Data source security: show subset of data within LFD

We have launched a new querying feature which can enhance the security of your data source. It will allow querying and filtering of your requests from an LFD.

When should I use this?
You should use this when you have an LFD displaying data and it needs to only show some subset of data for the logged in user. This is especially true is if you have all your users data in one data source and you want to make sure one user cannot query/see data for another user.

There are 2 parts to this, one configuration of a DS security rule and some code that needs to be added to the screen JS of the page with the LFD.

This rule shows that users will only see their own entries. The server will only return the logged in users data.

Equals

You also need this code snippet so the LFD can execute this query:

Fliplet.Hooks.on('flListDataBeforeGetData', function(options) {
  return Fliplet.User.getCachedSession().then(function(session) {
    var user = _.get(session, 'entries.dataSource.data');
    options.config.dataQuery = {
      where: {
        Email: user.Email 
      }
    };
  });
});

If you want to use some other property other than Email to the filter the data. Then you will need to change this in the in the DS security rule for e.g. if you want to only filter by the logged in users Department then you need to change all the Email references in the DS security rule and in the code above where it says ‘Email’

Contains

The DS security rule also has contains option which supports a comma separated list in the DS.

If you use this option then you need to change the code slightly to use a new query operator (iLike).

Fliplet.Hooks.on('flListDataBeforeGetData', function(options) {
  return Fliplet.User.getCachedSession().then(function(session) {
    var user = _.get(session, 'entries.dataSource.data');
    options.config.dataQuery = {
      where: {
        Email: { $iLike: user.Email }
      }
    };
  });
});

Note: this is a backend filtering mechanism so the server will only send entries which the user is allowed to see. This will make sure that your screen loads faster as it does not need to process unnecessary data so it is highly recommended you use this when possible.

2 Likes