How to retrieve data for a specific user
I am currently using Xano with Draftbit.
My goal is to only display data in one table based on the user being set to the current authenticated user that is signed in.
At the moment it works as I am able to manually set the user I want. Although, I have only been able to query the user based on email and not their userid.
How can I ensure that a user will only retrieve data that is specific to them?
Also, I am joining 3-4 tables together to retrieve this data. Is this a problem as well?
Answers
-
hi, im not sure if I understood you completely, but you might want to look at default /auth/me endpoint in xano, as it will always return you your users id and authtoken, therefore you can use them in variables, and enable authenfication on xano endpoints, from that point read more on RBAC - that should do what you want. I have no experience with draftbit, but im pretty sure there should be a lot of variable functionality as in other no-code builders i seen.
-
Hi Max, I managed to get it working but setting my endpoint to authentication required. This seems to work for when I am using GET, but when I am using PATCH, I seem to be having problems editing information that is only connected to an authenticated user. Do you know any ways around this?
-
I believe you solve this with combination of frontend logic and api endpoint logic on xano side. you can add some role fields to users, or, as I do it links to groups in say user_group table, and based on that control with logic what resources are available to current user
for example if you have some hierarchy, like projects - people - assets - clients - deals etc, and you link user group with project, you can then trace in your logic relation between a group and record in all tables related to that project record as "childs" -
Okay, I see how that works. I managed to set that up, but there's still problems persisting.
Specifically, I want to be able to have a user sign up via their name, email, and password on one screen. That would create an account for the user. I managed to get that part set up. There would be another screen afterwards in which a user would input extra information. For this I am trying to utilize PATCH and I believe that it is working. Here's what I am trying to do:
When I get to testing this, I have to manually input create the userid and input the id itself in order to accomplish my goal like such:
How am I able to set this up such that Xano knows the authenticated user's id already and will automatically go to that specific endpoint as specified here:
-
you do if on frontend logic side. I did it by getting vars from default /auth/me endpoint. i also changed it to return groups, and in that way i build dynamic content for user to see on front side. Basically your fronend flow should call /auth/me, store vars with user info needed, and then execute that patch step you want on that vars
-
and by the way I would make you registration process with one api call if it would be mine app, if only there is more to it besides what you described. I would collect all user inputs in vars and then send a single call to create that user and fill all data collected
-
For your first part, are you able to expand upon that more? I am a bit new to this, so I am unsure if I am following along correctly.
For the second part of doing the registration with one api call, I set that up, and on the Xano side I am able to send information but it does not seem to work when I use the api call on the front end. This is what I am getting from Xano as shown in userid 44, but userid 45 is missing the last two columns of data.
Is there an issue with the way I set this up or would this be a frontend issue with Draftbit?
-
from your images all i can tell that if that two fields are missing than its because of bad inputs. your full intentions as well as data used in call are unclear from your post.
-
I managed to set this up by creating another endpoint using PUT. My issue now is editing information I need, as PUT will set a value as null if it isn't edited. Is there a way around this?
-
sure, i have no idea what or why are you trying to do, but for example you could use if statements in your edit, and break it down to only edit fields you received in api call.
may be this will give you an idea, here is small part of mine stack, as you can tell by step numbers where i had to solve something alike, because for edit mine user can send or not either a single file for single file field, or a file or few to multifile field, or nothing except record name change, etc. So i just broke it down to editing specific field in several steps.
and then for example in step where i know user did send plan - i only edit that 1 field
and then as a later step outside of statements - i just edit record again - but only fields that always come for example.
As a result - only things really edited by user are altered in record. Not sure if thats a best way to do what i needed - but it works 100% as expected - so im good so far :D -
I see, I'll mess around with that then. Thank you!
Categories
- All Categories
- 53 ? Announcements
- 47 ? Releases
- 37 ? Welcome
- 983 ? Help! I'm a Noob
- 125 ? No-Code Front-Ends
- 633 ? Working with APIs
- 439 ? Transforming data
- 126 ? Connect Xano to ...
- 50 ?? Find an Expert
- 348 ❓Other questions
- 35 ? Security
- 22 ✂️ Snippets
- 19 ? Showcase
- 7 ?️ Xano Chatter
- 62 ? Video Tutorials
- 171 ? Request a feature
- 229 ? Report a Bug
- 19 ? Templates & Extensions
- 7 ? Feedback