User specific content

问题

I'm new to Backand and the backend field overall, and I need some enlightenment. Basically I'm trying to make an application where users can register and sign in. While the user is signed in he can create simple things, for example a to-do list. The to-do list is then saved on the database and can only be viewed on the page by the user who created it.

So far there is a function for signing up, logging in and create/post items. The current user authentications are basically like in the examples:

var signin = function (username, password) {
    return Backand.signin(username, password)
        .then(function (response) {
            return response;
        });
};   

var signUp = function (user) {
    return $http({
        method: 'POST',
        url: 'https://api.backand.com/1/user/signup',
        headers: {
            'SignUpToken': "#####"
        },
        data: user
    });
};

While the function for posting items is just something like this, and then a GET request to get it on the webpage.

var addList = function (title, comment) {
    return $http({
        method: 'POST',
        url: "https://api.backand.com/1/objects/lists",
        headers: {
            'Content-Type': 'application/json'
        },
        data: {
            title: title,
            comment: comment
        }
    });
};

Now i need the items created only to be viewed by the user who created it (while logged in). So the question is, how do I do this? What is the next step? Are there any tutorials/documentation for achieving this? I'm kind of stuck so any help is appreciated! :)

回答1:

Backand has a simple solution for that

1. On Backand panel go to Objects >> To-dos >> Security
2. Under the Pre-defined Filter you'll see a wizard to create a nosql or sql filter. Its initial state is ready for generating the exact filter which you described, just go over it see if its true or make changes and then click 'Get Code'
3. click Validate & Update, if there are no errors, approve the message and your are set to go

It should look something like this

{
  "$or": [
    {
      "'{{sys::role}}'": "'Admin'"
    },
    {
      "user": {
        "$in": {
          "object": "users",
          "q": {
            "email": {
              "$eq": "'{{sys::username}}'"
            }
          },
          "fields": [
            "id"
          ]
        }
      }
    }
  ]
}

Or an sql version:

( 'Admin' = '{{sys::role}}') or (`items`.`user` in (select `users`.`id` from `users` where `users`.`email` = '{{sys::username}}'))

来源：https://stackoverflow.com/questions/38093198/user-specific-content