Collection Permissions Settings & Security

In order to send an email to the seller of the item after purchase, I need to reference the email address in the user data(as shown in the above screenshot), and I need to set the Collection Permissions for viewing the email address in the user data to “Everyone”.

スクリーンショット 2023-10-24 12.56.02738×464 24.9 KB

However, this will allow anyone to retrieve the email address of the user data (e.g., browser validation mode allows everyone to view all user data), which may cause a security problem.
The security issue is an important incident for my service users.

So, how can I protect user data from external references (e.g. browser validation mode so that user data can only see their own data) and reference “Current User (to send an email to the seller of the item after purchase)”?
How can I do this?

I inquired on an Adalo ticket and was told it was possible, but they were too busy with other things to tell me how to implement it.

Thank you very much for your time, and we would appreciate it if you could enlighten us.

Hello @test,

As I remember Collections Permissions don’t apply when you’re using Collections API to get data. So you can try to access the email using this API.
If you’d like to isolate it from the browser, then you might want to create a multi-step process:

• have a list of users, with Email property restricted using collections permissions
  → you shouldn’t see them in the browser
• to get Current User email, send the request to some external platform (e.g. Make). Put an ID of a user into this request
• on that external platform (Make), run Adalo Get Record with this ID. You will get a full data for a user with this ID.
• send email using the recipient address from the previous step.

Hope this helps.

Best,
Victor.

@Victor
Thank you for your response!
I understand.
I will try to implement this using make.