Need suggestion for database for our social network app
So we have a "GroupChat" class where we have an array of "_Users" class objects.
Now in this "_Users" array we want to add invited user aswell.
Example: "John" is a user who invited "Dave/dave#blah.com" but dave is yet to sign up.
But when we open the GroupChat and see the list of users, it should include the invited users as well.
So we are wondering if we should
1.create a new class "InvitedUsers" for invited users or
2.we should directly add invited users to "_Users" class with a flag signedUp=false. And when they signup we check if they already exists and overwrite the data.
Now Problems,
if we create new class "InvitedUsers" then we will have to fetch both the classes everytime which is make the app a bit slow
if we create these invited users directly into user class then parse-server automatically sends email to newly created users(which we dont want to until they sign up)
if we create these invited users directly into user class then we will have to check if the invited user already exists before signing up, if exists then just overwrite. which is doable without any problem?
Thanks
Your question has 2 votes to close as primarily opinion based by now. And indeed the answer is, whatever you like more.
To address your "problems":
I really don't see why this would make your app a bit slower
Well, why don't you adjust your parsing so that the signedUp=false is considered?
Why on earth should that be a problem? That's what databases do all day. Either do it in a transaction, or if your dbms has a built-in functionality use it (like MySQL's INSERT ON DUPLICATE KEY UPDATE)
Related
I'm adding a new document every time a user is logged in with Google authentication and that user does not exist in firestore.
What I want is to add a 'USER' role when creating this new USER.
I was expecting to do this outside the react application so it can not be hacked into creating different types of users by calling the Firestore api.
At first I thought of a function but now they are only allowed by having a paid plan.
Thanks in advance for the help.
If you want to implement a role-based access control to your Firestore database, the recommended approach is to use Custom Claims. This indeed requires using the Admin SDK via Cloud Functions or a server you own.
Activating Cloud Functions indeed requires entering the details of a credit card but there is a free tier which allows up to 2M invocations/month for free. So, unless your app is very popular, you'll be only billed for each container required to deploy a function but this is a negligible cost of few tenths of $.
If you don't have any credit card, there is another solution: using some Firestore documents to declare the users roles, as explained here in the doc.
I wanted to add this as a comment but I guess you could make use of the firestore rules to make sure that the role value sent by the client is always set to user and not anything else or you could make sure that this USER role added it a boolean value and in the rules make sure he can only edit his own document this way he won't be able to change his role even if he set it to false it won't give him a different role
I'm doing this project these days and for that, I'm using firebase with React. In my project, I have two types of users 1. Student and 2. teacher, so in my site I want to use the same email id to create an account of both the stakeholders from one user, but firebase is not allowing me because I can create only one account using CREATEUSERWITHEMAILANDPASSWORD() method. so how can I create a teacher account if I already have a student account with one email id??
I know this question sounds childish but I am still learning.
so please help me out.
If you go to https://console.firebase.google.com/project/your-project-name/authentication/providers and scroll down to advanced, you can find a setting for allowing only one or multiple accounts per email.
You cannot, however, create multiple accounts with the same login method. So you cannot have users create two accounts with email & password. One account could be with email & password and another could be Facebook login, for example.
How can we develop a voting website based on Wordpress where the landing page is login and password protected and logins and passwords are based on a preloaded database of users. The idea is to create a page for employees where they can enter after they provide the individual credentials. It cannot be based on a system where they register - their data should already be in a database.
I am assuming that you do not want different user roles for different users. If that is the case then you will need to create a function in your theme's functions.php file that will check if user is logged in using is_user_logged_in() and if not, redirect them to login page. In order to work around the problem of every user registering on site by themselves, you can create another piece of code that will iterate user details from a csv file, register them and set each user's password.
The reason for this suggestion/approach:
All the users are registered in your WP Users list so your passwords are not easily stolen.
You can assign custom user roles and capabilities later down the line if you wish.
You can do single or bulk addition of user down the line without redoing the same amount of efforts every time you need to add users.
You do not risk breaking the database structure in WP which is decently optimized.
Now do understand that you will need to leverage object caching and work using pre_get_posts to manage the large size of site.
Good Luck!!
I have my own login form for my website. In addition I have also added google and facebook login.
My question is should I add those user data that's login from (fb or google) into my own userdata table or create a different one each for google and facebook.
1) If I add to my existing one, the password column would be left blank(as fb do not provide one) and anyone who knows the email will be able to access it easily.
2) And if I make different table then I think it will become little complicated or slower when trying to access a user data from across the different table.
What's the best choice of doing it or any other method that's better than this?
Make sure users have to enter a password when they login with Facebook/Google, or make sure regular users do not use a blank password - users without a password can only login with the Facebook/Google API.
DonĀ“t create a separate table, it will only get more complicated. Extend the existing one with IDs (from Facebook and Google).
I am building a simple website that needs 3 user levels (member, mod, admin) and am currently using ACL that sets permission on a per-group basis. Now, this is all working out fine, but I am wondering if it would not be better to just have a role column in the users table that would contain a tinyint and go with that.
Why I am considering this is the following. Say I wanted to have an "admin bar" on the top of the page, I'd have to check in which group the user is, but group names can change and are not static, the role column would be. This raises the question, is ACL suited for websites that have such a simple permissions scheme?
Funny - I just recently wrote a simple Auth for scenarios like that - I called it "Tiny": http://www.dereuromark.de/2011/12/18/tinyauth-the-fastest-and-easiest-authorization-for-cake2/
It should be pretty much exactly just about what you need.
It does need the roles to be present in the Session Auth, though and that you manage user roles yourself. So you might have to add this to your login method if you want to use multi role Auth.
As you said - the core one is way to powerful and a real overkill for simple use cases.
Just one thing: call the field "role_id" and not "role".
This is what i use http://bakery.cakephp.org/articles/watermark86/2010/09/23/user-permissions-based-on-a-routing-prefix
Though acl is the right way but for small/simple cases like urs you can use this