基于角色的授权和基于角色的访问控制 [英] role based authorization and role based access control flutter

问题描述

我试图做的是设置基于角色的授权(必需的用户和订阅的用户)，并根据角色将用户重定向到不同的屏幕. 我很困香港专业教育学院尝试了不同的解决方案，并看到那里有关于该概念的每个教程.我了解该概念的工作原理，但是很难在我的代码中进行设置.我不确定在哪里声明已订阅的用户，以及如何创建函数以及如何导航他们！ 非常感谢您的帮助！ 这就是我的代码的样子！

what im trying to do is to setup a role based authorization (reqular users and subscribed users) and based on roles users gets redirected to different screens. i am STUCK. ive tried different solutions and seen every tutorial there is out there about the concept. i understand how the concept works but having a realy hard time setting it up in my code. im not sure where to declare the subscribed users and how create the function and how to Navigate them! greatful for any help! this is how my code looks!

//这是我的身份验证服务

//this is my auth services

 static void signUpUser(
  BuildContext context, String name, String email, String password) async {
try {
  AuthResult authResult = await _auth.createUserWithEmailAndPassword(
      email: email,
      password: password
  );
  FirebaseUser signedInUser = authResult.user;
  if (signedInUser != null) {
    _firestore.collection('/users').document(signedInUser.uid).setData({
      'name': name,
      'email': email,
      'profileImageUrl': '',
    });

//注册页面

    final _formKey = GlobalKey<FormState>();
  String _name, _email, _password;

  _submit() {
    if(_formKey.currentState.validate()){
      _formKey.currentState.save();

      AuthService.signUpUser(context, _name, _email, _password);
    }
  }

//我的main.dart

//my main.dart

 Widget _getScreenId() {
    return StreamBuilder<FirebaseUser>(
      stream: FirebaseAuth.instance.onAuthStateChanged,
      builder: (BuildContext context, snapshot) {
        if (!snapshot.hasData) {
          Provider.of<UserData>(context).currentUserId = snapshot.data.uid;
          return LoginScreen();
        } else {
          return HomeScreen();
        }
      },
    );
  }

//用户模型 导入'package:cloud_firestore/cloud_firestore.dart';

//user models import 'package:cloud_firestore/cloud_firestore.dart';

class User {
  final String id;
  final String name;
  final String profileImageUrl;
  final String email;
  final String bio;

  User({
    this.id,
    this.name,
    this.profileImageUrl,
    this.email,
    this.bio
  });

推荐答案

存储角色信息的两个最常见的位置是:

The two most common places to store role information are:

在Firebase身份验证令牌中
1. 作为自定义声明用户
数据库中与该用户关联的文档中的
2. .

1. as a custom claim in the Firebase Authentication token for that user,
2. in the database in a document associated with that user.

无论选择哪个人，都应该在受信任的环境(您的开发机器，您控制的服务器或Cloud Functions)中设置此角色，否则任何人都可以更改自己的角色.

No matter which one you pick, you should be setting this role from within a trusted environment (your development machine, a server you control, or Cloud Functions) as otherwise anyone can change their own role.

在这两个位置之一中进行设置后，您就可以访问客户端代码中的角色信息，并导航到该用户的正确屏幕.

Once set in either of these locations, you can access the role information in your client-side code, and navigate to the correct screen for that user.

另请参阅:

• 在安全规则中设置基于角色的访问控制的视频
• 如何创建firebase管理员Java中进行身份验证的用户
• Firebase Web应用程序的管理员视图:方法
• 如何制作singups和signins与不同的用户组

• this video on setting up role based access control in security rules
• How to create firebase admin user for authentication in java
• Administrator Views for a Firebase Web Application: How To
• how to make singups and signins with different group of users

这篇关于基于角色的授权和基于角色的访问控制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！