I am creating a front end app with ReactJS that uses Supabase for backend.
At the moment I am able to create users by signUp() function. All works fine but I am at the point that I want the existing user to be able to add new users but this seems impossible from the front end and I would like to know if there is any way it can be done.
There are some functions that can be used only from server side (createUser() and inviteUserByEmail()) but they need the service_role key and I wouldn't like it to be shown on the frontend.
Related
I'm learning NestJS and was wondering what is the right way to implement the following scenario:
Usually in a basic CRUD API, when doing "Create" the data is sent in with a POST request and then saved into the database. I would like to implement it in a way whereby the data being sent is not committed to the database right away, rather I want to prompt the user for confirmation BEFORE saving it to the DB. I would imagine this requires 2 routes - one for passing in the data and one for confirmation. However, I do not know where to store the data while awaiting the user confirmation. Should I store it in a local variable, or is my approach completely wrong?
Regards
I think you don't need to make 2 apis for this case. Only need to action on your front-end or some where you integrate this with an api. Follow bellow to make:
Make a prompt on your front-end. When users click save data then show your prompt to confirm.
If users click to Confirm then call api to save data.
If users click to Cancel then close prompt
I have a Create-React application with a settings page in it, inside this settings page, the user has several inputs (form inputs) inside of which he can define certain parameters like backend server endpoint, API endpoints... so here is the problem, how can I persist this data in this application without the need for an additional backend server for my front-end application, please note that I tried using .env variables but I couldn't manage to update those based on user input, config files didn't work too since the front-end app is only alive inside the browser and can't access the files, I also tried using Local storage, it worked but again, I can't persist that to the whole application (since Local storage is bound to the browser, changing the browser will change the data) , lastly I considered using redux and store the configs in the store and update the state based on button clicks, but I'm not really sure if this is the right way to do it.
basically there are several ways to store the client side data in browser; like cookie storage, local Storage, and if you are using redux may be redux with redux-persist could be a great choice for this type of use case.
but as you mentioned you want to persist that data between user sessions of the application, for example you user can access the application from chrome, firefox, or even from his/her mobile browser, honestly for your situation there is nothing rather than store the required input data in database ( backend folks should do this ) and provide the data to the authenticated user in an api. there is no way rather than that!
I would like to add functionalities depending on whether or not the user logged in is the administrator but I don't really know which condition (for conditional rendering with delete buttons etc) I should use to check if the user is the admin or not. Is it safe to do it based on the id of the user ? In the first place, I thought about testing the user in every component I want him to have functionalities, with a state called "user" using recoiljs to get access to the user in the whole app but I'm afraid people could change the state with the react tool extension and then pretend they are the admin and so delete articles and stuff... What's the best way to test if a user is the admin or not using firebase authentification in a react project ?
It's never safe for client code to assume admin responsibilities without absolute enforcement from your backend. It's unsafe because client code can be compromised and might not work the way you expect. And it's running on a device that the user controls fully.
Client code can check some indicator to see if the user is admin (in whatever way you find suitable), but the final check needs to happen on your backend, either through security rules (if you're using Firebase products like Realtime Database, Firestore, or Cloud Storage), or in code running on a secure backend, including products like Cloud Functions.
I was wondering if this is possible using Firebase and React.
I want to create a admin panel where the admins can add new user and assign roles. The moderators should also be able to login and make a new post (the new post part i have figured out).
However i dont want any users to be able to register on their own, just the admin to add them to the site.
Is this possible and in that case, how? Grateful for input and thoughts
Yes its possible, just create and Interface which is able to send data to firebase.
Here you have a little example.
I've just create and APP which connects to firebase. Firebase saves a lot of time becase you dont have to control the Auth and the Users SingUp, it has functions to do it.
I will sugest you to use it with ReactForm (to send the data) abd the ReactRedux to control states and the LogIn, LogOut and SignUp.
https://medium.com/firebase-developers/how-to-setup-firebase-authentication-with-react-in-5-minutes-maybe-10-bb8bb53e8834
Fore more info check Google Documentation.
https://firebase.google.com/docs/auth
I want to be able to manage users in contenful, every user has some data (files, text, etc) that should only be able te be accessed by this specific authenticated user.
In firebase for example this would be possible by using database rules, but would something similar be possible in contentful?
ps: I try to avoid writing custom backend for this.
As you say you would not like to write custom backend code.
If you are calling the Contentful API on the client side instead of a backend server calling Contentful, the Authorisation keys will be exposed allowing anyone to scan through all the Contentful User data.
It may not be the ideal CMS for your use case.