through different posts by @JackVaughan, @Mark on security aspects and replies to some of my previous questions by @Jeff_Hager, @ThinhDinh I have learned a lot about how apps handle data and how “visible” even invisible and filtered data can be. Thank you.
But yet I haven’t found a reliable solution for my market place prototype, which will be a public with email-sign in app.
The case is simple: a seller S offers some products for approx a week and a customer C orders them and then goes and picks up in person and pays for. There is no purchase involved in the app so far.
The problems I want to solve/avoid:
- after a product is ordered this product row should only be visible to S and C. Only if the order is canceled all Cs should see it again.
- if this is the case, I keep the sheet size (row count) low which is transferred to the app while searching for products, which is a must if the whole app should be usable after some time.
- if point 1 is the case, no one can Inspect the whole list of all previous products, orders, etc and back engineer the activity and ‘turnover’ of individual S and C.
First I was assuming that rows with empty row owner columns are visible to everyone.
Hence I tried a row owner array which could be filled by the emails of S and C through the order action process.
But this doesn’t work, as then all other Cs wouldn’t see the available products any more.
Is there a way to populate the row owner array with some role information (e.g. ‘customer’) so that all Cs could see the avail. products?
If not, what would be the best solution to avoid points 2 and 3.
Any thoughts? Thanks in advance.