When I use the “Delete Thing” or “Make changes to Thing” in work flow I do not want a user to delete or edit another users things. I have solved this with workflow click event on button and current user is parent group creator. But can a skilled user trigger this event to run through javascript manipulation. or is this check at the backend?
Any data operation is done on the server (precisely for this reason). This is faked on the client for instantaneous feel, but the actual data operation is done on the server, looking at the workflows you’ve defined there. So it’s safe.
3 Likes