分享程序员开发的那些事...
更新时间:2023-02-07 16:59:11
在我的应用中,这是我的管理方式:
Here's how I manage this in my apps:
我的用户具有管理员",经理"等权限.
My users have permissions such as "admin", "manager", etc.
管理员"登录到应用程序后,他们可以通过应用程序界面添加,更新和删除其他用户
When an "admin" is logged in to the app, they can add, update, delete other users via the app's interface
这是通过将更改请求推送到实时数据库中的"updateUser"节点-否到数据库中的实际用户记录来完成的.确保Firebase规则仅允许管理员"用户写入此节点.
This is accomplished by pushing a change request to an "updateUser" node in the realtime database - NOT to the actual user record in the database. Be sure that Firebase rules only allow "admin" users to write to this node.
一旦创建了这个新节点,我将禁用表单并提交按钮,因此无法进行其他更改.然后,我让应用程序监听对以下内容的任何更改:
Once this new node is created, I disable the form and submit buttons so no more changes can be made. Then, I have the app listen for any changes to:
updateUser/xkekek393kdkd)我具有Firebase云功能,可监听对该"updateUser"节点的任何写入
I have a Firebase cloud function listening for any writes to that "updateUser" node
该函数触发时,它将使用admin-sdk对用户配置文件 AND 的Firebase身份验证帐户(电子邮件地址,密码等)进行实际更改.然后,admin-sdk使用以下状态更新"updateUser"节点:
When the function triggers, it uses the admin-sdk to perform the actual changes to the user profile AND their Firebase authentication account (email address, password, etc). Then, the admin-sdk, updates the "updateUser" node with a status like:
{
status: "success",
message: "User updated"
}
或
{
status: "fail",
message: "Email address already in use"
}
客户端应用检测到对"updateUser"节点的更改,并向用户提供操作已完成的反馈.
The client app detects that change to the "updateUser" node and provides feedback to the user that the operation is completed.
客户端应用程序还会检测到对真实用户配置文件节点的更改,并相应地更新UI.
The client app also detects changes to the real user profile node and updates the UI accordingly.
优势:
只有受信任的资源(Firebase云功能)有权访问管理员权限.
Only a trusted resource (a Firebase cloud function) has access to admin privileges.
所有业务逻辑和验证都是在服务器端而不是客户端执行的.
All the business logic and validation is performed server-side instead of client-side.