Code - psit4-lamas/PSIT4-LaMaS GitHub Wiki

Authorization concept

The concept is based on this blog post: https://www.robinwieruch.de/react-firebase-authorization-roles-permissions/ It doesn't render a component, if a user has not the needed privileges, the component doesn't get rendered. The roles are saved in the firestore database in the collection "user". A user can have multiple roles. The name of the node in the user collection is the user.uid created from firebase.auth().

If a user sign in, he automatically gets the role "STUDENT" (even if there is no role definition in the database).

Usage in your component

If you need authorization in your component, create a function that returns true or false (true for authorized, false for not authorized). This function you can pass as parameter to the withAuthorization(...) function which does then "the magic".

Example for condition functions:

only allow a user with a specific email-address to have access to that component:

const condition = (authUser) => authUser && authUser.userCredentials.email === '[email protected]';

only allow a user with UserRole "TUTOR" to access that component:

const condition = (authUser) => authUser && authUser.roles.includes(UserRoles.TUTOR);

export specification

export default withAuthorization(condition)(connect(mapStateToProps)(UploadComponent));

important:

You only specify the part after the "=>" in the condition function, you can't change something on the method definition (part from "const" to"=>").