I am trying to make an app with a web site and i wanted to make 2 kinds of users an admin and a user the admin will have the right to read and right to the firestore and the user will only have the right to read but i wanted to block users who try to sign in who are not listed as admins in my list from the web page.
Asked
Active
Viewed 305 times
0
Tripping
- 375
- 5
- 14
-
Your question is too vague for SO and will probably be closed. What you are looking for is role based access rights. Have a look at the [doc](https://firebase.google.com/docs/auth/admin/custom-claims) as well as at this [article](https://medium.com/firebase-tips-tricks/how-to-create-an-admin-module-for-managing-users-access-and-roles-34a94cf31a6e). – Renaud Tarnec Aug 07 '20 at 13:08
1 Answers
0
When you log in a user, you will need to request for an extra field before deciding what you should do next, this extra field can be a variable of type boolean like admin = true or false
So, how it works, first, you will need to add the admin : Boolean to your user in your users node, then in your client-side when you are logging in, check if that user admin atribute is true or false to do your operations.
With rules is the same, you should add a rule that will check for that admin variable and decide whether that user can read or write into database
Gastón Saillén
- 12,319
- 5
- 67
- 77