I have two types of users 1- Patient and 2-Staff.
I have already assigned Staff role to a user while Patient is a standard user.
Now current problem is a patient can see prescriptions created by other users (patients).
- How can i limit Authenticated User to see only his created prescriptions.
- While i also want Staff based User to see all the prescriptions created by other patients. (I have already applied this role, but i dont know how to enforce this restriction)
I assume you have a different registration point for Staff users in your app, that is a Patient and a Staff member would be using different registration forms. When a Staff member signs up to use your app, you need to assign the Staff role to that user. Role assignment must be done in the server-side code. The best place to do it is in the “AfterRegister” event. You’d have two custom roles in the app (Patient and Staff). Permission access for the roles would be defined using Backendless console. A user who belongs to a specific role inherits all the permissions granted/rejected to the role.
Hope this helps.
Sorry for a mistake, i updated my question please check it.
In short, Currently authenticated role is able to see data created by other users, i want to limit to see data which is created by himself.
I also have applied Staff role to a different user, and here i want to see all the data created by all other users.
How can i achieve that
Thanks, thats exactly what i was looking for