user1127860
Reputation: 160
Configure Security to allow update of entries only for some users but allow read for all in Backand
Is it possible to configure the security of a table that only some users (the owners) of an entry in a database table are allowed to modify the entry?
For example in a notes ap each note is assigned to a list of users who own this note. All users should be able to see all notes but only the owners of this node shoud be able to edit/delete this note entry.
I only found a solution to filter who can see the note but not who can edit the note.
Upvotes: 1
Views: 53
Answers (1)
relly
Reputation: 439
You will need to create an Action for that. Go to the Actions table. Select the During Update event. Here is an example taken from https://github.com/backand/todos-with-users
// if the current user has an *Admin* role then he is allowed to update a todo for other users
if (userProfile.role == "Admin")
return {};
if (!dbRow.created_by)
throw new Error('Todo with no creator can\'t be updated.');
// do not allow users to change the created by field
if (dbRow.created_by != userInput.created_by)
throw new Error('You can\'t change the creator of the todo.');
// do not allow non *Admin* users to change the creator of the todo
if (dbRow.created_by != userProfile.userId)
throw new Error('You can only update your own todo.');
return {};
Upvotes: 2
Related Questions
- How to store a Geo Point in Backand
- How can I keep both users tables "synchronized" using BackAnd?
- Backand/Ionic - How to retrieve data of logged in user?
- Querying (and filtering) in a many-to-many relationship in Backand
- Backand.signup() - "Create My App User" failed to perform
- backand : issues with user creation, deletion, update