Where is "User is not logged in" option?

When creating privacy rules, I want to specify what a non-logged-in guest to my website will see. However, the option does not seem to be available.

Here are some screenshots.

It’s a separate item on the list:

Thanks for the reply, however your screenshot is for a normal workflow.

The “isn’t logged in” option doesn’t seem to be available in the Data --> Privacy tab rules.

Got it. We just use the “everyone else (default permissions)” for logged out users. Don’t know whether there’s another solution for what you’re trying to do.

[EDIT: I’ve explained this sort of poorly…]
[EDIT 2: Let’s just get to the point…]

We do not need a state for “Current User is not logged in”. That state is redundant and unnecessary.

If Current User is not logged in it will never meet any of the “Logged In” conditions. It will meet the Everyone Else condition. This is how you want it.

Hey Keith, that’s a good point, but I do want logged-out guests to still be able to see the data on the website front-end.

I try to explain what I’m ultimately trying to do in this other forum question: API Access & Privacy Rule Challenges

Well, they can, unless you have a privacy rule that limits access to being logged in.

Let’s get specific here: Privacy rules apply at the data type level, right? If the data type is complex, you see options for various fields.

Let’s consider a practical example: Let’s say you collect date of birth and home address when you onboard a user. Should anyone but the system, you the administrator, and that specific user themselves be able to see that? Let’s say no. (We assume that these values are stored in fields on that user’s User object for purposes of the rest of this reply.)

So how do we keep anyone else from seeing that info, even if we do something dumb in our page design and on-page-load workflows? We do that by setting a privacy rule for the User data type.

Here’s our simple User data type:

The highlighted fields should only be visible to the user themselves.

Here are the privacy rules for that:

IF the Current User isn’t the User described by this object (that is, if Alice is viewing Bob’s User object):

Those fields that are unchecked under the View section will NEVER be downloaded to the browser and an on-page workflow (or API workflow that respects privacy rules) will never see a value for those fields. Such fields will always return null. (In Bubble terms, they are “empty”).

If the Current User is the User described by this object (that is, Bob is viewing Bob’s User object):

All fields will show whatever value is stored there. (Of course, such values may also be empty or null, but it won’t be because of privacy rules.)

Ah, that definitely makes sense. I see what you’re saying and understand which use-cases would constitute use of privacy rules.

How then, would you recommend I allow non-logged-in guests to view a specific website data type, while simultaneously exposing that data type via API, so a user with a token can see it.

I need to prevent those guests, from seeing the full data on the API backend (via this URL https://[app name].bubbleapps.io/api/1.1/obj/[data type]), but still view the data on the website front-end?

Hope that question makes sense.

It seems you’re asking about the Data API? (Not the POST / “Workflow” API?)

Go read the docs: https://bubble.io/reference#API.get_api

Privacy rules apply as if a certain user is logged in, if you allow API access with a login call. If you give token access, the API accessor is admin and has right to everything.

This topic was automatically closed after 70 days. New replies are no longer allowed.