问题
I am making a point of sale app, using Xcode.
I want this app to keep track of stock items, allow users to search stock, scan stock, add or lookup stock using a barcode. Items of stock will be stored in a users 'store'.
I want to have three types of users:
A manager user, who creates a store and has full access to the store. He can manage all of the 'employee users', such as deleting their access and employee users must be invited by him to join his store using a unique code. He will have specific abilities that 'employee users' do not such as the ability to add and edit stock.
What a manager account would look likeA employee user, who has limitations. (eg. cannot see edit users page and not option to edit stock that manager user has).
What a Employee account would look likeA shopper user who can only see a store and the items in a store.
What a shopper users account would look like
The attached UI design should show what I mean. As you can see, the manager user has a manage employee tab that I wish only he can have and the other users do not. The manager has also got the option for more details when looking at stock, while the employee user does not. The shopper account has only got access to two functions, looking up a store, and checking the stock in a store.
So my question is, How do I code three different types of users in Firebase for my app? & How do I show them only options that I want to show them while showing other options to other users?
Many Thanks, Sam.
回答1:
This is an incredibly broad topic and lots of it depends on how you implement the various parts of your app. Below is one of the many possible answers, just in an effort to get you started with some links.
If your app stores its data in one of Firebase database offerings (Realtime Database, or Cloud Firestore), or if it stores files in Cloud Storage through Firebase, then you'll likely want to store the role of each user as a custom claim in the profile of that user.
The Firebase Authentication documentation shows how to set such custom claims, for example how to set the admin property of a user to true from a Node.js script:
admin.auth().getUserByEmail('user@admin.example.com').then((user) => { // Confirm user is verified. if (user.emailVerified) { // Add custom claims for additional privileges. // This will be picked up by the user on token refresh or next sign in on new device. return admin.auth().setCustomUserClaims(user.uid, { admin: true }); } }).catch((error) => { console.log(error); });
Similarly you could set your user roles in a role property. Then you can check in the server-side security rules of the Realtime Database, Cloud Firestore, or Cloud Storage if the user has a role that allows them access to the specific data they're trying to access.
In the client-side code you can then decode the user's token to get access to the same claims and optimize the UI for them
回答2:
Frank's answer is the correct one but I wanted to add a very simple additional piece of information. If you store users information, (DOB, nickname etc) in a /users node (as many Firebase apps do) simply add the role within that node
users
uid_0
name: "Larry"
role: "manager"
uid_1
name: "Curley"
role: "employee"
uid_2
name: "Moe"
role: "shopper"
When a user logs in, read their node from the users node and the app will then know what kind of user they are and display the appropriate UI.
You can also leverage that within Firebase rules to control what each role can access.
来源:https://stackoverflow.com/questions/48255622/how-to-create-different-user-groups-in-firebase