This is a database design/weweb question…
Users are added to the database without a password, as they are added by other users.
I’d like to ensure that whenever a user comes to our app, after logging in, they are presented with a Create Password page, if they do not have a password completed in the DB.
I could just have this as the page that the come to when they click the invitation link in the email, but I need to ensure that they cannot utilize any pages in the app until password is complete.
I’ve thought about creating another role for this, something like “subscriber-password-not-complete” but this is clunky.
I’ve also thought about using a workflow for every page that checks is password is complete, and then redirecting them to the Create Password screen, if not. But, that also takes up a lot of resources on ever single page load thats probably unnecessary.
Any ideas on the best way to do this?
I should also say that my users don’t always have a role, as there are some users without any role, and the roles are actually attached to an account.
@Joyce When does the /me endpoint get called with Xano basic auth plugin? Is it only once, when the user is logged in?
You could add a redirect workflow that triggers “app wide” which is available from the “settings” menu.
Regarding the Xano auth, As far as I know, the user details are fetched when you run any of the actions: “Login”, “Fetch User” and “Sign Up”
The user is fetched when the plugins are initialized, so before collections are fetched.
It’s only once for each page. After the SPA is released – in 2-3 weeks – it will only be once when visiting a website.
@Joyce Awesome SPA! Will fetch user still work? That is what I ended up using?
No idea Let me call @flo for backup on this
Interesting use case. If I understand, users are created manually without any password. So, they sign in just with their email? Right?
Two options come to my mind:
- You don’t consider these users as users. So, when they fill in their email, you redirect them to a sign-up page with their email prefilled and a password input. Then you add classic signup workflow on the front-end. On the back-end you edit the user instead of creating a new one.
- You consider these users as users. Then, adding a role is the right option for me as you can use this role to prevent them from accessing other pages. Like this:
Specify where is the role key in the
get me response. It has to come with the
get me endpoint because this is the call the plugin will make before rendering each page. To make sure the user is allowed to access it.
Define your roles and user groups
List the pages for private access
You will find a lock icon after that near the page names
Tell me if that works for you!