Just thought I woudl share and see how everyone else is maybe doing with this. My app is basically ready, it does what I want it to do and works really well. I could never have done this without WeWeb, so I’m super happy.
I am however struggling with a few things that I think could really be automated, they are more around the back office aspects and I wanted to see how others are dealing with this. My stack is WeWeb + Xano.
Role Based Access - Controlling what an admin does vs. a contributor vs. read-only. I ‘think’ I’ve got all this working in Xano, but has been a ton of work and was really painful. I’m still not sure what security holes might be there and am working through that.
Account Management - I’d like user to have to verify email, be able to reset passwords, etc. I still haven’t even had time to make it to this, and it’s not really apparent what the right approach is.
Google Maps and Mapbox - I really want to be able to map more of my data. I know that the Google Maps and Mapbox engines work, but you can only pass one piece of data to them, can’t easily enable additional features in Google Maps and the Mapbox plugin has so little documentation I don’t actually know how to possibly do things in there that might overcome the limitations of the google maps plugin. A great example of this is the able to cluster multiple data points together or have it show more than a single piece of data. Even just starting with being able to pass more than one piece of data woudl be transformational…
Enterprise Readiness Making your product enterprise ready (SAML, OAUTH, SCIM) is something that would be really nice. WeWeb has the OAUTH piece, but very difficult to get working, it would be really nice if there was a plugin for WorkOS to make all of this near automatic.
Overall I’m happy with the progress I’m making and the WeWeb platform, but these items have all been far more painful than I would have liked and am having to slowly work through each of these problems.
I’ve implemented 1 and 2 without any major headaches. The PW reset is definitely fiddly to setup but the documentation from WeWeb and Xano (my back end) is excellent.
I found that role-based access was easy. Map the roles to groups and set page-level permissions for the groups. And I just recognize the role on login and route appropriately.
Hi @patopt, great feedback! Thanks for taking the time to put it together
Super glad you’re happy with what you were able to build already.
Let’s see if I can help a bit with the items you mention.
Security is a big subject for sure. If I were you, I would review each endpoint in Xano and check the following:
do users need to be authenticated to perform the action that this endpoint allows? if yes, is authentication enabled on this endpoint?
does this GET endpoint send only the data I want to the frontend or is private data visible in the browser’s inspector
do all my endpoints have filters and pre-conditions to ensure an authenticated user cannot access and edit someone else’s data unless they’re an admin (horizontal escalation of privileges)
is the endpoint to change the role of a user well protected to ensure that only admins can make other users admins (vertical escalation of privileges)
We’ll have a dedicated video on the topic in the level 2 of the WeWeb Academy. In the meantime, this video goes further into detail about these 4 common security issues and how to prevent them.
With a Xano backend, I’d recommend using their Sendgrid extension to create and send magic links to users when they’ve forgotten their password. Here’s our article on how to set up a forgot password flow in WeWeb using Xano and Sendgrid.
Yep, we’re definitely working on improving the map plugins and docs. Could you maybe share a design of what you’re trying to achieve so we can draw inspiration from it to improve our user docs?
Great feedback! Will pass it on to the product team. OAuth can be a challenge for sure. I’d love to know:
What did you find most difficult to get it working in WeWeb? How did you end up finding the solution?
Thanks for the reply Joyce! On the first two items I’l look through what you sent over.
On the other two:
Google Maps / Mapbox
I’d like the ability to present more than one piece of data. Right now if you look at what data you display under the ‘Market Content’ section you can only display a single piece of data.
When mapping a bunch of data you can often end up with data that overlaps and a mess of a map, without using the correct APIs in Google or Mapbox you’ll find that it just puts the points on top of each other. To counteract this both tools have the ability to cluster together multiple items and display properly.
Clustering
Collision Detection
On the item around Enterprise Readiness - I still have not solved this problem, has just been too time consuming and even if I get it working, I believe it will lack in other features companies may want to use.
You actually can insert HTML in the “text” section of the mapbox plugin, so theorethically you could display the template you sent, but it would require some code.
Here is the problem though, I’m mapping multiple points from my database. Once I bind the Markers to the Array output, all i’m left with is the ability to select a single field.
It would be much more useful if rather than it being bound to one field, it exposed a formula or allowed me to write JS so that I could show more than a single piece of data.
// Assuming `map` is your Mapbox GL JS map instance
map.click('click', 'mapboxgl-canvas', function (e) {
// Use queryRenderedFeatures to get the data of the clicked point
var features = map.queryRenderedFeatures(e.point, { layers: ['mapboxgl-canvas'] });
if (!features.length) {
return;
}
var feature = features[0];
// Fetch the data from the global variable
var data = collections['99738f66-cc68-4885-8ccc-645a5cf4e133']?.['data'];
// Find the corresponding data in the array
var userData = data.find(user => user.mapbox_id === feature.properties.id);
if (!userData) {
return;
}
// Create a popup and set the content to the name field of the corresponding data
var popup = new mapboxgl.Popup({ offset: [0, -15] })
.setLngLat(feature.geometry.coordinates)
.setHTML('<h3>' + userData.name + '</h3>')
.addTo(map);
});```
