I made a simple Angular + Firebase app, which you can see here.
I want to add user authentication to it using Firebase, and have successfully been able to create an account and login using Firebase's email and password auth.
The problem is, I don't know how to take the next step to separate each user's data — I want each user to only to be able to change their own data, and show nothing until they're logged in.
The only thing I could think of was to change the firebase URL I'm using to separate the FirebaseArrays I'm using, but that seems super hacky and didn't work when I tried it.
How am I supposed to use the unique uids to create separate, individual user data?
So every user will have a unique id within the authorize table , of which you cannot directly access ( in that you cannot add tables - firebase keeps it locked down for security reasons )
This still allows for a separation based on the id. There will essentially be a books array, You could add an array of users on each book, but that could get redundant. I think the best solution would be to create a user_books array. This will list all the users by id that have books, with the bookID as a nested array
user_books
-Jsdee23dnn23d2n3d
|- sdfEDASED82342dsd : true
|- SDEdsdfwer343dsdf : true
-Jsdeesdfffffs433
|- 43334sdfsrfesrdfg : true
|- sdfsf333fsdfsrrrr : true
This connects the books to the users. So each user has an array of books . This is the target to access when you want the user to perform CRUD operations
var usersRef = new Firebase('https://test.firebaseio-demo.com/user_books');
var ref = usersRef.child('userID');
When you create a book you will need to update both the book table and the user_books table with the selected user(s) associated to the book
Related
I'm developing an app in which I need to show come "coupons" I get from the API. I also have a "liked coupons" page where I need to show the ones the user has liked. I'm facing 2 problems here:
1- I don't know how to store likes, should I implement a local database for everything or should I ask our back-end team to save the liked/not liked state on the server?
2- I have a model class for coupons, and I have a coupon_list widget which is a horizontal listview.builder(). the problem is that some coupons are being showed in 2 or 3 different lists and I need them to all turn to liked when user likes an instance from a single list. how can I do that? (I want to do something like working with pointers in c++, passing the ACTUAL variable instead of it's value so it changes globally)
I would like to suggest you to store it in server as well. (Ask to your back-end team to add parameter) So that if user logout or sign in from different device "liked coupons" data will be available in all cases.
And for 2) multiple coupon entry you have to manage it via unique id. Like every coupon has its unique series no / pattern num. So you can put condition on that. i.e. Add "unique_no" to liked_list from all available list of coupon
Solution
Use Shared Preferences! This is something like a database on the device you are currently running. So if the user makes a like you can save that on their device!
To add Shared Preferences to your app look this video
Hope it helps!
I am having a problem in ReactJS. I want to create a text editor ( with ReactQuill). So, I want different accounts for each user, such that, if one person creates a note and edits it in his account, the other person should not see this.for example this is my current stage - https://wright-text.web.app. After you create your account and login you would see a note called first note because that's the note I created. What should I do so that when you login you see no notes because you have not created a note, but when I login, I should see the note I had already created. How would I do this ??
You need to add a scope to notes endpoint so that user could only GET notes, which they have created.
You need to add query parameters in the API you are fetching. For example, if you are fetching data via a GET request, add in some specific user id that you assign to your user upon validation and then fetch data of a particular user using that id as a query parameter on your API.
The system itself is pretty easy to understand but tricky to implement. Moreover, security reasons made me think how to do that.
I was thinking to make the function work in frontend firebase scripts simply doing everything there as checking if there is already like/dislike posted by this user and remove/add/switch if user clicked. The problem lies in security of this method: can't user create a new function which won't check if the like was posted?
And if that's possible, how should this system work? Right now my logic:
Clicked like:
locally activate/deactivate like button and remove dislike active class if on
check docs for this user/doc like
`1`? -> remove this doc from collection
`0`? -> switch to `1`, because `0` is dislike
`undefined`? -> create doc with `vote: 1`
change (+1/-1 or +2/-2) the value of post votes fields
Same for dislike. But this sounds really complicated as for such a small feature. Maybe it is possible to wave additional collection with user/votes without losing that level of security? Or using http-triggers may help with this somehow? This feature would be much easier on some PHP-like languages, so I am freaking out right now.
Here are my assumptions.
You have a post with a unique id, let's call it post_id
You have a user with a unique id, let's call it user_id
There are 3 valid states: (Undefined), (Like), (Dislike)
Basic process follows
To store the likes/dislikes, you create a collection called feelings which uses post_id+':'+user_id as it's document id (this makes it easy to look up).
Documents in feelings have a single field called state that stores -1 for dislike, 1 for like.
As you mention, you can simply set or overwrite this value to whatever the user desires. If they decide to remove their 'feeling' and neither like or dislike, issue a delete command (this is cheaper than doing a write to set state to 0).
Use Cloud Functions to listen to the feelings collection and update the post documents like/dislike count based on how this state changes (or gets created/deleted).
Security Rules can enforce only allow states of -1 and 1, and if you're using Firebase Auth, you can trivially enforce only allowing the user matching user_id from being able to change state.
What have you got now?
You now have a system with the following properties:
Users can like and dislike posts
Users can remove and/or change their like/dislikes
Users can only like or dislike a post once - they cannot do it multiple times
Only valid states (like, dislike) can be written to the database
Only the user can update their likes/dislikes
Scalable: Whether it's 10 posts, or millions of posts, this system will work
Bonus credit
Using the same Cloud Functions event you register to update counts, you can also use this to add or remove from a list of user ids in both a like and dislike array. This would allow you to list out users who liked or disliked a post without have to query for each individual document in the feelings collection
Also remember that Cloud Functions has is a small chance it gets triggered more than once for a single event. If you want the counts to be guaranteed to be accurate, either make the code idempotent, or just have a manually triggered 'recount' process you can trigger if you or a user detects the counts seem off by one.
If somebody's wondering for Realtime Database!
var ref = firebase.database().ref(selectchapter + questionId + user_id);
ref.once("value", function (snapshot) {
var exists = snapshot.val() !== null;
if (!exists) {
firebase
.database()
.ref(
selectchapter +
questionId + user_id
)
.set({
status: 1
}).then(function () {
firebase.database().ref(q +
questionId + "likes").transaction(function (likes) {
return (likes || 0) + 1
});
});
}
});
I have a login page,
when a user login for the first time it should show the terms and agreement popup with accept button.
if user is accepted it for the first time . when user login for next time popup should not come.
i want to use local storage for this function no db changes allowed.
so what i have to save in localstorage. the scenario is complex when this has to work for diffrent users.
in angularjs i m using ngstorage plugin.
i can save data into local storage like
$localStorage.data="username";
in this case how i have to save for diffrent diffrent user?
You can have a key value pair, where key indicates the username and value indicate whether it has been loaded or not and push them into an array.
Something like this,
var testObj = { 'John': true };
// Put the object into storage
localStorage.setItem('John', JSON.stringify(testObject));
Similarly for all the users.
Then retrieved by using username,
var retrievedObject = localStorage.getItem('John');
console.log('User has already loaded: ', JSON.parse(John));
DEMO APP USING angular-local-storage
In GAE, can you look up a User with the User object's user_id?
In other words, is there something equivalent to:
from google.appengine.api.users import User
user = User.get_by_id(user_id)
I don't think so.
... they certainly wouldn't just give you access to every holder of a google account!
The idea is that you store user ids as properties in your datastore, once they've logged in to your app.
There is a property type called UserProperty
http://code.google.com/appengine/docs/python/datastore/typesandpropertyclasses.html
So, you can query your list of users from your own datastore definition.
hth
This seems to be the only post on the internet regarding this and since I was looking for a solution, I thought I'd post what I found here.
What amir75 said about using the UserProperty is fine for storing the User object itself returned by the google.appengine.users module.
But if you need to lookup a User by the user_id field instead of the default email field, usually something like user = User(email = 'validmail#gmailorgapps.com')
You can use this to query by user_id. user = User(_user_id = 'validuserid') The valid user_id is something that you got earlier from calling user.user_id()
I'm not sure what amir75 is referring to about having access to all google accounts since the User object returned will only have the email address and nickname, and that too only if the user authorizes the application to access that information.
My use case for this is I want people to sign up on the site, but they need an administrator to confirm them for using the site. The form used by the administrator for confirming the users can use email id as the field to identify the checkbox for confirming the user, but given that it might change, the user_id seems to be a safer field to use.