Problems when using entity acces restriction for anonymous user.

1
Hi all,   I  have a problem with my app with anonymous users. My flow lets the user fill out some information, watch instructions, do a test and plan a meet. Also a testscore is shown and a certificate can be downloaded or emailed.  All this worked untill I put some entity access restriction ([App.Entity_User='[%CurrentUser%]'] on the entity with the userdata.  Now the entity seems to 'disappear’ near the end of the flow; when the meet is planned and save is pressed. The save flow gets an empty inputparameter, but I am sure I am sending the entity.  The second problem is that the score is calculated in the attribute Percentage: round(($CountCorrectAnswers div $Questionnaire/NoOfQuestions) * 100), but not displayed anymore. The displayed testscore is the default value instead of the true score. The certificate can still be downloaded and emailed.  Does anyone know why this is not working anymore after the security adjustment and what I can do to solve it? 
asked
4 answers
2

Use non-persistent entities for your anonymous users.

Using those, you don't need to set xpath constraints, as they will never hit the database and objects only live inside the user session and cannot be accessed by other users. And thus XPath are not required.

 

When it is required to store the data for later purpose, copy the data from your non-persistent entity/ies into persistable entity/ies using a microflow. By default microflows bypass the entity access, which will allow anonymous user to create & write on persistable entities, without having create , read, write access to them. Your microflow is in control of how and when the data is written to the database. 

 

Note: Your non-persistent entity structure equals the persistable structure.

answered
3

Hey Evangeline,
    Can you show me the snapshot of the flow you are using.

answered
0

“All this worked untill I put some entity access restriction ([App.Entity_User='[%CurrentUser%]'] on the entity with the userdata.  Now the entity seems to 'disappear’ near the end of the flow; when the meet is planned and save is pressed. The save flow gets an empty inputparameter, but I am sure I am sending the entity. “

 

Are you setting the correct association in the flow? Since that is your only restriction it seems likely that this is the culprit.

 

 

answered
0

My gut feeling this is security related and that you do not have access to the object and hence the object is empty. So double check if you have the right access rules.

Regards,

Ronald

 

answered