Security Login to have access to user data. Easily dynamically alter UI

Robert_LM · August 14, 2022, 10:24pm

Is this still the way to do this?

(Since this is 4 years old, I’m just making sure there’s no more modern way.)

If, after entering ID & PW, I have to hit the user table to validate the password, it seems very redundant to go through all these steps just to display the UserName on the page.
Why not add another step in the Security user_login API to save the data I need at that time and be done with it?

In my case, At Login, I want an arbitrary field from the user table stored as some kind of global variable. (user level, first name, whatever)
Lets say I’m displaying a Product List. If a particular user is logged in, I want to display my COST on the page, but all other times HIDE the cost.

ben · August 14, 2022, 10:51pm

This video shows what I have chosen to do.

This is a version that Brian aka @Hyperbytes has chosen.

For the who's logged in part see

Robert_LM · August 14, 2022, 11:52pm

Ben
since yours was first in the list, I watched and implemented your method.
Login/Logout/User Name/etc. all works fine. NICE video. thx!

So now it would be trivial for me to Show/Hide a DIV based on a simple user field available to me in scUserLoggedIn.
But if a user was on a desktop, it would be easy to use the developer tools and examine the XHR Response and see the true Product Cost of all my items since I’m retrieving them in the Query.

So… next step

If a Manager is logged in, I want my server response to have as one of its fields the ProductCost.
And for a non-manager/non-LoggedInUser, I want to return a 0 in that field so it can’t be seen even if the user uses dev. tools.

Is this a case of TWO almost identical API queries and I dynamically choose one based on user Type?
Or is there a way to dynamically modify the SAME query (like with a CASE statement in the SELECT) to Select a 0 in one case, and ProductCost in the other?

ben · August 15, 2022, 12:13am

There would be just the one server action.

single query filtered on identity
if user then
else then

I hope this make sense.

Robert_LM · August 15, 2022, 12:46am

Let me ask a diff Q first:

I said all my Login/Out stuff was working, but as soon as I published to my DO Droplet, my Login fails.
I connect to the exact same database for Development and Production because I’m only reading data from the db - I’m not updating anything. No need to have 2 diff. dbs.

So why would the security subsystem fail with a 401 Not Authorized when its hitting the same MSSQL connection from DO, yet work fine from my Mac in testing. (Using the exact same credentials, of course).

ben · August 15, 2022, 5:43am

Stupid question, but one that needs to be asked: Could it be that the folder is named ‘security’ and not ‘Security’?

Edit: It was a stupid question, my apologies. Could you show the login API actions please.

Robert_LM · August 15, 2022, 3:45pm

Thx for helping Ben.
I figured this would be easy… something like restart DO - or manually refresh 1 file that didn’t get copied.
I’m going to post this under a new thread so its easier to find by someone else who is having the same issue.

Robert_LM · August 16, 2022, 5:19am

I’m kinda dead in the water, I guess because I don’t have SSL setup on my DO.
So I gotta jump thru lots of hoops to get back on track.

New thread here

ben · August 16, 2022, 5:42am

I had seen the new thread and have been theorizing what the problem could be. My best guess is that the data is encrypted and without an SSL there is no way for the browser to decrypt the data.

For more see:
https://www.tutorialsteacher.com/https/how-ssl-works