CODEWITHSUNDEEP
firebasefirebase-authenticationgoogle-cloud-firestore
w--
w--

Reputation: 6697

firebase firestore and authentication admin view

I'm using firebase authentication and firestore.

I'd like to build a admin view in my app but am unsure how to go about it.

My firestore has a collection with 1 level of document. every document has an attribute that identifies the user_uid

For admins I want to provide a view in my app that shows:

Because getting the users from authentication is an admin function, Do i want to use a firebase cloud function for this or something else? I want to avoid having a backend that I manage (the app is pure front end with firebase handling all backend functionality)

------- update -----------

There seems to be some confusion as to what i'm asking. To respond to comments below:

@jay: As @Bob Snyder commented, I intend to use custom claims to identify admins.

@Locohost: Im not asking

how do I build a full web UI that allows an admin user to add/edit/delete data" in his Firestore database.

I am asking what is the appropriate firebase/google service i want to use to host a view or api call I implement that will allow me to generate a view with the two requirements above.

for example: One way i think this can be implemented is by creating an API call that will return the list of all the authenticated users and their uids. it will only work for users who are identified as admins (via custom claim).

Where/what service would i use to host this API call?

Upvotes: 1

Views: 1048

Answers (1)

Mike McDonald
Mike McDonald

Reputation: 15963

I'll define a schema using Security Rules:

service cloud.firestore {
  match /databases/{database}/documents {
    match /documents/{documentId} {
      // Document owners can read/write their documents, admins can too
      allow read, write: if request.auth.uid == resource.data.ownerId  || request.auth.token.isAdmin == true;
    }
    match /users/{userId} {
      // Users can update their profiles, admins can too
      allow read, write: if request.auth.uid == userId || request.auth.token.isAdmin == true;
    }
    match /admins/{userId} {
      // Admins can do admin things
      allow read, write: if request.auth.token.isAdmin == true;
    }
  }
}

Then you'll have admins run a few requests in your front end:

  • db.colletion('users').get().then(/* list of users */);
  • db.colletion('documents').where('ownerId', '==', 'some-user-id').get().then(/* list of user owned docs */);

Note that you don't have to use custom tokens. You could instead rewrite the request.auth.token.isAdmin == true check using either exists(/databases/$(database)/documents/admins/$(request.auth.uid)) or get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isAdminand have admin information stored in the database

Upvotes: 3

Related Questions