Condition Visibility in logging in

Linda_Sigei · September 28, 2023, 5:35am

Hi , I’m creating a portal using webflow and I import data from excel called transactions to my Transactions CMS . So this transactions all have unique member IDs . I want a user to log in and go to tasks page (static page with a collection list element of transactions) where they’ll only see transactions that have their unique member ID

memetican · September 28, 2023, 5:55am

Hi Linda, Webflow User Accounts and the CMS aren’t really designed to support applications. You’re going to need to build a lot of infrastructure to wire this together and even then, you’ll face security and maybe stability issues.

Without knowing more, I’d say you’re trying to build an application functionality that would be much easier to build and maintain on Wized + Xano, so that you can manage and delivery your data securely, and integrate it easily into your Webflow hosted site.

That said, I’ve build some tools that help devs who really want to use User Accounts. It allows you to access user info in script and therefore do data-binding and 3rd party integrations. However the Webflow UserID is the one thing we cannot get client side. You’ll need to store that, or a custom ID in custom user fields, or else use our Alt ID for integration.

Overall for an app like this, be prepared for a lot of JS work, and possibly some external automations to help you with data manipulation.

memetican · September 28, 2023, 6:03am

Ah regarding your approach question though, the way I’ve built this in the past is as follows;

Create a custom user data field for your ID
Populate it manually, or via automation, with either the Webflow User ID or whatever external User ID you want
Use and setup SA5 User Info to access those fields
Create a Users CMS table, containing all of your Users. the User ID you’re using should be the slug of those records.
Store your data in the CMS, single-ref bound to the Users table.
Build out your Users collection page, so that it lists all of the related data you want.
Secure the Users collection page so that it can only be access by people you’ve assigned a special access group to, when verified. It’s now secure from the public.
In your system, when a user is logged in, provide a menu item that navigates the user to their own special info page, e.g. /users/lkh23o4lsj, which contains their data

End result is;

Data is mostly secure from the public. Those pages are not in the sitemap, or site search, and cannot be access by Google or by non-logged in users.
Logged in users cannot access that access group as long as you have not automatically assigned it to new user accounts.

However, your authorized users can see each others data IF they can figure out each other’s user ID’s. It’s obscure, but not secure.

Linda_Sigei · September 28, 2023, 6:10am

I’m using Memberstack for authentication and they give a member ID . Does this change anything?

memetican · September 28, 2023, 6:27am

Hahaha it might have helped to mention that.
Yes it changes a number of things;

Memberstack makes accessing the ID and other user info much more accessible, so you won’t need the SA5 user info lib
You unfortunately won’t get server-side gating on your CMS data, which means you cannot fully protect it from people who are determined to pry. But Memberstack recently added an app integration which @Julian_Galluzzo indicated has some server side gating capabilities, so you might be able to protect your CMS transactions data with that new setup. I’d look into that in their app docs to see what’s possible.
Everything else is probably more or less the same with the setup, except any server-side security, access groups, etc. will be a Memberstack based approach.
Memberstack has some nice user dashboard builds you may like, that you can clone. Check their cloneables, tutorials and demo projects- Memberstack is super active in solutions building on Webflow.

Linda_Sigei · September 28, 2023, 6:42am

My bad .

How can I then filter the data from logged in users so that they only see transactions that “belong”(each transaction has a user ID field) to them ?

Julian_Galluzzo · September 28, 2023, 6:52am

Hey Linda, and thanks for the mention @memetican !

Regarding your question Linda, we have made a free CRM template which filters CMS items by the person who created them using some javascript - you can clone it here.

Bear in mind that this is client-side filtering - so, like @memetican said, someone who is extremely determined to access the rest of the CMS items can possibly do so.

Usually, this doesnt matter as you are filtering for experience rather than for data privacy.

However, if you do need it to be very secure, I would recommend one of the following solutions:

Use our Hosted Content feature - there are a lot of ways you can use this, but the content is loaded BY Memberstack, so the only way to get it is by having the correct access level.
Member JSON - This is also stored in Memberstack, so only that exact member will be able to get it. This is best for private member info which should not be public anywhere. We have a bunch of premade scripts for storing and accessing member JSON which you can check out here.

Hope this helps!