How would I manage (in the DSP), every user has his/her own Todo-List?

benbusse · July 18, 2014, 6:57am

(Somewhat) short answer:

You’d add a field to the todo table which references the user id (the DSP will automatically store the user ID of the user creating the record).
When your app makes a GET call to the todo table, you pass in the logged in user id as a filter parameter in the query to the todo table (you can get the user id from the /user api on login and store the id as a variable or make a method in your app that fetches the user id on demand at runtime).
To ensure that other logged in users can’t create, read, update, or delete other users’ records, you should also add a service permission to the role (e.g. if you called your field ‘owner’ in the todo table, in service permissions in roles you could specify ‘owner’ = {user_id} as a security filter rule.

I’ll try to post a few code examples when I have time…

Topic		Replies	Views
How to implement data access based on a table with user's permissions Authentication & Security	1	5197	October 23, 2014
Access to database rows Authentication & Security	1	3602	June 4, 2015
Observations on User/Roles in a fresh DSP installation Users & Roles	2	2881	July 18, 2014
Record-level security: advanced filters and non-GET requests REST API	2	3656	October 21, 2015
How to prevent User to see the data from other User but stored in the same table? Authentication & Security	1	2531	August 22, 2014