Forum Academy Marketplace Showcase Pricing Features

Restrict access if current page does not contain company unique id

Hello there,

I´ve a situation where users are seeing all the invoices of their companies so there is a constrain for “company=current page company”.

The problem is that if the user clears the unique id in the URL and press return, the repeating group shows everything for other users companies.

I´ve been trying to get this done with the workflow but I cannot find the right one. So for example if the URL does not contain the unique id then send to the error page.

Is there anyone that can help?

Thanks a lot.

Bests.

I´ve just solved setting a workflow that says “when current page company is empty --> send to 404 page”

2 Likes

I think some time ago I have found similar problem in my app and now I think this kind of situations could be some critical bug because “company=(undefined current page company)” shouldn’t return all records as it was “company==company”

Regards

That’s because a search constraint matching to an empty value is considered no constraint. You can get around this in an inefficient way by adding a filter which has “current page company is not empty”, or a conditional logic which changes the data source if empty.

You also should look in the data tab at the data privacy settings, and ensure people can only see records from the company they belong to, from the server side.

1 Like