Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Add role-based user permissions #6

Open
jfmcquade opened this issue Aug 10, 2023 · 0 comments
Open

Feature: Add role-based user permissions #6

jfmcquade opened this issue Aug 10, 2023 · 0 comments

Comments

@jfmcquade
Copy link
Owner

What

Different users should have different permissions regarding viewing, editing and deleting files, based on each user's assigned roles.

We proposed the following roles:

  1. Viewer
  • These users can view files that have been uploaded by others, but they cannot upload files themselves. They cannot edit metadata on existing files, or delete existing files.
  1. Editor
  • These users can view files, but they can also upload new files and edit metadata on existing ones.
  1. Admin
  • These users can do everything that the other two user groups can do. Additionally, they can manage the permissions of other users: they can set other users to be one of these three roles.

We can tweak these permissions later on if we want (for example, we could allow viewers to upload files). But the main thing is to set up a system whereby each user is assigned one of these three roles, and each role has different access rights on files.

How

We don't have access to edit data on the Firebase Auth object itself. That means, we need to save our own data on each user in Firestore, storing a User class object for each user. In that object in the database, we'll save a "roles" object, which can have either a Viewer, Editor or Admin attribute. We will link the entry in the Firestore database to a user in Firebase Auth by using the UUID for each user.
An example of how the User object in the database could look:

{
  laksjfJKHVsdfa7asdasdf: {
    roles: {
      viewer: true,
      editor: true,
      admin: false
}

Here is a very good tutorial that should be helpful: https://www.youtube.com/watch?v=3qODuvp1Zp8&ab_channel=Fireship
Important: We can't use his example exactly, as we have the following differences:

  • His Roles are different to ours, and have slightly different permissions to what we want. But the structure can still be the same
  • He uses AngularFireDatabase (passed in as db), whereas we want to use AngularFirestore. They should be very similar to work with
    • See src/app/services/shared/service/data/data.service.ts for how we currently use AngularFirestore (passed in as afs)
  • He sets the user permissions on "Posts", which live in his database. We want to set the permissions on our metadata, which exists in Firestore and is accessed via the src/app/services/shared/service/data/data.service.ts file. And we also want to set permissions on our files, which live in Firebase Storage and are accessed via the src/app/services/shared/service/file/file.service.ts file.
    I would recommend watching the video a couple of times before you start coding, in order to get an idea of what he's doing (he goes very fast).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jfmcquade