firebase firestore and authentication admin view

1
votes

I'm using firebase authentication and firestore.

I'd like to build a admin view in my app but am unsure how to go about it.

My firestore has a collection with 1 level of document. every document has an attribute that identifies the user_uid

For admins I want to provide a view in my app that shows:

  • a list of every user that has authenticated
  • drilling down into that we can see every document that user has created.

Because getting the users from authentication is an admin function, Do i want to use a firebase cloud function for this or something else? I want to avoid having a backend that I manage (the app is pure front end with firebase handling all backend functionality)

------- update -----------

There seems to be some confusion as to what i'm asking. To respond to comments below:

@jay: As @Bob Snyder commented, I intend to use custom claims to identify admins.

@Locohost: Im not asking

how do I build a full web UI that allows an admin user to add/edit/delete data" in his Firestore database.

I am asking what is the appropriate firebase/google service i want to use to host a view or api call I implement that will allow me to generate a view with the two requirements above.

for example: One way i think this can be implemented is by creating an API call that will return the list of all the authenticated users and their uids. it will only work for users who are identified as admins (via custom claim).

Where/what service would i use to host this API call?

1
firebasefirebase-authenticationgoogle-cloud-firestore
I think you need to clearly define what an admin user is; what makes them an admin user and how will the app (and Firebase/Firestore) know the difference between and admin user and a regular user. Then you can, for example, leverage rules to restrict access to your data or open it to admin users.Jay
The capabilities described here might be helpful.Bob Snyder
I think the OP is asking "how do I build a full web UI that allows an admin user to add/edit/delete data" in his Firestore database. This isn't something explained in a paragraph or 2 in a SO post. This is a laaarge task for an experienced web/Firestore developer. Or do I not follow the question? :-/Locohost
hi guys, thanks for looking. i updated the question above.w--

1 Answers

3
votes

I'll define a schema using Security Rules:

service cloud.firestore {
  match /databases/{database}/documents {
    match /documents/{documentId} {
      // Document owners can read/write their documents, admins can too
      allow read, write: if request.auth.uid == resource.data.ownerId  || request.auth.token.isAdmin == true;
    }
    match /users/{userId} {
      // Users can update their profiles, admins can too
      allow read, write: if request.auth.uid == userId || request.auth.token.isAdmin == true;
    }
    match /admins/{userId} {
      // Admins can do admin things
      allow read, write: if request.auth.token.isAdmin == true;
    }
  }
}

Then you'll have admins run a few requests in your front end:

  • db.colletion('users').get().then(/* list of users */);
  • db.colletion('documents').where('ownerId', '==', 'some-user-id').get().then(/* list of user owned docs */);

Note that you don't have to use custom tokens. You could instead rewrite the request.auth.token.isAdmin == true check using either exists(/databases/$(database)/documents/admins/$(request.auth.uid)) or get(/databases/$(database)/documents/users/$(request.auth.uid)).data.isAdminand have admin information stored in the database