible in any way?

What I did is create a user table (with their unique username and password) for a specific organization. I use the organization’s username (email) and password to log in to Bubble. That way, I’m sure the members are part of the organization.

1 Like

Thanks John. Are you saying when the user logs in you actually log in with the organizational user as a workflow step in the background?

yes. I validate before their credential and then log in (with workflow).

1 Like

Hi, @dehacked79.

I’m familiarizing myself with Bubble’s file privacy feature, and I’m not sure I understand the issue you encountered. Are you saying that you could attach files only to a user?

I ask because the docs indicate you can attach a file to any Thing; and so I was wondering why you couldn’t simply attach the file to an “organization”.

Apologies for the late response.
When you enable privacy, any transaction in the DB is linked to the user that loaded that transaction. So we have user X uploading a photo into DB with privacy enabled. User Y will not be able to see the photo of user X. You now have one of 2 choices. 1. You disable privacy and hope someone isn’t clever enough to query the DB. 2. You create a “master” user for each group with which you actually log in when a user logs in using workflows. You now have to keep track of actual user by adding additional fields in the DB to see who does what while the “master” user is logged in. Let me state very clearly I am no bubble expert so there may be other ways. I am of the opinion bubble would be much more friendly towards business app scenarios if privacy can be enhanced to cater for “groups”. Naturally this is a lot of work but I do feel there is a valid use case for people to get their apps running in a secure manner especially as SaaS keeps getting bigger.

No worries. Thanks for taking the time to respond.

But User Y CAN see the photo uploaded by User X IF the photo is attached to a Thing to which User Y has View access.

Therefore, if you have a Thing called “organization”, then why can’t the Picture Uploader element be configured such that the photo is “attached to” the organization?

1 Like

Perhaps best you open a support ticket and get feedback directly from Bubble.

You articulated a software requirement…

All I’m saying is that I was able to satisfy this requirement by simply configuring the Picture Uploader element thusly…

Of course, you must also configure the privacy rules appropriately…

Perhaps I’m still misunderstanding what you’re wanting to accomplish, but this seems to do exactly what you describe in your original post.

1 Like