I have a table in WPDataTables that is linked/sourced from a Formidable Forms table. It has a column with User ID. I can filter information so a user can only see data relating to their user ID (using %current_user_id% placeholder, but the user can easily delete that filter and reveal the data of all other users. How can I securely restrict the data so users can only see their data?
Regarding filtering a Formidable table for currently logged user ID ( to show only entries which that user submitted),
i will show an example workaround, and also how you can use CSS to hide the column filters if you wish to prevent users from "clearing the filter" and see other people's rows.
-
(I can see you already did this first part of applying the column predefined filter for the user id placeholder so you can skip this part and just go to the end where we show hiding the filter via CSS).
First we need to add a hidden Field in the Form to store the "user ID" information.
-
I will show you a working example for a table connected with Forminator Form,
but you can use absolutely the same principle for the table connected to a Formidable Form.
Here is my 'test example' with just a very basic Form and one Text field.
Since we already added that hidden "user ID" field in the Form,
i just added a couple of submissions.
The first one by my Admin user, which has user ID of 1;
then i log as another user, with user ID of 11, and add another submission.
By default, i have just left the field name without setting it up at the Form, and the table picks up this field as origin header of "hidden1".
We can change the Displayed Header name to anything, i name it "user ID",
and of course, you can hide that column from front-end users if needed, i just left it for demonstration purpose.
-
We will explain how you can use this user ID field to pre-filter the table for front-end users,
and also you can hide the filter with CSS - to prevent any user to "clear the filter" in order to see everyone's subbmisions.
-
This is a detailed example of using an Excel table - but you can use absolutely the same principle/logic for table linked with your Forminator Form.
- On this Excel, we added a custom "user_id" column on the source Excel side, which you can hide if needed in our plugin from the front-end. ( On your Form, you will already have that hidden user ID field as mentioned above);
We will add a predefined filter value to that column, using a PlaceHolder "Current User ID";
- Check that the filter type is set as "Text", as shown on this screenshot.
- Here is how an example table linked to a source file looks before we make any changes, with visible filters above the table.
And now, when we set the pre-filter, with Administrator logged in ( In our case, the user ID is 1), we only see rows matching that user ID.
- The user_ID filter is still visible, which means, if someone changes/deletes this value, they could see the whole table.
We will hide it from the front-end with some custom CSS added in the "Customize" section of the main table settings.
- It should be easy to do, depending on your knowledge of HTML and CSS.
You have to find the correct selector using the browser inspector tool, add the style "display:none" property to it, and it will disappear from the front-end.
On our example table, the custom CSS is :
#table_1_5_filter_sections {
display:none;
}
- Now, the user_ID filter is gone from the front-end.
- Optionally, you can hide the user_id column from the front-end, if needed, either using the column settings tab or the "column list" button from the back end Admin area.
- If you need more details about this, don't hesitate to contact us further.
Hi Milos, thank you for the detailed reply. I believe I have successfully implemented your suggested solution and will do some further testing.
Can you please confirm that I also need to hide the 'clear filters' button and that if the user wishes to clear all the filters, they will need to do so one by one? This is still an acceptable outcome, but I just wish to make sure my understanding is correct.
You're welcome, I am glad the workaround helps for your use case.
In regards to the 'clear filters, button, you are right, for this to work, it needs to be disabled on the filtering options, because if it is enabled and a user clicks it, that clears all the filters including the 'hidden user id filter' so it is the necessary last step of this workaround for us to prevent the user seeing all the data.
The users in that case need to clear each column filter individually, as you wrote.
Test it out and let us know how it goes and if any additional questions come up.
I have a table in WPDataTables that is linked/sourced from a Formidable Forms table. It has a column with User ID. I can filter information so a user can only see data relating to their user ID (using %current_user_id% placeholder, but the user can easily delete that filter and reveal the data of all other users. How can I securely restrict the data so users can only see their data?
Hello,
Regarding filtering a Formidable table for currently logged user ID ( to show only entries which that user submitted),
i will show an example workaround, and also how you can use CSS to hide the column filters if you wish to prevent users from "clearing the filter" and see other people's rows.
-
(I can see you already did this first part of applying the column predefined filter for the user id placeholder so you can skip this part and just go to the end where we show hiding the filter via CSS).
First we need to add a hidden Field in the Form to store the "user ID" information.
-
I will show you a working example for a table connected with Forminator Form,
but you can use absolutely the same principle for the table connected to a Formidable Form.
Here is my 'test example' with just a very basic Form and one Text field.
Since we already added that hidden "user ID" field in the Form,
i just added a couple of submissions.
The first one by my Admin user, which has user ID of 1;
then i log as another user, with user ID of 11, and add another submission.
By default, i have just left the field name without setting it up at the Form, and the table picks up this field as origin header of "hidden1".
We can change the Displayed Header name to anything, i name it "user ID",
and of course, you can hide that column from front-end users if needed, i just left it for demonstration purpose.
-
We will explain how you can use this user ID field to pre-filter the table for front-end users,
and also you can hide the filter with CSS - to prevent any user to "clear the filter" in order to see everyone's subbmisions.
-
This is a detailed example of using an Excel table - but you can use absolutely the same principle/logic for table linked with your Forminator Form.
- On this Excel, we added a custom "user_id" column on the source Excel side, which you can hide if needed in our plugin from the front-end. ( On your Form, you will already have that hidden user ID field as mentioned above);
We will add a predefined filter value to that column, using a PlaceHolder "Current User ID";
- Check that the filter type is set as "Text", as shown on this screenshot.
- Here is how an example table linked to a source file looks before we make any changes, with visible filters above the table.
And now, when we set the pre-filter, with Administrator logged in ( In our case, the user ID is 1), we only see rows matching that user ID.
- (If you need more detailed information about using Place Holders in wpDataTables, here is our documentation about that https://wpdatatables.com/documentation/table-features/using-placeholders/);
2. Hiding the filter via CSS
- The user_ID filter is still visible, which means, if someone changes/deletes this value, they could see the whole table.
We will hide it from the front-end with some custom CSS added in the "Customize" section of the main table settings.
- It should be easy to do, depending on your knowledge of HTML and CSS.
You have to find the correct selector using the browser inspector tool, add the style "display:none" property to it, and it will disappear from the front-end.
On our example table, the custom CSS is :
#table_1_5_filter_sections { display:none; }- Now, the user_ID filter is gone from the front-end.
- Optionally, you can hide the user_id column from the front-end, if needed, either using the column settings tab or the "column list" button from the back end Admin area.
- If you need more details about this, don't hesitate to contact us further.
Let us know if that works for your use case.
Kind Regards,
Miloš Jovanović
[email protected]
Rate my support
Try our FREE mapping plugin! MapSVG - easy Google maps, interactive SVG maps and floor plans, choropleth maps and much more - https://wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Hi Milos, thank you for the detailed reply. I believe I have successfully implemented your suggested solution and will do some further testing.
Can you please confirm that I also need to hide the 'clear filters' button and that if the user wishes to clear all the filters, they will need to do so one by one? This is still an acceptable outcome, but I just wish to make sure my understanding is correct.
Thanks again.
Brett
Hi Brett,
You're welcome, I am glad the workaround helps for your use case.
In regards to the 'clear filters, button, you are right, for this to work, it needs to be disabled on the filtering options, because if it is enabled and a user clicks it, that clears all the filters including the 'hidden user id filter' so it is the necessary last step of this workaround for us to prevent the user seeing all the data.
The users in that case need to clear each column filter individually, as you wrote.
Test it out and let us know how it goes and if any additional questions come up.
Thank you.
Kind Regards,
Miloš Jovanović
[email protected]
Rate my support
Try our FREE mapping plugin! MapSVG - easy Google maps, interactive SVG maps and floor plans, choropleth maps and much more - https://wordpress.org/plugins/mapsvg-lite-interactive-vector-maps/
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables
Thanks Milos, it now does exactly what I need it to do regarding protecting data.
I have another challenged that I need to solve and I've exhausted all options I can think of. I'll raise a new ticket for that one.
Thanks again :)
Brett
Hey Brett.
I'm glad to hear Milos was able to assist you here. He's out of the office, so I'll jump in and close this ticket.
I'll respond to your other ticket as soon as I reach it.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables