Two users must validate the form before it is submitted

HI

I am developing an app for a flying school. I start at a “dashboard” screen that would be logged in as a generic user (accesible to all Instructors / Students in the office). To add a flight I need two users to authorise. The pilot and a separate authoriser. I have it working ok by using password inputs on the form and then workflow events to log each user in … ( question one is whether there is a better solution?)

But using my current approach I need to log back in as the generic user before going back to the dashboard screen. I was hoping I could somehow save that users credentials and then log back in as that user … I can’t find a way to do that. So question 2 is can this be done?

I can achieve what I want by hard-coding the generic users email and password into a login event. But that doesn’t seem very secure - in development I can certainly see it in debug mode (not sure if it is different in Live).

btw New to Bubble and absolutely loving it … I have cracked all sorts of tricky issues but so far this one has me stumped. Advice very much appreciated.

Many Thanks

David

Hi there, David… I can’t necessarily answer your direct questions, but hopefully my response isn’t a complete waste of time because I am curious about your use case. I am probably missing something totally obvious here, but if the dashboard is accessible to everyone, what is the significance/purpose of the generic user? Couldn’t the dashboard be accessible without any login (generic or otherwise), and then you log users in when they want to add a flight? If that was the case, then after a user has added/authorized a flight, you could just log them out and land back on the dashboard.

Again, I’m sure I am missing something obvious, but it’s just an interesting use case to me. No hard feelings if you ignore this response. :slight_smile:

Best…
Mike

Thanks Mike, I could do that but I want access to the Dashboard restricted to just members of our school … if I make it totally open then I’m assuming anyone could access it. That would not be desirable because the dashboard shows who is flying and when. I could think of several reasons why people may not want that information publicly available!

David

Ah, okay… I had a feeling that was going to be the case. Any reason you don’t have folks just login to see the dashboard (and then they are already logged in for any actions that require it)? Seems like it would definitely simplify things a bit.

It would simplify it … but we have one PC in the ops room and I’d prefer just to leave it logged in. If everyone has to log in and out they will likely complain! Also people will forget to log out and that could end up giving access to more sensitive information. Hence my idea if the generic user …

1 Like

Priority: Security over User Experience

@mrdbetts

If that’s the case, would it be better that you set the dashboard to be seen by all and add in an administrator account that would oversee everything and that account is permanently logged in at the ops room? Then everyone else can see the dashboard using their own personal accounts just that the administrator account at the ops room doesn’t require people to log in to view.

Regards,
Qin

Thanks for replying Win … that is essentially my plan. The problem is that I want users to click a link on the Dashboard to add a flight and then return to the Dashboard.

I was hoping someone could share a way of either authenticating the users adding the flight without logging then in (I could give everyone a second ‘code’ just for this purpose but seems unnecessary).

Or a safe way of logging the Dashboard account back in via the workflow.

Anyway I’ll keep bashing away at it!

David

Sorry Qin not Win … it got spell checked above!

@mrdbetts

This would be a security risk as there’s no form of authentication of who approved it. If they don’t log in, it’s no longer authenticating, it’s just any random person being able to approve it.

You can try making it so that when a person tries to add/approve a flight, he/she has to log in to do it. And in the workflow, set it to auto log out after the process and logging in back to the administrator account.