0

Hi everyone would like to ask is this type of scenario possible in using firebase?

The scenario: User will need to make a request to the admin. The admin will need to review all the application before approving the account to be created. In Firebase

So my thought is that using Firestore to save all the user's information and as well as the email and password and one of the attribute is userapproval and it is a boolean and when admin approve it, it will change to 1 and firebase will auto create a user using the available email and password that user's key in.

Thank you so much for reading. Really hope that there is a method that can work in this scenario. Can't seems to find anyway to make it work.

Renaud Tarnec
  • 79,263
  • 10
  • 95
  • 121
randomstudent
  • 73
  • 6
  • 1
    i think you are referring to cloud functions, so in the cloud functions you can use a trigger on document update https://firebase.google.com/docs/functions/firestore-events – Albert Laure Jun 24 '21 at 08:57
  • @AlbertLaure i will give it a try. From what i understand it seems to be what i wanted hope i didnt encounter any errors hahaha. Thank you so much. – randomstudent Jun 24 '21 at 09:16

1 Answers1

1

Hi everyone would like to ask is this type of scenario possible in using Firebase?

Yes it is totally possible. Giving you an out-of-the-box solution here is out of the scope of Stack Overflow, but the "high level architecture" you mention in your question ("So my thought is...") is a good approach. Here are some advice around this approach

  • Implement the correct security rules in such a way Admins are the only ones that can read and write from/to the collection where the user creation requests are stored
  • Use Custom Claims to assign access rights to the users. Read this answer for more details on why having security rules only based on auth != null is not enough.
  • Implement the business logic of your approach through Cloud Functions (you need to use Cloud Functions to assign Custom Claims). You can use a Cloud Function that is triggered when the Admin changes the value of the userapproval field to true (or to 1). Since the Admins are the only ones able to modify docs in this collection it is safe. (Another approach would be to use a Callable Cloud functions to implement the user creation flow because you can control the access rights to these Cloud Functions).

Finally you may be interested by this article which shows "How to create an Admin module for managing Firebase users access and roles" and in particular details how to execute user creations through Cloud Functions.

Renaud Tarnec
  • 79,263
  • 10
  • 95
  • 121
  • 1
    thankyou so much i will look into it and give it a try. I will ask question when i encounter any problem or any thing that i do not understand. Thank you so much. – randomstudent Jun 24 '21 at 09:14
  • 1
    Glad that I could help you! Yes, do not hesitate to ask new questions. You can alert me by adding a comment here. Also, if at the end it appears that the proposed directions were the correct ones, do not forget to accept the anwser. – Renaud Tarnec Jun 24 '21 at 09:21
  • Definitely will. Thank you – randomstudent Jun 25 '21 at 10:03