Hi! Have a question about edit permissions for db fields in general.
How does Bubble stop requests, from modifying unintended fields, when db fields are editable?
Say for a User, there’s a TwitterLink attribute, which is viewable by everyone according to its privacy setting. However, you just want a User to edit their own, not another persons.
And let’s say you have an Action that when the user clicks a button, it Makes Changes to the current user’s Twitter Link field.
From reading the bubble docs: the Actions are done on the front end, so presumably, it makes a post request to the backend, probably passing the user id and the new text?
What’s stopping someone from editing that request, to use another user’s field, and edit their TwitterLink field maliciously? Like does bubble set permission at a more granular level?
The View all permissions = Read access from what I see, but I cant see anything related to Write/Edit access, at a granular level, within Bubble’s settings.