Question

Can edit and delete only when user is admin or they created their own object

0

I have 2 type user 1.Adminstrator 2.Staff My logic in microflow to check that is Is userrole are admin or owner =current user so can edit and cancel status from booked to cancelled . But it always return true no matter what userrole i use.

asked 2023-04-24

Teetach Koomkaimuk

2 answers

Rishabh Shandilya · Answer 1 · 2023-04-25

Hi Teetach,

what you can do is, you can apply different Entity access rules for different user roles,

First make sure that you have check the Store Owner option in system members in Entity properties,

Now for the Staff role, you can write the XPath constrains for ‘Path to User’

and for Admin you can create other security rule, without any XPath.

Let me know, if you have any issues.

Hope it helps!!

Kirtti Azad Sahoo · Answer 2 · 2023-04-24

you are trying to restrict the ability to edit or cancel a booking based on the user's role. Specifically, only users with the "Administrator" or "Owner" role should be able to perform these actions.

To implement this restriction, you could add a conditional check to your microflow or nanoflow that handles the editing or cancelling of the booking. Make sure to test your microflow or nanoflow with different user roles to ensure that the restriction is working as intended.