I loved how you used screenshots and showed how the front-end, chrome developer tools, and the configuration in the no-code tools was all related.
My one recommended addition to your article is perhaps including a sentence or two about how to go about testing/auditing the security of your application after you’ve built it. For example, what type of person could you hire or service could you buy to run an audit/test on your system to check for these vulnerabilities?
Additionally, What is the best way to get user’s roles in frontend?
For example, I want to show a link to admin’s page only if the user is admin using supabase auth.
How can I easily get and check user’s roles?
You can then use that variable to check if the user has the “Admin” role or not. By binding the result to the display property, we hide the link to “Your fleet” page when the user doesn’t have that role:
This formula is probably not the most elegant way of doing this because we’re counting on something to be undefined to make a decision but it works I’ll ask the devs on our team if they have a better solution!
By the way, Private access with user groups is only capable in Scale plan… I think these feature are quite basically in the test phase, so I should have created another workflow to check whether the user is Admin or not. (Already capped by access volume, so Starter plan should not to be restricted other points, for the developers and WeWeb growth, I assume)