如何与不同的用户组进行注册和登录 [英] how to make singups and signins with different group of users
问题描述
我正在为我的大学开发一个应用程序,并且有不同类型的用户,称为学生,教师,大学生等等.当他们登录时,我怎么知道老师已登录,或学生已登录?Firestore中是否有用于基于角色的注册和登录的功能?
I am developing an app for my college and there are different types of users called students ,teachers , hod's etc. When they login, how do I know a teacher logged in, or a student logged in? Is there any function in firestore for role based signups and signins?
我当时在想,当一名教师注册时,我会在她的uid.username末尾添加一个标签,即如果在注册时用户名是"DANIEL",我会为教师添加一个 tea ,代码> stu 在学生提供的名称的末尾.
I was thinking that when a teacher signs up, I will add a tag end of her uid.username that if username is 'DANIEL' while signup, I will add a tea for teachers and stu for students at the end of the name what they provided.
因此,当他们登录时,我将获取uid并进行字符串操作并获取最后三个字母,以便我可以知道谁登录,以便向不同类型的用户显示不同的用户界面
So when they login i will get the uid and do the string manupulations and get the last three letters so that i can know who logged in so that i can show different UI to Different types of users
有什么最好的方法吗?
在发布消息时,用户输入他的用户名示例:"daniel"我将在uid.username中更新该用户名,例如"daniel-stu"(如果学生已注册),"daniel-tea"(如果技术人员注册).
while singning up user enters his username example:"daniel" i will update that username in uid.username like this "daniel-stu"(if student signed up),"daniel-tea" if techer signsup.
推荐答案
可以将此信息存储在用户的显示名称中.您可以下次从那里读回它,并在应用程序的客户端代码中采取措施.但是请注意,这意味着任何用户都可以更改其角色,因为他们还可以将相同的代码调用到更新其个人资料.如果那不是您的应用程序所关心的,那么这种方法听起来像是可行的.
Storing this information in the user's display name can work. You can read it back from there next time, and take action in your application's client-side code. But note that this means that any user can change their role, since they can also call the same code to update their profile. If that is not a concern for your app, then this approach sounds like it would work.
如果恶意用户不能更改其角色,则不应从客户端应用程序代码中设置该角色.在这种情况下,您可以使用Admin SDK从服务器(或开发计算机或Cloud Functions)设置角色.由于Admin SDK在受信任的环境中运行,因此它具有扩展的特权,并且可以更新任何用户的个人资料.因此,Admin SDK可以按照您想到的相同方式来更新用户的显示名称.
If malicious users should not be able to change their role, then you shouldn't set that role from the client-side application code. In that case, you can set the role from a server (or your development machine, or Cloud Functions) using the Admin SDK. Since the Admin SDK runs in a trusted environment, it has expanded privileges and can update the profile of any user. So the Admin SDK could update the display name of the user in the same way you have in mind.
但是,这仍然是不安全的,因为您仍在设置一个属性,任何人都可以对其自己的个人资料进行修改.再说一次……如果那对您的应用程序来说没问题,那很好,但是如果用例要求您可以依靠该属性正确,那么我们必须继续寻找其他地方.
But this still isn't secure, since you're still setting a property that anyone can modify for their own profile. Again... if that is no problem for your app that is fine, but if the use-case requires that you can rely on the property to be correct, we have to keep looking elsewhere.
Admin SDK可以在用户个人资料上设置其他所谓的声明客户端代码无法修改.此类声明涉及影响用户权限的事情,例如,如果用户是管理员,或者用户属于哪个角色/组.这听起来很接近您所描述的内容,因此也可以使用.这次,只有您在受信任的环境中运行的代码才能这样做.
The Admin SDK can set additional so-called claims on a user profile that client-side code can't modify. Such claims are for things that affect the permissions of the user, such if the user is an admin, or what role/group your users belong to. This sounds quite close to what you are describing, so can also be used. And this time, only your code that runs in a trusted environment will be able to do so.
最后,您可以在数据库中存储有关用户的其他信息.在数据库中有一个集合( Users 或 Profiles )是很常见的,您在其中为每个用户存储一个文档(文档名称为 User.uid.).在用户首次登录时创建文档,并在需要时进行更新.您可以从客户端代码(如果不需要控制编写的内容)来执行此操作,也可以从在受信任的环境中运行的代码(例如,开发计算机,您控制的服务器或Cloud Functions)中执行此操作确实需要保持控制.这种方法的一大优势是,所有用户都可以看到此集合中的信息,而客户端Authentication SDK仅允许用户读取自己的用户个人资料.
Finally, you could store the additional information about a user in the database. It's quite common to have a collection (Users or Profiles) in the database, where you store a document for each user (with the document name being User.uid). You create the document when the user first signs in, and update whenever you need to. You can do this from the client-side code (if there is no need to control what gets written), or from code that runs in a trusted environment (such as your development machine, a server you control, or Cloud Functions) if you do need to keep control. A big advantage of this approach is that all users can potentially see the information in this collection, where the client-side Authentication SDK only allows a user to read their own user profile.
有关此的更多信息,请参见:
For more on this, see:
- 向Firebase用户添加新数据(我在其中基本上列出了相同的选项,用更少的词)
- 使用firebase添加额外的用户信息(将信息实时存储数据库)
- 将Firebase用户与数据库记录关联(还将实时数据库用于其他信息)
- Cloud Firestore保存其他用户数据
- 此解释自定义声明的视频
- 以及更多以前的问题关于这个主题
- Adding new data to firebase users (in which I essentially list the same options with fewer words)
- Add extra User Information with firebase (store the information in the realtime database)
- Associate Firebase Users to Database Records (also using the realtime database for the additional information)
- Cloud Firestore saving additional user data
- this video explaining custom claims
- and many more previous questions on this topic
这篇关于如何与不同的用户组进行注册和登录的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
