Section 4 (Lesson 10/10): In this lesson, we’ll be expanding our privacy rules to accommodate for the new job and company fields, ensuring that our sensitive data is secure and our public-facing data is accessible.

In summary, you’ll learn:

Resources folder: ➡ https://e6387a14ba6d0bf3e823090f8d959...

Bubble editor: ➡ https://bubble.io/page?type=page&name...

We're just going to spend a few minutes updating our privacy rules because we have some unprotected data types. We always need to set a rule to begin with because remember, these rules allow data to come back from the server. We need to do that.

All right, so head over to the Data tab and Privacy section, please. Let's define a new rule for type Job. This one will say "Company," because when we define a condition, the condition we're defining is in relation to the company. If the Current User's Company matches the Job's Company, well, then we know that they are the creator or they should probably need to see all of the fields.

Okay, and the first thing I'm going to do is for everyone else, I'm going to uncheck "View all fields." Let's look at the options we have here. So we can start with "This Job." So the match we're trying to make is a Job which has a Company field and a User which has a Company field. If those two match, then they can see all data, and everyone else, we need to decide what they should see because they're probably not from the Company that created this job.

So "This Job's Company is Current User's Company," and if it turns to blue, that means this expression makes sense and will work. So when that is true, we're allowing them to view all fields, find in searches, everything. They created the data, they are the data owners. But always make sure to uncheck "View all fields" for everyone else (default permissions) to begin with.

But most of the stuff you do want users to be able to see. We want to see which company has posted this job, where the job is located, when the job was posted, the description, the salary, expiry date, the term, the slug - very important, the slug! Okay, we don't need to know this (the Live), but we can check Title.

Now, we haven't finished setting up all of the fields for Job. We might have other fields, such as internal notes. Later on, we're going to have another a data type called an Application that's going to be linked to this. We don't want those to be public. But it's good just to start setting up your rules so we have some.

What about a Company? Let's name a new rule "Employee" on the Company Privacy tab. And it'll be "When This Company's Employees contains Current User." Okay, and this makes sense because "Employees" is a list of users and we're saying "contains" - which is a yes/no - "Current User." So I'm Hana, I'm holding the mouse, I'm the Current User. I'm looking at some Company data. If that Company data, if I'm an employee on that Company data type in that Employees field, then I can see all this stuff. Everyone else, we decide what they need to see. So for everyone else, uncheck "View all fields," and for now, we can check Name, Description, Location, Logo, and Slug. But, there will be more fields coming, and some of them will be more private.

Okay, I feel good about that! We've started on our privacy rules. We have a rule set for each data type, and we'll continue to configure and pad these rules out as we continue to build the app. I hope you enjoyed this section, guys, and I'll see you in the next one.