Hi all, I have yet another task I am trying to accomplish using triggered emails. On my site, visitors can fill out a form with a lot of personal data. This data is fairly in-depth given the nature of the company that it is for. I utizlized session data to collect this information, and when the user finishes all the form sections, they will be taken to a "pdf look-a-like" page which displays all of the previously entered data using the session storage. This screen also was to allow edits to be made given that there is lots of info, so I really wanted to provide this option. These inputs on this fake pdf page also are connected to session data so that I can store any changed info as well. I know there is a way to just override current session data, but this worked fine for me and was less complicated for me to apply. Once the data is reviewed, this page also has a submit button, which will send the info to a "submissions database." Also when clicked the user is directed to another pdf look a like page which calls all the session data from the previous page, ensuring it is the correct info, and it is then displayed on this page as write only. This page also contains an iframe that acts as a print/save pdf button. It utilizes the post message feature, and natural html and @media css properties to open a custom print page that displays the entered session data. (I will be making a post on how I did this in case anyone is interested, I'm new to this stuff and it took me a long time to figure out a free pdf work around with out getting into apis). Finally clicking that submit button will send two emails. One using the natural wix email trigger function to send a confirmation email to the person who submitted the form, and another uses nodemailer to send an email to people in the company so they are alerted on new form submissions.
In each of these emails I want there to be a dynamic link that when clicked will take you to a dynamic page that this time is populated by the info but that info was actually submitted to the database. My issue is that I want to ensure the security of this info. Since the user who filled out the form is just a "visitor" I can't find an easy way to ensure that only that person can see it. Is there a way to let wix know that this visitor is coming from a emailed link to grant them permission to see the data? If not, I've tried to wrap my head around essentially using the submitted form as a type of registration method, and making these users just a "submissions" member and using a session token confirm email. Essentially making their "my-account" page just the "pdf look-a-like" with the info they submitted. Not sure if that's ethical though. These people would only be perspective clients, and I don't want to force them to be a site member. Are there temporary access tokens I can use? I feel like this can be done, but I can't figure it out. I understand this stuff when seeing it directly applied, but applying it across uses has been tough.
Finally, and I'm sure this is easier, I'd like to give access to members that are employees of the company. They have specific roles and I assume I'll just be able to add a link that checks if the current user role is equal to their role and if not redirecting them to a page that says "sorry you do not have permission to view."
If anyone can help me with this that'd be amazing.