Implementing multiple account access to a single feature with Firebase

Question

I'm creating a web app with Firebase on the back end where multiple users can access a feature, created by a root user.

The real-time db structure looks like this


project 
    project id
       userID:userID of the user who created it
       meta:other information about the project ...
       team: 
           memberid1:{}
           memberid2:{}

Until now, I've only allowed the root user to access the project. To do this, I've used the ref.orderByChild('userID').equalsTo(userID of user logged in) method of firebase js sdk to determine if the logged in user can access it because userID is a direct child of projectID.

But now, I want to allow multiple users to access a project. For this I've added a new child called team under which members can be added. But I can't use the aforementioned method to determine if a user who's logged in can access the project because the memberID is a grandchild of the project and hence orderByChild chained with equalTo won't work.

How could I do this with the DB structure as I stated above, and if it's not, how could I do this with a change in DB structure.

Your current structure makes it easy to find the members of a team. But it doesn't make it easy to find the teams that someone is a member of. To easily allow that you'll need to add an additional top-level list (e.g. `userTeams`), where you track the teams/team ids of each user. See my answer [here](https://stackoverflow.com/questions/40656589/firebase-query-if-child-of-child-contains-a-value) or the one I gave two hours ago [here](https://stackoverflow.com/questions/57282697/calling-a-child-inside-2-levels-of-nodes/57283430#57283430). — Frank van Puffelen, Jul 31 '19 at 07:20

score 0 · Answer 1 · answered Jul 31 '19 at 09:20

0

get project_id and team members of all projects and store in object with project id and member_id.Then, get project_id of corresponding to member id of logged in user and retrieve the project if project exists.

answered Jul 31 '19 at 09:20

Ravi Varshney

1

score 0 · Answer 2 · edited Jul 31 '19 at 10:23

Yes we can definitely do that,the below code tries to explain that.

var uid = UserId of user logged in    
ref.get().then(function(doc) {
  if(doc.data().userID == uid  || doc.data().team['memberid1] == uid || doc.data().team['memberid2'] == uid) {
    \\ checks here whether user is authorized
  }
});

One thing to note here is, if there are more than 2 members then this code may not be optimized

Implementing multiple account access to a single feature with Firebase

2 Answers2