No problem, I really appreciate the help.
I think that you may have answered my question with this link:
https://community.dreamfactory.com/t/limit-api-responses-based-on-user-or-role/693
I’m going to explore this code snippet, I believe that it’s getting the user session information that I’m looking for:
var result = platform.api.get(“user/session”)
To try to answer your questions a little further:
When the client connects with a request, it’s possible that it could be sending someone else’s name/email/id through the URL. Essentially, the URL is just a string sent over HTTP. I.E. - I could be sending a request for records and put my name=jeffreystables in the URL string. I wanted to see where I could actually check on the server side, when it receives the request, who the user is that is actually logged into the system - and then return values relative to that person.
The links above that you sent are very helpful, if I’m trying to limit access based on a record owner.
But, what if I want to setup a linking table where I’m able to configure the people who I want to see information on another record in another table. I.E. - I setup a reference table where I allow myself, drewpearce & jeffreystables to see a certain record in another table. I’m the record owner in the reference table, but I want drewpearce & jeffreystables to be able to access the record in the reference table also. However, I still want the server to actually check that it’s jeffreystables making the request, not some other user who is logged, but is trying to see your data.
Make sense? I’ll post more as I work through this today.
-Brian