Is there a way to set “slugs” as a Token for Privacy Rule?
For Instance, I wanna send proposals from Bubble, and I’d like to set a randon token in the “slug”.
So that, it is private for everyone, execpt for those how have the link itself…
How do I set that in my Privacy Rules?
Shoud be closed for anyone, except for those who have access to the link itself. A must in this solution.: User with the link should not be asked to log in!
There is one neat Bubble trick I know for this problem. On page load of the linked page, grab and set the magic token value onto the user. eg something like: on page load -> Current Users current token = extract magic token from URL (regex or whatever or make your life easier by using a parameter).
Then on table that holds your special data have a privacy rule that is: Currrent user's magic token is Data table's Magic token (and leave on searching in the privacy rule)
I worked on this exact thing a while back. If you’re logged in then it’s likely a separate privacy rule in action that allows you to see the data.
The issue I had was resolved by calling the data after the page load, or refreshing the page but that required some more complex workflows.
You could either trigger an update data workflow or set a custom state and link it to a conditional on the value in your element. This would then trigger the call from the database with the new privacy rule applied, after adding the token to the current user (logged in or out).
So… there is a solution… that’s a good news !
You could retrieve secure data from an logged out user? That’s the main point here…
It seems to me that we can change data from an unlloged user, at least at Userdatabase…
Doing some tests here to find a solution…
A state would be lost after refresh, isn’t it…?
So a backend workflow might be necessary…
Still working on a solution, any help would be great !
I built a page demonstrating a reusable pseudonymous login using tokens in the slug. Take a look.
On my to do list is to support token login and regular login by setting up alias accounts for every user and then setting the privacy rules so that the alias can view the user account and vice versa.
Fantastic solution aaronsheldon
Simple and very clean…
I’ll have to setup a workflow to clean my database (a lot of randon users…), but your solution is awesome, very secure !
I was almost giving up…
Tks !!!
So, the final solution (Maybe Useful for other users)
Create a random email;
Create an account with email in step 1;
Assign a temporary password;
Change password - credentials, using temp password step 3;
Set an User slug by GET Url parameters;
Beforhand Set a Privacy Rule using slugs in the data you wanna show comparing to User Slugs…
I felt bad that I might have given out some bad advice after seeing @aaronsheldon reply … so I went and double-checked- and I did make a mistake - sorry about that . Aarons’s solution will work I think also … but I would do it slightly different with the privacy rules Maybe someone will point out a problem with my design … which would be good learning for me. But I think you can do this without creating temporary users.
The mistake I made was saying don’t make the token searchable in the privacy rule. I edited the original post to be correct.
Yes that timing issue of the User change to the RG change is just the way Bubble works. I’d say in the “real” world for validating anonymous tokens, you would not rely on a RG updating as per my example but update a custom state to change the UI, show hide/some group, redirect the User to another Bubble page, or some explicit workflow action to change the UI state.
I used a RG in the example to prove to myself that the Privacy Rules worked not because I thought that was a good way to signal in the UI that the token was valid.
that I might have given out some bad advice after seeing 
reply … so I went and double-checked- and I did make a mistake - sorry about that 