cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Exit
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
  • 한국 커뮤니티
Locked
1
Upvote

Submitting web apps as someone else - BC Sandpile User Messaging

TheColourfulOwl
Participant ,
Oct 10, 2017 Oct 10, 2017

Hi all,

Recently the guys behind the BC Sandpile site did a webinar (view the youtube vid here) where they discuss the creation of the Sandpile site. One of the cool features they created, and mention during this webinar, is the user messaging tool. They mention that the way it works is when a user submits the new web app item, it's submitted as if it's the person of the profile your viewing. IE, if you're viewing my profile page when you submit the form, you'd actually be submitting it as if it's me.

Here's my question. How do you even submit a form as if it's another user?

My guess, is that you process the form via a json request altering the entityid of the current user, to that of the profile page.

Curious to hear what the more advanced developers out there think on this. And if it isn't a case of altering the entityid, i'm curious to hear how you think it's done.

Kind regards,

Nate C.

592
Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Liam Dilley
LEGEND , Oct 10, 2017 Oct 10, 2017

Not in a way I would say is secure or wise, and the things a few of us found we COULD do with the sandpile site for example...

I will just state how things work and you should be able to fill in the gaps Nate..

- Webapp item submission has a few options on the webapp

- Webapp item submission works when a logged in user submits the webapp item form.

- There have been guides on how you can submit a webapp item without logging in. This essentially runs a POST request or pre login request before submitt

...
Translate
replies 5 Replies 5
latest latest Jump to latest reply
Liam Dilley
LEGEND ,
Oct 10, 2017 Oct 10, 2017

Not in a way I would say is secure or wise, and the things a few of us found we COULD do with the sandpile site for example...

I will just state how things work and you should be able to fill in the gaps Nate..

- Webapp item submission has a few options on the webapp

- Webapp item submission works when a logged in user submits the webapp item form.

- There have been guides on how you can submit a webapp item without logging in. This essentially runs a POST request or pre login request before submitting the form over ajax methods. To do this there is normally an anonymous user with details that you use in the code to login with. If you want to display items as from different people it is just custom fields in the webapp items.

Now if you had another webapp detail view for a profile and you want to submit as them with knowing the above and what you stated with regards to entity id.

The other thing with you working out anything like this - Put the basic BC thing on a page or site. Look at the values in things like form actions, what they doing, how they rendered, how they change. In this case put the webapp item submission form on a page and look at the action.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Guest
Oct 10, 2017 Oct 10, 2017

If you can wait a few weeks:

https://www.bcsandpile.com/sandpiles/member-messaging-within-the-sandpile-website

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Liam Dilley
LEGEND ,
Oct 10, 2017 Oct 10, 2017
In Response To Deleted User

Nate is quite capable, just from the above he will be able to figure it out hey Nate?

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
TheColourfulOwl
Participant ,
Oct 11, 2017 Oct 11, 2017
In Response To Liam Dilley

Glad to see you have some confidence Liam . And yea, it certainly pointed me in the right direction.

Which, does now raise the security concern you mentioned. I'm wondering if it's possible to use liquid to encrypt the users id when passing it through. For example, you can input random string of letters, and then use liquid to remove them when processing the user ID.

Say a users ID is 123456. You can have this Id submitted as a1n2mbuo3ohi4nuo5asd6opisfd. Then using the liquid remove feature when outputting the id, you could remove all the letters. Most wouldn't understand what they're looking at without knowing how the backend operates.

{{'a1n2mbuo3ohi4nuo5asd6opisfd.' | remove: 'a' | remove: 'b' | remove: 'c' ***and so on*** }}

Would output:

123456

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Liam Dilley
LEGEND ,
Oct 11, 2017 Oct 11, 2017
LATEST
In Response To TheColourfulOwl

ID is fetched from entity ID so is a rendered value.

But I would say to you to have a look at the web app item submission action first, post and review everything in the console.

Translate
Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2025 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices