0

I'm developing an Android app which needs to be able to manage the user list. Problem is, Firebase doesn't seem to offer much support for this kind of scenario, as opposed to social apps where users are self-registering and managing their own accounts. I could create users in the Firebase console, but this is not enough.

The users are to be registered by email and password, some users must have admin permissions and be allowed to edit the user list, I can enforce this using security rules. However, the users listed in the Firebase console don't have any place to put extra information for the permissions, so this info must go in the main database. Editing the database tree in console is not reasonable, hence this must be done in the app.

First problem is, there is no way to get the user list from the app. As a workaround, I can create users only in the app using createUserWithEmailAndPassword() function. Then, I can save the extra user info in the main database, keeping them in sync.

Minor problems aside (such as newly created user getting automatically signed in, signing out the admin user), the function starts to fail and the error logs indicate "TOO_MANY_ATTEMPTS_TRY_LATER". This is not acceptable.

Any suggestions will be appreciated. Thank you.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
so_tkal
  • 1
  • 1

1 Answers1

1

The users are to be registered by email and password, some users must have admin permissions and be allowed to edit the user list, I can enforce this using security rules. However, the users listed in the Firebase console don't have any place to put extra information for the permissions, so this info must go in the main database

You should a separate worflow for admins which would add the admin UID to a DB node "admins".

Then whenever you need to check if your user is an admin using rules you can uses something like ".write": "root.child('admins/'+$user_id).exists()"

Creating and login in other users seems pretty unintuitive to me, I would suggest using dynamic links for invites and let the invited users, install the app, create their own users and sign in themselves. You can then use the dynamic link info to see whoever invited them and act accordingly.

jirungaray
  • 1,674
  • 1
  • 11
  • 18
  • Adding admin UIDs to a DB node is an issue, because there's no way to get a list of UIDs of all users from app (copy&pasting each UID in console is not reasonable). That is why I create the users myself; I obtain the UID right after creating them. Using invitations is also not OK, think of a more serious app where admin enters employee list to DB and assigns roles to them. Thanks for your answer, though. – so_tkal Sep 07 '16 at 15:25
  • To clarify, I know how to use security rules as you suggested. Problem is to obtain the UIDs, programatically. – so_tkal Sep 07 '16 at 15:34
  • at some point you are setting the user to be an admin, either when creating it or later manually, in either case you should have access to that user's UID. If the the other user is responsible for creating its own record, then define a special dynamic link or workflow in which if I am an Admin as soon as I signup record my UID to the admins node. – jirungaray Sep 07 '16 at 16:56
  • yes, I have access to the UID when I create the user (users will not create themselves, forget dynamic links). So, I create the user in app, then I can get the UID, but then I have the problem of "too many attempts" error. – so_tkal Sep 07 '16 at 17:28