Docs

Admin Setup

Before we begin working with the admin, we need to setup 3 things:

  1. Authentication providers

    • Enable your favorite providers in the Firebase console: 1. In the Firebase console, open the Authentication section. 1. On the Sign in method tab, configure the sign-in methods and click Save.
    • Add the authentication providers to the Provider component
    <OrkanProvider firebaseConfig={...} authProviders={['google', ...]}>
        <App/>
    </OrkanProvider>
  2. Firestore security rules

    Add security rules to your Firestore databse

    1. In the Firebase console, open the Database > Cloud Firestore section.
    2. On the Rules tab, paste the following rules definition:

      service cloud.firestore {
        match /databases/{database}/documents {
        	function isGuest(){
          	return request.auth != null
            	&& request.auth.token.firebase.sign_in_provider == 'anonymous'
              && exists(/databases/$(database)/documents/orkanUsers/guest)
          }
      
          function isAdmin(){
            return request.auth != null
            	&& request.auth.uid != null
              && exists(/databases/$(database)/documents/orkanUsers/$(request.auth.uid))
              && get(/databases/$(database)/documents/orkanUsers/$(request.auth.uid)).data.active == true
          }
      
          function canEditPermissions(){
            return isAdmin() && get(/databases/$(database)/documents/orkanUsers/$(request.auth.uid)).data.editPermissions == true
          }
      
          function canEditSchema(){
            return isAdmin() && get(/databases/$(database)/documents/orkanUsers/$(request.auth.uid)).data.editSchema == true
          }
      
        	function canEditData(){
            return isAdmin() && get(/databases/$(database)/documents/orkanUsers/$(request.auth.uid)).data.editData == true
          }
      
        	function isLegalUserRequest(uid, res){
          	return res.data.active == false
            	&& res.data.editData == false
              && res.data.editPermissions == false
              && res.data.editSchema == false
              && res.data.uid == uid
              && request.auth.uid == uid
          }
          match /{collection}/{doc}{
            allow read: if collection != 'orkanUsers'
            	&& collection != 'orkanObjects'
            allow write: if canEditData()
            	&& collection != 'orkanUsers'
              && collection != 'orkanObjects'
          }
      
        	match /orkanUsers/{uid} {
            allow write: if canEditPermissions() || isLegalUserRequest(uid, request.resource)
          	allow read: if (isGuest() && uid == 'guest') || uid == request.auth.uid || canEditPermissions()
          }
      
          match /orkanMedia/{mediaId}{
            allow read: if isAdmin() || isGuest()
            allow write: if isAdmin()
          }
      
          match /orkanObjects/schema{
            allow read: if isAdmin() || isGuest()
            allow write: if canEditSchema()
          }
      
          match /orkanObjects/schemaSettings{
            allow read: if isAdmin() || isGuest()
            allow write: if canEditSchema()
          }
        }
      }
  3. Super user

    Now we are ready for the first login, on your app:

    * Note: this is required only in the first setup

    • Hold the o key until you see a Sign-in modal appearing.
    • Sign-in, a message saying unauthorized should appear.
    • In the Firebase console, open the Database > Cloud Firestore section.
    • open the orkanUsers collection and the document representing your user
    • set active, editData, editPermissions and editSchema to true
    • All ready! now sign-in like described in the first step and you are in.

Next - Setup the schema.