check you have picked the value from the repeat and not the actual server action.
for futher help please show the code you are referring to
1 Like
there’s not issue with the tutorial. i mistakenly put the seo api in the wrong folder. thanks for the amazing tutorial.
1 Like
Current Behavior
The current behavior in version 6.4.1 is that the table needs to be applied to the database before it can be referenced. This differs from how @Hyperbytes added the table, sub-table, and multi-reference, where they could use all of them simultaneously in the tutorial video.
I wonder if @George intended to have this two-step process where you add the table and then reference it. While it’s not incorrect to have the table in the database before it can be referenced, being able to accept all changes simultaneously would be more convenient.
Suggested Improvement
The current behavior in version 6.4.1 seems less user-friendly than the previous approach demonstrated by @Hyperbytes. Allowing users to apply all changes, including sub-tables and multi-reference fields, at the same time would be a more convenient and desirable feature.
Well we try to keep the order of creation and dependency order, so if you go and create main table, sub tables and references in one go, you should be able to commit it in one database change.
However for better reliability and easy revert, it is advisable to keep your database changes as small as possible so you can easily revert them and have a clear overview of what is happening.
1 Like
I agree that smaller commits are better
How can I use a user’s authorization role (authrole/rolename) to manage access to specific components via a secure API?
Checking if the security identity value is greater than or less than zero is insufficient. Can I check if the security identity matches a specific authrole/rolename? I am concerned that my current approach using authrolepublic is complex than it needs to be, and might inadvertently make the API vulnerable.
For more context, in my use case, each authrole is connected with a different image. Users can view a picture depending on their authrole and the time of day. This authrole can be assigned by a superuser (with limited admin rights) or an admin and can be removed if the user declines it, which means a user’s response can remove but not add an authrole.
Not entirely sure what you mean but if a user is not logged in then security.identify returns false otherwise it returns the currently logged in users ID.
Permissions are normally enforced via Security Restrict at API level to check the current logged in users role.
What exactly is the issue you are trying to address?
What is the best way to implement role-based security restrictions for components rather than page restrictions? It’s similar to hiding login when logged in, but based on role, stored in a table, and not a page restriction.
For example, I want to dynamically hide an image on a page for Joe, who is logged in but does not have a role as photographer A, while allowing Jane, who is logged in on the same page and has the role of photographer A, to view the image.
Another way to look at it is by restricting the nav accessible link by age, degree, experience, etc.
Current methods:
Security Identity (user_id) > unrestricted API to get all the users roles > check DB get image based on users role
Is this best practices?
Hello @Buggy
You can first starting on diagramming the logic.
There’s more than one way to do that, for example:
You can use the users and permissions settings that are on the security provider, for example:
Permission 1, and permission 2
In this case permission 1, will check the DB and grant the “permission 1” to anyone who has role >= 1
And the permission 2 will do the same with
role >= 2
Then if you need to “hide images” it’s better do it on your server side.
Because if you hide on the frontend, the images will still be there on the source.
A simple way to do this is using the security restrict step, and there define the permission:
You can add as many permissions as you need:
So you can do your query depending on what’s your logic:
In my case, selected permission 2, and the query will throw results only if the logged user is from the “permission 2” group.
Also you can use a query to retrieve the data from the user, and define some condition with the condition step:
- Restrict to all unloged users
- Step identity
- Query where user id = identity
- Condition: age > 10, then do the query, else nothing.
After restricting correctly your logic, the query can return the URL of the image, and using under the dynamic attributes “image source”
1 Like
You made it make sense, @franse.
Many security providers can have different pages/components restricted by the selected provider. Intuitively, the @Hyperbytes tutorial is so good that it made it easy to overlook.
Sometimes it can be that easy. Thanks again.
I’m still struggling with spending too many hours/days trying to figure it out before posting here.
1 Like
If I wanted to restrict down to component level rather than page I probably would:
-
In globals add a database query which returns the role/roles of the logged in user by reference to a security.identify stage. That way it is always available.
-
Use conditional regions (better than hide/show) based on if the required role is in the returned allocated roles.
Shouldn’t be difficult.
2 Likes
I’ll try that out, as it would make it easier to give editors limited permissions to manage user roles. Planning and execution of roles and restrictions is what I need to do well right now.
If you do get to record a short byte on setting up levels of roles, I think it will save someone out there from being cross-eyed watching your videos on repeat as if the content will change 
. I’d do my part of putting it to good use. Sometimes, the answers do seem to jump out from the screen on a closely related section.,
Business Pages @Hyperbytes
What's the easiest way to change url from www.example.com/business/2 to www.example.com/business/name-of-the-business-page?
If you are happy with www.website.com/business/2/name-of-the-business then just add an additional parameter to the route making it optional if necessary (question mark after parameter) and simpy ignore the second parameter for search purposes, just leave it there for SEO
1 Like
You may possibly run into problems if your business name contains spaces or special characters.
Yes, the name should be slugified
I changed the routing to business/:pagecontent_id/:title?
Nav logic to dmx-on:click="browser1.goto('/showbusiness/' + pagecontent_id + '/' + title.replace(/\s+/g, '-').toLowerCase())
Result www.website.com/business/2/
What I'm I missing?
This should probably be broken up into a new thread?
Anyways, what is your reason behind using the browser go to rather than a dynamic attribute --> Link?
Thanks @brad!
Followed @Hyperbytes tutorial. Also, i don't see the option to use dynamic attribute > link
Really? Can you paste your full code for the button/link?