Forum | Appery.io

I have implemented the Signup and Login Rest services and they seem to be working well except for one thing. When I install my app on different devices and login as different users, all users are still sharing the same database. What do I need to do so that each user login only views database entries that they entered?

Hello,

You can create additional column in database "user_id" and show entries for current "user_id".

Do you use ACL when getting all the users?

What is ACL, Igor?

Hello Steven, Igor was talking about access control list - ACL
you can look in this part of our docs :: http://docs.appery.io/documentation/b...

Thanks Illya. I will study this more.

Do you guys have any documentation available for only showing entries for the current user? I've tried a few things and I'm starting to confuse myself. I guess I could use more help.

Here you go: http://docs.appery.io/documentation/b...

The quick and easy way to do this is utilize your acl objects.

I will cover from start to finish. It might seem very remedial, but you don't want to miss a single step.

Here's how...

Open your user's login page (where your app invokes the login service).

Open the "Data" tab and locate your login service and click on "Edit Mapping" for it.

Click on the "Response" tab on the right.

On the left, create a Local storage variables by entering its name (call it "Users_ID" without the quotes) in the "Create variable" input and click "Create".

On the left, create another Local storage variables by entering its name (call it "token" without the quotes) in the "Create variable" input and click "Create".

Click on the item called "_id" on the left of the screen and drag it to the "Users_ID" local storage variable on the lower-right.

Click on the item called "sessionToken" on the left of the screen and drag it to the "token" local storage variable on the lower-right.

locate your "create" service for the collection you want to lock down on the left side of the editor window under "services".

When the service window opens up, click on the "Request" tab.

In the "Enter new parameter name" input, type "acl" without the quotes.

Now open your page where entries are inputted into the database.

Open the "Data" tab and locate your create service and click on "Edit Mapping" for it.

On the left side, click on the "Add JS" next to the acl item.

Enter some JS like this...
code
var usersID = localStorage.getItem("Users_ID");
var acl = {};
acl[usersID]= { "read": true, "write": true };
return acl;
/code

This makes it so that only users authenticated as that user can see or edit that item.

Now when you need to map your "token" to the query or read service (whichever you are using, we'll just stick with query for now)...

Locate your "query" service for the collection you locked down on the left side of the editor window under "services".

When the service window opens up, click on the "Request" tab.

In the "Enter new parameter name" input, type "acl" without the quotes.

Open your page where the data is queried and displayed.

Open the "Data" tab and locate your query service and click on "Edit Mapping" for it.

On the right side, click the local storage variable called "sessionToken" and drag it onto the item on the left called "X-Appery-Session-Token".

This is what proves to the query service that the current user is cleared to view items marked for that user id.

Thanks for posting Garrett -- it's very useful!