0

I am building an app that has different types of users that must have access to different dashboard based on who they are. Similar to student, teacher and School director. Each of them have separate dashboard they must be directed to upon authentication.

I am using firebase as my backend support. After they have been authenticated into firebase, I have them saved into their respective DB like below.

The question is because firebase sees them all as users and assign a UID to each in Authentication, what is the best way to know who is student, teacher or director when they log back in so that they can be directed to their respective dashboard.

enter image description here

AL.
  • 36,815
  • 10
  • 142
  • 281
Ola
  • 431
  • 1
  • 8
  • 28
  • Firebase will *not* assign them a new UID in each authentication if you [create the users](https://firebase.google.com/docs/auth/web/start) in Firebase. Once the user is created, add them to a /users/uid node and one of the children can be user_type: Student or Teacher or Director. From then, whenever they authenticate query the users node for their user ID and you will have what type they are. This is a very common design pattern and there are hundreds of posts here about leveraging a /users/ node to store user data. – Jay May 10 '17 at 18:05

1 Answers1

1

You need to use role based authentication system for your application. Based on those user roles you can redirect the users to their specific dashboards or allocate permissions.

In case of Firebase a role based database should look something like so:

  {
    "roles" : {
      "teacher" : true,
      "student" : true,
      "director" : {
        "335Fq6U6gZPWNEyDJRZd6ZYGkvn1" : true
      }
   },
    "secret_data" : {
     "access_code" : 390399333,
     "users" : {
       "335Fq6U6gZPWNEyDJRZd6ZYGkvn1" : true
     }
   },
   "users" : {
     "335Fq6U6gZPWNEyDJRZd6ZYGkvn1" : {
       "username" : "shakti"
     }
   }
 }

and the security roles should be something like so:

  {
    "rules" : {
      ".read"  : false,
      ".write" : false,

      // Secret data is only available to paid users.
      "secret_data" : {
        ".read": "(root.child('roles').child('director').hasChild(auth.uid)) 
                  && (data.child('users').hasChild(auth.uid))",
       "users" : {
         "$uid" : {
           ".read" : "($uid === auth.uid)"
         }
       }
     }
   }
 }

please refer to: https://firebase.google.com/docs/database/security/user-security

and github : https://gist.github.com/sararob/331760829a9dcb4be3e7

also you may refer to the SO answer at Firebase: set security rules depending on user roles

Community
  • 1
  • 1
Shakti Phartiyal
  • 6,156
  • 3
  • 25
  • 46