Closed mjashanks closed 11 months ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity.
This issue has been automatically marked as stale because it has not had recent activity.
The
Users
table has the option toManage Roles
, just like any other table.This works. When I set
Read = Power
and try to access asBasic
, I am prevented.However, it seems like every app makes an initial call to
/api/row/ta_users
- presumably so it can be used for enriching users bindings? This causes an error on in the app, if Read access is restricted on the user table.So, currently, it makes no sense to be able to restrict read access to the user table.
However, I do think that it makes sense for every logged in user to have a list of all the other users in the app. It would also be nice to restrict access to the user table, to stop everyone from seeing other user meta-data (i.e. custom columns).
I suggest that we have 2 separate endpoints:
GET /api/rows/ta_users
- which should work as is, no changes. gives the ability for allowed users to see the whole table.GET /api/users
- which every logged in user has access to. This only returns a static set of fields - e.g.FirstName
,LastName
,_id
and maybeEmail
. The client lib should call this one by default. I get that this may also have repercussions forCurrent User.Relationship
things.Originally from discussion: https://github.com/Budibase/budibase/discussions/3368#discussioncomment-1658137
BUDI-7623