First of all ... what a great app !
I'm looking to set up a view which has a filter to show only rows linked to a user
E.g. users and tickets table, user has a relationship to tickets
I want to show only the logged in user's tickets, and not any other users' tickets.
I can set a filter and embed a ticket table view
But I don't want the user to be able to change the filter, e.g. no dropdown or toggle
Is this posisble ?
Wouldn't that be automatic when the user is logged in... if you've set the view to user level permissions they'll only be able to see their own tickets.
timconsidine: this was added in 0.4.4. Ifm, in a Filter view you add a toggle filter and select the field which is the key to User, You should get the option in the builder of setting the value to a Preset, Logged in, which will select the ID of the logged in user
Thank you @tomn
It works as you suggest but user can just press the toggle switch and then they see all tickets.
@JonathanDHolden : setting user level permissions is only about setting access to a view, as I understand. If the view has other users' tickets, they still see them, unless a filter is used. please do correct me if I am wrong.
The toggle can be set up in the view but does not seem to be automatically activated when the view is loaded.
It would be great if :
Not a problem to use the toggle as a workaround like this.
Would be more secure if the filter view could have a restraint in the config with a value such as {{ CurrentUser }} ... or whatever structure/syntax is used in Saltcorn
"Would be more secure if the filter view could have a restraint in the config with a value such as {{ CurrentUser }} ... or whatever structure/syntax is used in Saltcorn" Yes, that seems like an excellent suggestion....
I tried putting the toggle inside a container on the screen, and then setting the custom css to hide it
Doesn't seem to work, but maybe it's my CSS :
.hidethis {
display: none;
}
Ooops, seems it is as simple as putting in the Custom CSS
display: none;
That's great. Toggle nicely hidden ... except the toggle is not activated on page load.
I will play to see if it can be set on page load through some property injection.
If any of that suggests I know what I'm talking about, well. I don't !!
And actually probably better to set the container properties to be "SHOW IF : ADMIN OR STAFF", instead of using custom CSS
Interesting discovery that the Code component supports adding not just HTML, but also javascript.
I can use this to simulate a button click for the toggle so that it gets set to on when page load loads.
Problem I am having is that the code I am using runs constantly causing constant page actions.
<script>
document.onreadystatechange = () => {
if (document.readyState === 'complete') {
set_state_field('holder', encodeURIComponent('1'))
}
};
</script>
If I can sort this, then it's an acceptable workaround
Although I discovered also from browser address bar that implementation is to add parameter e.g. "?holder=1"
This obviously works, but it is insecure as the parameter can be manually set. This might be fine for e.g. product codes. But for anything which reveals personal data such as orders, it's not good.
If the user table ID was random and complex, it might be ok, but as ID is sequential auto-incremented, it's trivial to "hack" the query and discover personal data.
Just mentioning it in case a future release can address this.