Consider an action called "Update Profile" on "User" module where logged in users are only allowed to update their records. In this situation we cannot use group based permission where access is based on the permissions granted to them. Here the security is based on the content. In this situation we can use filters in action.
Filters can be used for securing records based on ownership or based on state.
When we need to protect data based on ownership then we need to store the username with the data. For storing username with the data we need to add field with type Username in the module.
The next step is to store the username value to the username field in the module when creating an entry in the module. This can be done using the action set value options in PCG design for all the create actions.
The third step is to use the filters before performing other actions to check if the username field is matching with current username.
Some actions are allowed based on the current state of an entry. As an example without receiving the payment we cannot ship the order. This also can be achieved using filters. Even though any field types can be used for this purpose it is better to implement using the Dropdown type field.
Now after generating the code, user cannot perform the "Ship the Order" action until the "Process payment" action is performed.
Back to academy home