Security rules to allow login whose field "IsApproved is true"-CodePudding

While registring the account I have set default value as false for the field IsApproved. I want to write the security rules to allow login for those user whose IsApproved:true and route to accessdenied page whose IsApproved:false. Code used for user registration

async register(){
    if(this.firstname && this.lastname && this.email && this.password){
      const loading =await this.loadingCtrl.create({
        message:'Processing...',
        spinner:'crescent',
        showBackdrop:true
      });
      loading.present();
      
      this.afauth.createUserWithEmailAndPassword(this.email,this.password)
      .then((data)=>{
        this.afs.collection('user').doc(data.user.uid).set({
          'userId':data.user.uid,
          'IsApproved':false,
          'userEmail':this.email,
          'userFirstname':this.firstname,
          'userLastname':this.lastname
        })
        .then(()=>{
          loading.dismiss();
          this.toast('Registration Success','success');
          this.router.navigate(['/login']);
        })
        .catch(error=>{
          loading.dismiss();
          this.toast(error.message,'danger')
        })
      })
    }
  }

How do I check if IsApproved field is true or false while user try to sign in code used for signIn

async SignIn(email,password)
    {
     const loading =await this.LoadingCtrl.create({
       message:'Authenticating..',
       spinner:"crescent",
       showBackdrop:true
     });
     loading.present();
     this.afauth.setPersistence(firebase.default.auth.Auth.Persistence.LOCAL)
     .then(()=>{
       this.afauth.signInWithEmailAndPassword(email,password)
       .then((data)=>{
         if(!data.user){
           loading.dismiss();
           this.toast('Please check your credentials','warning');
           this.afauth.signOut();
         }else{
           loading.dismiss();
           this.router.navigate(['/menu']);
         }
       })
       .catch(error=>{
         loading.dismiss();
         this.toast(error.message,'danger');
       })
     })
     .catch(error=>{
       loading.dismiss();
       this.toast(error.message,'danger');
     });
    }

I tried checking using If else If(!data.user.IsApproved)

  if(!data.user){
       loading.dismiss();
       this.toast('Please check your credentials','warning');
       this.afauth.signOut();
     }else{
       loading.dismiss();
        if(data.user.IsApproved===true){
          this.router.navigate(['/menu']);
         }else{
            this.router.navigate(['/accessdenied']);
      }
       
    }
   })

but when I try It says Property 'IsApproved' does not exist on type 'User'. My model looks like

export interface User {
    userId:string;
    IsApproved:boolean;
    userEmail:string;
    userPhoto:string;
    userFirstname:string;
    userLastname:string;
}

I tried to change the security rules allow read,write:if request.auth.uid.IsApproved!=false; It says unknown error occurred I am trying to allow only those user whose IsApproved field is true to access my app for other I am trying to route to access denied.

CodePudding user response：

If you store the IsApproved value in a user-specific profile document in Firestore, you can get() that document in your security rules and use the value from it.

service cloud.firestore {
  match /databases/{database}/documents {
    allow read: if get(/databases/$(database)/documents/user/$(request.auth.uid)).data.IsApproved == true;
  }
}

For another example of this, I recommend checking out the Firebase documentation on attribute and role based access control from where I copied and modified the example above.