So my app has two types of users. (1) clients that only need access to a couple of pages and (2) internal users who will have access to the full app including the client-only pages. I’ve created a field in my Users type called “Client” and “Internal”. What I’m trying to achieve is that when a user logs in but is of type “Internal”, they’re taken to the internal operations pages of my app. When a user logs in but is of type “Client”, they’re taken to the client-only pages.
I’m setting my Workflow expression to be something like this.
However when I ran this step-by-step I noticed that the ‘Search for Users’ was not retrieving any values, and hence it couldn’t match to check that they were of type “Internal”. After a lot of tinkering around, I thought that the privacy rules may have something to do with this. My instinct is that, Bubble will not allow the ‘fetching’ of User’s emails in a workflow where the user is trying to log in, i.e. isn’t logged in yet.
I went in and changed the privacy settings to something like this.
Surprisingly this worked. Enabling ‘Everyone else’ to Find Users, their emails, and their types, successfully returned a “Search for…” match from my earlier expression and redirected the internal user to the right page.
I’m a little fuzzy on privacy settings and not sure if this is a good approach. I’ve heard that you should set privacy rules because even if you don’t allow access to pages and such on the front-end, someone with programming knowledge can still access the app (I don’t know how that works) and so instinct tells me that checking the ‘Find in Searches’ , ‘Type’ and ‘email’ fields is not a good idea, but I don’t know for sure, and also if it isn’t safe, then why not.
Any advice on how else I should approach what I’m trying to achieve. Also, any explanation of what the privacy rules are actually doing (or not doing when checked) would be very helpful.
Thanks.
Sean