Dynamic conditions for page visibility?

Hello,

I have an “Events planner” application, to be used by my colleagues. Staff create an event via a form, it syncs to Airtable, their Outlook, etc., very easy. Events get saved in a list block; clicking through a list details block for full details. Only people assigned to the events can edit them, and other associated actions.

One such associated action for these assigned users is adding tasks for an event. Tasks go on a seperate table, but are linked with a linked record field. The “add task” page is a seperate list details page, but which shares the same record ID; the page uses a Fillout form with some code and hidden field to associate the task with the original event record.

My issue is: although I can show/hide the action button to open the “add task” page based on a user’s conditions, the actual URL of the page itself could in theory be accessed by anyone who pastes the URL and the record ID. So, effectively, anyone could in theory add a task to an event they’re not assigned to.

Ideally, I’d like to be able to hide the visibility of the whole “add tasks” page using User groups, but to my knowledge, this only accepts static values. (e.g. I can’t create a user group such as "Logged in user’s Events is one of current page URL). Whereas a user might need to be able to add tasks for one event, but not another.

Don’t suppose anyone might have any ideas for how to address this?

Much appreciated,

Matt

Another option to user groups you can to try is:

  1. On your list details page block go to the settings and find the option conditional filters, you can set a condition to only show records where the airtable field ‘can add tasks’ is = (‘or is one of’, in case many users can add tasks to the same event) to the current session user email or record id.

That way events will only be seen by the users with the right ‘permission’ and then can add tasks to the event.

Appreciate the idea, but this is basically what I already have for hiding/showing the action buttons. I could apply the same visibility settings to the “Add task” list details blocks, but as the actual adding the tasks is done via an embedded Fillout form in a custom code block, the form will be visible to anyone who finds the page anyway. So, still stuck unfortunately!