Templates Plugins Courses

Memberships Template - Privacy Roles


#1

Hi there,

So the whole point of the website is for users to pay to see exclusive posts.

However there are no privacy roles for posts, so anyone can see everything without paying!

image

In my own app, I made it so you can have multiple tiers attached to a post. So it seems to be hard/impossible to make a privacy role condition with that since they are so limited.

image

Any ideas?


#2

it’s not complicated to create those privacy rules, simply adding “when this user’s plan or this user’s paid status is yes” or something like that, then you check the boxes that the user can access
also, you can set restrictions on the page level with workflows
Let’s say the workflow can have a condition to the above when current user’s plan is free then navigate to pricing page. In this case the non-paid user would not be able to see the page’s content even if the privacy rules are not set
makes sense?


#3

I’m not sure I understand, of course eveything is set up in the app, but I’m talking about privacy roles.

From the manual: https://manual.bubble.is/working-with-data/privacy-and-security.html

Until you set privacy roles, all data created by your users or yourself can be read by anyone. Anyone with some programming skills can view all your app’s data, even if there isn’t a page in your app that explicitly shows the data to users. That’s where privacy roles are important, they guarantee data is only shown to people to meet some criteria. Privacy rules are enforced on the server, which makes them secure.

When you create a new app, all data is open to the public. This is appropriate for things such as comments on a blog, where you want to share it with the world. However, many apps involve users submitting information that you don’t want to share with the world, such as their names and emails, or comments meant only for people they already know. Privacy rules are the tool Bubble gives you to protect that information and make sure it is safe. If you haven’t explicitly created privacy rules for a given thing, then the data is not secure.


#4

privacy roles is an additional security, it is recommended to have it, but by default we don’t build those in the templates


#5

Well that is quite a security flaw in your apps don’t you think. If you were to add it here, how would you do it?


#6

we will be improving the templates over time and gradually adding privacy configurations. It’s not very complex to enable these rules so users can enable those themselves.
It’s not easy to explain with a few words here, but I gave a short example in my previous message above.


#7

Problem is when you try to set privacy rules, the conditions are so limiting, not anything like normal bubble conditions. Maybe you can task your team to try and figure out a solution.


#8

Sorry Marcus,
we don’t capacity for this right now. Why is it limiting? For example you can add a field to users table and call it “paying” yes/no - And then set the condition if the user’s paying is yes, then they have access, if not they don’t.
it’s really not that complicated


#9

and we have a short video on privacy in this course that you might want to check out (lesson 5)


#10

I feel like I should take security and integrity seriously for my website and users.

Anyone with some programming skills can view all your app’s data

How hard is it for someone to “hack” the database data that does not have privacy roles?