Firstly, this project is awesome.
I know this has been brought up previously but I want to add more to the topic. It would be very useful to have some more database security options. For example, if I made a notes app with multiple users, I wouldn't want Joe having access to Bob's notes. One way to do this would be forced filter views, where the filter is pre-configured and can't be changed by the user. This doesn't cover every case and it's not perfectly secure but it would keep things simple and intuitive.
I'm not an expert, but "row ownership" should do this for you, as explained in the link below:
https://blog.saltcorn.com/view/Full%20Post?title=Saltcorn%200.3.3%20-%20Row%20ownership%2C%20layout%20options%2C%20plans%20for%201.0.0
Ah I should have given a different example.
Say I have several Companies, each one has Employees and Clients. How do I make it so Employees can only see the Clients that belong to their Company?
Thanks,
Kev
Seems like some changes to the permission system might be needed for that
Yeah that needs a totally different methodology. You might be able to do this by creating a view that shows only the clients of the employee's company. The SQL would be something like the line below if you were writing it in PHP but I don't know how to do that in Saltcorn.
select * from clients where company in (select company from employees where employeeid=$loggedinuserid)
I did figure out how to make a view like that (make a List view of the Clients, then embed it in a Show view of the Company, select clients.company) but there are still issues such as needing a way to load the Company into the view. Also probably isn't very secure.