Catch up wih the Appery.io community on our forum. Here you'll find information on the lastest questions and issues Appery.io developers are discussing.
https://forum.appery.io/
Hi team,
I wonder if I can implement field level security.
Suppose I have a field in user collection called credits, which represents the money a user has in his account. I definitely don't want user to change the value ,only read. But they shoukd be able to change other fields like age or address in user collection.
Hello Dongzhi,
Please follow this tutorial: https://devcenter.appery.io/documenta...
Hi Sergiy,
This is interesting. Will it be slower using security proxy than direct service call?
Thanks
Dongzhi
And how will that be counted against your API quota? e.g. will 1 API call via secure proxy be counted as 2?
Hi Dongzhi,
Unfortunatly secure proxy was designed for other goal(access sensitive information in 3rd party API) and it's not suitable for your case.
You can implement it with following plan:
1 Add other collection like "userAccount", add to this collection needed fields(like credits).
2 Add to your Users collection field "account" which is pointer to "userAccount" collection.
3 When you creating a user(sign up) you need to create item in "userAccount" collection and put this item inside just created User.
4 Make new item in "userAccount" collection - ACL field to be "{}" - (no one could access this item). Or give "read" access for current user.
5 When you need to change "userAccount" row you can use server script with "Master key" using to access any row in your "userAccount" collection.
Regards.
Hi Yurii,
Thanks, that is a viable solution.
Regards
Dongzhi