How to create different user groups in Firebase?

Sam picture Sam · Jan 15, 2018 · Viewed 7.8k times · Source

I am making a point of sale app, using Xcode.

I want this app to keep track of stock items, allow users to search stock, scan stock, add or lookup stock using a barcode. Items of stock will be stored in a users 'store'.

I want to have three types of users:

  1. A manager user, who creates a store and has full access to the store. He can manage all of the 'employee users', such as deleting their access and employee users must be invited by him to join his store using a unique code. He will have specific abilities that 'employee users' do not such as the ability to add and edit stock.
    What a manager account would look like enter image description here

  2. A employee user, who has limitations. (e.g. cannot see edit users page and not option to edit stock that manager user has).
    What a Employee account would look like What a Employee account would look like

  3. A shopper user who can only see a store and the items in a store. What a shopper users account would look like What a shopper users account would look like

The attached UI design should show what I mean. As you can see, the manager user has a manage employee tab that I wish only he can have and the other users do not. The manager has also got the option for more details when looking at stock, while the employee user does not. The shopper account has only got access to two functions, looking up a store, and checking the stock in a store.

So my question is, How do I code three different types of users in Firebase for my app? & How do I show them only options that I want to show them while showing other options to other users?

Answer

Frank van Puffelen picture Frank van Puffelen · Jan 15, 2018

This is an incredibly broad topic and lots of it depends on how you implement the various parts of your app. Below is one of the many possible answers, just in an effort to get you started with some links.

If your app stores its data in one of Firebase database offerings (Realtime Database, or Cloud Firestore), or if it stores files in Cloud Storage through Firebase, then you'll likely want to store the role of each user as a custom claim in the profile of that user.

The Firebase Authentication documentation shows how to set such custom claims, for example how to set the admin property of a user to true from a Node.js script:

admin.auth().getUserByEmail('[email protected]').then((user) => {
  // Confirm user is verified.
  if (user.emailVerified) {
    // Add custom claims for additional privileges.
    // This will be picked up by the user on token refresh or next sign in on new device.
    return admin.auth().setCustomUserClaims(user.uid, {
      admin: true
    });
  }
}).catch((error) => {
  console.log(error);
});

Similarly you could set your user roles in a role property. Then you can check in the server-side security rules of the Realtime Database, Cloud Firestore, or Cloud Storage if the user has a role that allows them access to the specific data they're trying to access.

In the client-side code you can then decode the user's token to get access to the same claims and optimize the UI for them