Protect data from beeing edited by other users

cataleen · May 9, 2024, 10:05am

I have a job board app and I have some issues. I’m not sure how to protect the job post from being edited by other users…

Here’s a loom video showcasing what I’m trying to achieve: Small Problem with Job Postings | Loom

If anyone knows how to deal with it, please let me know.

Himanshu · May 9, 2024, 12:28pm

On page load, add a workflow which takes the job_id from the URL. Create an endpoint in Xano which returns a boolean value whether the user should have access to this page or not. Use the auth token and job_id to check this. If the user should not have access, redirect them to some other page.
Add a precondition in edit job API which takes the user’s auth token, validates the user should be able to edit the job post and continues the process.

This way you’ll not only restrict users from accessing the edit job post page, but also prevent them from editing the job post.

To simplify this in Xano, you can create a function and reuse it with multiple endpoints.

cataleen · May 9, 2024, 1:21pm

I did something similar, by comparing the user ID from my jobs table with the auth user ID inside the load page workflow. If those aren’t equal, the user is redirected to a 404 or homepage.

Xano is still new for me, and I think for the moment this method will do just fine.

Topic		Replies	Views
Xano, Roles, and Private Pages Ask us anything xano	6	353	May 9, 2023
Setting a user in the editor Ask us anything	1	175	July 17, 2023
Weweb Editor removing authenticated users data Ask us anything	5	140	August 29, 2023
Locking pages based on Users Roles from Xano How do I? xano	4	314	January 31, 2023
New Xano Plugin: Not Passing Auth Maybe? How do I? authentication	11	372	July 30, 2022

Protect data from beeing edited by other users

Related Topics