Scenario: App service for store owners to create e-coupons
Types of users:
- Each store owner can create “coupons”
- Each coupon has a “coupon code” associated with it and in order for the consumer to be able to redeem the coupon they must simply log into the app and then enter a valid coupon code
- Upon putting in a valid coupon code they will then see the coupon redemption details
- I don’t want anyone sniffing the data and seeing all possible coupons - only the ones they have entered codes for
- I want store owners to only see their coupon codes, stats on viewed, and who redeemed them
- I do not want this to be a “private app” using roles - just normal pro level
I know this has to do with Row owners and want to avoid filtering scheme, but not sure how to pull this off.
Here is what I am thinking for the table structure
- users - email column as row owner, role column (controlled externally) to indicate they are store owner or consumer
- coupons - owner column as row owner for “store owner user”
- coupon stats - owner column as row owner for “store owner user”
- coupon redemption details - owner column as row owner for “store owner user”, need a way for dynamic consumers also be able to see this
- consumer redemptions - row owner column as the consumer, column to indicate valid (invalid ones get cleaned up, or user is blocked after so many attempts to prevent abuse)
How do I protect the list of valid codes?
How do check if a consumer enters valid code?
How do I protect the redemption details rows by only allowing consumers who have provided the correct code to be able to see the details?
How do I get the store owner to see who has redeemed the codes?
Thanks in advance - this community is awesome at sharing ideas.