Security Provider Help

Basically I have a user generated page that I only want the user who created it to be able to edit and anyone who isnt this user to be redirected, I assumed id something like the security identity but then on the enforcer how does this work, can I make this dynamic and in the future id like more than one user to be able to edit the page so the creator would give them a roll on their page (so here the security identity wouldn’t work as it only gets the creator) im just super lost on how to go about this.

On the page, set a server connect which auto loads. Probably a sc that gets data to be shown for editing.
In the server action, make the first step to check in DB if security identity (logged in user) has right to edit the requested page/id. If not, response 403 and on client side, use forbidden dynamic event to redirect them to some other page.

So my db has pages_id and a users_id (there’s more but not important) then in my server action I used the identifier and then queried this against the users_id (it doesn’t have any return options as they return by another query) then client side I put the server conn with the action file in and I have a dynamic forbidden event it didn’t work maybe I did something wrong?


I feel like I made a mistake on the server action maybe I use a condition but not sure what that would be formatted like

The three steps are fine. Query should be a single query which returns the page details if editable by identity (using where/condition)
Then add a condition step and check if query response is null, then return 403 else don’t do anything and query itself will be returned.

so would my condition be my dynamic selected attribute and the == null so like query == null and bey 403 is that just a browser goto I coulsnt find a 403 component?

Lots of typos. Slow down. :sweat_smile:

There is a response step. Set status code as 403 there.
Browser goto happens on client side inside the forbidden dynamic event.

Thanks so much for the help, how would the condition look?


I found this in the community but I think I’m doing the condition wrong?

For single queries, i like to make use on any 1 of the reutrned columns…
So in your case, if ID is that column, you can set the condition as query.id == null.

FYI, you can make use of response step for debugging your SA too… Just put it wherever you want the SA to return the results… Set value part of response to that query or variable… And run it.
Response breaks the flow of SA and does not return anything except what is set in its value part.

“message”: “Option “data” is required!”,
I keep getting this error is this related to the condition?


Just tried a few different things like pages_id == null pages.id == null pages.pages_id == null are any of these correct?

I needed a message in the response so much closer now I have one issue, it redirects fine but if the back arrow in the browser is used the server connection no longer auto loads and redirects them again? thanks for all the amazing help

I see 3 messages at different times. Assuming first 2 are resolved, answering the third one:

Check in the server connects’s sc1.lasterror.message property. Don’t remember exactly, probably look at the SC in console to find exact path.

Is this a SPA or MPA?

Mpa

It feels like ages since I worked on a MPA in Wappler. :sweat_smile:
Can you test and see if the load dynamic event on App fires when you hit back?

image

what is the load on my initial thought was the server connect or the actual app (like a document ready kinda thing)

It is like window.load

where would I apply this nothing pops up under server connect or on the app part at the top of the page structure?

Select the app item on top in app structure… Then in dynamic event section in properties should show this.