Section 6 (Lesson 8/9): In this lesson, we’ll revisit our privacy rules. We need to make sure job applications can only be accessed by the company who posted the job and candidate who applied to the job.

You’ll learn about:

Resources folder: ➡ https://e6387a14ba6d0bf3e823090f8d959...

Bubble editor: ➡ https://bubble.io/page?type=page&name...

We've added quite a few new fields, even a new data type, and we need to add our privacy rules. There's a bit more involved in these now because we've got multiple stakeholders needing to access the same data. Let's have a look.

All right, let's head over to the Data tab and Privacy sub-tab. And we need a new rule for Application. We're going to define a new rule. This will be called "Candidate". I'm going to create. And this rule is going to enable the candidates to basically see all of their application data.

So if "This Application's Candidate is Current User", meaning if I am a candidate on this Application, then basically I get access to everything. And for everyone else, this is 100% private. It shouldn't be seen by anyone else but the company representative, which we're doing now. But nothing should be public here. This is private information, internal.

Let's add a new rule. I'm going to call this "Company access" because it's created by the candidate, but the company needs some access. Let's say "This Application's Company is Current User's Company". So you can see how we're matching two of the same data types here. Here is a data type attached to an Application; it's called "Company". Here is a data type attached to a User; it's called "Company". And if this condition for company access is true, then yeah, they can view all fields, find and searches, and view attached files. And they need to be able to view attached files because we have a PDF that they need to be able to download. And we're going to actually be logging in as Hana and testing this process in the next section.

Now, there is something else we need to do here because if we look at the User data type, currently we have User's own data. When "This User is Current User", meaning when a user is looking at their own data on the screen, they can see everything. And other people, well, they might be able to see the avatar, maybe that's public.

But what about a Company? Because when it comes to the next section, Hana needs to be able to look at these Applications and look at who this person is. Who is Peter Hudson? So a Company needs access, okay? But not all companies, just the company that Peter applied to, only them! So we need to think of a way to be able to enable this through privacy rules.

I've got an idea. Let's go to the data type for a User. And let's do this, let's create a new field. Let's type the word "Applied companies," Meaning the User has applied to this Company. And this is going to be a Company, but a list. A List. And the way we're going to use this is whichever company or whichever job that Peter has applied to, maybe they are 10, he's only going to allow those jobs' companies' representatives to be able to see his personal data - some of it, not all of it. And that's how we make sure that this is secure, okay? So no other companies can see it, only the ones that Peter allows people to see through the process of submitting an Application.

And I'm going to click on this little speech bubble because I want to add some notes here: "This allows companies to access candidate data that the candidate has applied to". And you can see the speech bubble has changed to filled.

So let's go back to Privacy and let's go down to the User data type. Let's also define a rule that says "Company access". Let's go ahead and create. Now we're going to say this "This User's Applied companies contains Current User's Company". So again, we're doing a Company data type match with a Company data type match. In this instance, it's a list. If this List matches the Current User's Company or the Current User's Company's in this List via "contains," then they shouldn't be able to view fields, but they should be able to find in searches and view attached files, which is a CV. So we're going to check "About", we're going to check "Location," so this is in terms of what Can Hana see about Peter. We're going to check "Email" so they can email each other. "Name first," "Avatar," "Name last," and I think that's all we need for now.

And in terms of the actual CV, they will get it from this one here, Company access in the Application data type's privacy rules: "This Application's Company's is Current User". And they can view attached files to get the CV. Unchecked all the rest for the "Everyone else" permissions. And on the User, unchecked for "Everyone else" is most of them. I've got the User's "Avatar" checked here, I'm not too sure why. I'm going to leave it for now and think about that.

Okay, so let's go ahead and I'm going to go to the scratchpad page. I'm going to preview. Yeah, and I'm still logged in as Peter. So now we're going to go to the search page. Okay, so obviously we didn't finish this off. Let's just go to the navbar quickly before we do this.

I'm going to open up Navbar in the reusable elements section. I'm going to double-click on Group Buttons. Let's look at this expression then on the Conditional tab: "Current page width < Tablet (992 px)". That's when we hide it. But I also want to hide it and add, "or Current User is logged in". It's also when I want to hide it.

And on the Group User, we're saying that if "Current page width >= Tablet (992 px) and Current User is logged in," that's when this is visible. Now for refresh. There we go. We still need to build a little menu here, which we'll do in the next section.

Okay, so let's apply it to a job! Now, it needs to be an Orbit job. It needs to be an Orbit job because we're going to be using Hana as a company example. So let's use the No-code developer. We're not going to see much here, that's okay. And let's click on "Apply". All right, cover notes. I'm just going to say "This is a cover note from Peter". Now I'm going to click on Next. Great. Attach a CV. So jump into the resources folder, go find Peter Hudson's CV. Let's have a look. There goes the progress bar. You can also see that the next step has been engaged, so let's go ahead and press "Submit application".

Okay, I didn't actually see the confirmation, the little alert. Let's go look at the database, first of all. Let's go to Applications. There is our Application: Peter, Cover note, Job title. Here is the CV, so we can see the CV. All right, there it is. Company name is Orbit. There's the company. Status is Pending, and here's the job. And we can actually change the search field for the job to say, please show me the title instead of the unique ID, "No-code developer". If you didn't have the No-code developer one, feel free to do any job by Orbit, basically. All right, let's save that.

So now let's go to... we still don't have our internal navigation, so let's go to the candidate page and let's click on "Applications". And there we go, guys. Here's our first Application! So we applied to Orbit for the No-code developer title. It was a full-time job with a starting salary of $75,000. The current status is Pending. And I applied on April 1st, which it is today. And if I click on this (the arrow icon), off it takes me back to the job.

Okay, we did it! We made an Application, file is private, all the data worked out really well for us. There are a few things to still do in this section, we're almost end, and I'll see you in the next lesson.