Protect data from beeing edited by other users

cataleen · May 9, 2024, 10:05am

I have a job board app and I have some issues. I’m not sure how to protect the job post from being edited by other users…

Here’s a loom video showcasing what I’m trying to achieve: Small Problem with Job Postings | Loom

If anyone knows how to deal with it, please let me know.

Himanshu · May 9, 2024, 12:28pm

On page load, add a workflow which takes the job_id from the URL. Create an endpoint in Xano which returns a boolean value whether the user should have access to this page or not. Use the auth token and job_id to check this. If the user should not have access, redirect them to some other page.
Add a precondition in edit job API which takes the user’s auth token, validates the user should be able to edit the job post and continues the process.

This way you’ll not only restrict users from accessing the edit job post page, but also prevent them from editing the job post.

To simplify this in Xano, you can create a function and reuse it with multiple endpoints.

cataleen · May 9, 2024, 1:21pm

I did something similar, by comparing the user ID from my jobs table with the auth user ID inside the load page workflow. If those aren’t equal, the user is redirected to a 404 or homepage.

Xano is still new for me, and I think for the moment this method will do just fine.

Topic		Replies	Views
Locking pages based on Users Roles from Xano How do I? xano	4	350	January 31, 2023
Viewing restricted access pages without authentication in preview Ask us anything authentication , xano	4	635	July 20, 2022
Recreating Auth0 Login and Logout with Xano API endpoints Ask us anything	1	841	October 31, 2022
Setting a user in the editor Ask us anything	1	248	July 17, 2023
New Xano Plugin: Not Passing Auth Maybe? How do I? authentication	11	387	July 30, 2022

Protect data from beeing edited by other users

Related topics