Hi, I’ve currently run into a small issue that I’m not sure how to get around. Here’s the scenario, let’s say a user creates a data object called post, I don’t want this to immediately be available to users so the post has a boolean for whether or not it has been approved by a moderator. The issue with this is that the user that created the post would be able to mark it as approved themselves because from what I can tell the Backendless panel permissions only allows rules for a type of object and not a variable within this object. Is this possible within the panel, or is it something I will need to add in myself by denying certain requests with Custom Business Logic?
Hi, Benjamin,
Unfortunately, we don’t have such kind of permissions for a variable inside a table row.
For your case, I would suggest one of the following:
- define a before event handler for table Posts and check whether the user has set the "approved" variable to true; if yes, throw an exception telling that this is not allowed;
save user’s posts initially in some other table, like UnapprovedPosts, and after the moderator checks them, move to table Posts.