User permissions in firebase

Asked

Viewed 807 times

0

Good morning, I’m having a question, I’m assembling an app where the person accesses it, login and password and then appears the home screen of the same. If the person has no record she will register through the app itself, but my concern is the following. I want to create a rule where only a certain user can create these users. ex: the school director creates the user based on the student’s data, ex: RA(STUDENT REGISTRATION), but wanted to know how do I make this rule, whether it is directly in the FIREBASE database on the web panel, or via app even on androidstudio, and depending on what would be the choice, how would do it ?

  • How did you structure the database? Can you post the structure here? So I can help you make the rules.

  • { "Rules": { "users": { "$uid": { ". read": "$uid === auth.uid", ". write": "$uid === auth.uid" } } } }

  • How do you differentiate users? Do you have a field that indicates you are a director/student? If so, what is the field?

1 answer

1

You can block the Activity of registration for those who do not have the permission to register the user. If it is only a user as you wrote can do so

  FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
  String userId = user.getUid();

  if(userId.equals("id permitido")){
      Intent intent = new Intent(this, CadastroActivity.class);
      startActivity(intent);
  } else {
      //É sempre importante avisar ao usuário o que está acontecendo
      Toast.makeText(this, "Apenas usuários autorizados podem cadastrar novos", Toast.LENGTH_SHORT).show();
  }
  • Good idea, thank you very much!

  • 1

    This is only a good idea if used in conjunction with a security rule in the Firebase dashboard, because anyone can change their APK to open the sign-up screen directly and circumvent that check. Any customer side check should be done only to maintain the flow of the application, not to ensure security.

  • Of course, I do not include this in the answer because the rules already come as standard, but it is extremely important to control who has access to the database

Browser other questions tagged

You are not signed in. Login or sign up in order to post.