Private and Public simultaneously?

eddie.sellers.jr · November 5, 2020, 11:23pm

My app is a marketplace. One side creates product quotes, the other purchases from them. For the purchasing side, I would like to create a eventual log in with a UI to access all their quotes AND a low friction way for them to get emailed links to quotes in order to view without login.

I would like to reasonably protect other people from seeing other people’s quotes.

Here is my initial plan:

Quotes privacy- viewable by all, searchable by only “quote owner”
The link I send for “non-logged-in” users, will be sent with a link code parameter for simple link authentication.

I am concerned about when a user is logged in. Will they be able to see other people’s quotes?

It seems they will not be able to search for it, but can they “hack” their way into the quote if they know the unique id?

And if this is unclear here is an example:

I can be sent a Docusign link via email. I can access and sign it without logging in. However, to my knowledge no one can log into the user interface and see everyone else’s documents.

brad.h · November 9, 2020, 6:23pm

This would operate just like google sheets shareable links. You have two options with sharing a google sheet. 1 - you can share a public link or 2- only a link that’s viewable by a specific google user after logged in.

You could do the same.

This would be based on your privacy settings. You can have a repeating group with all links, but filtered by who created or who has permission.

Topic		Replies	Views
Bypass privacy rules on non-authenticated quote page Database	3	413	January 10, 2023
2 Users (logged out) access same page, privacy issues? Need help	2	207	October 13, 2021
Best Practices for Public Links within App Questions	1	41	December 30, 2024
Issue with privacy rules for differentiated access and public page Database	3	31	September 4, 2024
How to create private link? Need help	5	1592	September 16, 2020

Private and Public simultaneously?

Related topics