update permission = "Site member author"

Discussion Ask a question
, ,
1

has anyone had issue with this?
I have a collection with the following permission:
read: Site member
create: Site member
update: Site member author
delete: Admin

As admin obviously I have no issues doing any of the above.
Our users on the other hand can read and create without problems. But are unable to update (get WD_PERMISSION_DENIED).
The create and update are both done with bulk operations.
I’ve tried bulkSave (didn’t work).
split it into bulkUpdate and bulkInsert (the insert works, but update fails).

I’ve manually checked the owners on sample records to make sure the owner is the member’s ID in Members/PrivateMembersData, so they are the rightful owners. But still cannot update.

I talked to Wix support and confusingly they recommended I set the update permission to “Site member”, which will not do for me as this will allow 1 member to change another member’s data.

Is it that I cannot use bulkUpdate? (I’m going to try that next).
Does anyone know any caveats with using this permission?

Please advise.

Thanks,
Charlie

PS: on a similar subject, what is the recommended way to test these permission issues before publishing the site? Obviously this issue couldn’t possibly shown up in preview.

2

Have a look at the Wix Members app collection - Members/PrivateMembersData.
It is read only.
https://support.wix.com/en/article/corvid-wix-members-privatemembersdata-collection-fields

If you are wanting to do something similar yourself then you need to be looking at something along the lines of this tutorial here for member profile.
https://support.wix.com/en/article/corvid-tutorial-building-your-own-members-area

You can do it without code by using the Wix Members app and the My Account page as shown here.
https://support.wix.com/en/article/adding-a-members-area-to-your-site

3

I’ve confirmed that the custom permission scheme I described will not work with bulk operations.
Quoting from the API reference for bulkUpdate
The bulkUpdate() function returns a Promise that resolves after the items have been updated in the specified collection. The Promise is rejected if the current user does not have update permissions for the collection.
I take this to mean the “Site member author” would need to have update permissions for the whole collection (not just for the records the member authored) for the bulkUpdate to work.
I changed the code to submit a series of individual updates instead of bulk, and now it works.