Hi Bubblers, I’m trying to set up for a beta test of my app. I want only people whose email addresses are in the database (I’ve put them there manually) to be able to successfully register as users. This is so I can invite a select group of beta testers to sign up as users. So far, I have:
A data type called AllowedEmails
A database field called “Email” within AllowedEmails, populated with email addresses
A signup workflow that works for anyone, not just people with allowed emails
I know I need to set up an “Only when” condition for the sign-up workflow, but I can’t figure out how to do that. A Google search got me this as an expression that should work: Only when Do a search for Approved Users (Email = Input Email's value):count > 0
The problem is, Bubble doesn’t let me input a “0” after the greater-than sign. Is there a way to do that, and if so, would this expression work? If not, is there another expression that would work?
Ah, I got the “0” to take by hitting the Return key, not clicking (which I was trying to do before). Thanks for letting me know I was on the right track!
One way to think about approaching this is by building an API that hits your own app.
A secured backend workflow that can ignore privacy rules can perform the search on the email and return either an ‘allowed’ yes or no value determinant on the count. This way, you can ensure you have privacy rules set to keep the list of Allowed Emails private.
You’d simply set up the call in the API connector to hit your own app’s backend workflow. Then, you can reference the call in your signup workflow with the inputted email and only allow it when the value returns yes.
One way (which is perfectly acceptable in this case) is to allow the Allowed Email datatype to be found in searches for logged out users but DO NOT expose any fields.
That way the search can still check if the email address exists but the actual email address can never be returned to the client.
Either that, or user a backend WF as mentioned in another reply.
Alternatively you could do away entirely with the Allowed Emails datatype and just create the Users directly, then invite them to the app.
This is actually a lot more secure - as with your current method, anyone can sign up if they know one of the allowed email addresses, even if it’s not their own (unless you have some additional confirmation process, which you definitely should).
