Meteor.users maintaining users - meteor

I have a Meteor app where I need to:
Create / update app users including their name, username and password. So I was wondering if first is it possible to do so while login to the app as a Meteor user? In other words is it possible to create / update other app users while logging in as an app user? I've tried to search for an example / how to but couldn't find any so any help will be highly appreciated.
Add custom fields to Meteor.users document (ex. User type(accountant / sales...etc), Phone...etc)? After research couldn't find any example except on how to update Meteor.users profile in update only, but couldn't find how to do so when creating the new user, so any help will be highly appreciated.
Thanks

To add fields to user simply use onCreateUser function
Accounts.onCreateUser(function(user) {
user.type = "customer";
user.phone = "123456789";
//etc
return user;
});
And I didn't understand first question, but you can update user data by making query, such as:
Meteor.users.update({_id:this._id},{$addToSet~});

Related

Flutter dynamic links test

Edited Question :
I have an issue with Firebase Dynamic Links Packag , My goal is getting know if new user installed and opend my app for first time to give him a rewards like 10 point . I tried to search everywhere but no answer,in firebase website there is option to know if user install for first time.
My Goal is : Getting value for first time install & how to debug this code ?
initDynamicLinks when app Lanched :
void initDynamicLinks() async {
FirebaseDynamicLinks.instance.onLink(
onSuccess: (PendingDynamicLinkData dynamicLink) async {
final Uri deepLink = dynamicLink?.link;
if (deepLink != null) {
Navigator.pushNamed(context, deepLink.path);
}
},
onError: (OnLinkErrorException e) async {
print('onLinkError');
print(e.message);
}
);
final PendingDynamicLinkData data = await FirebaseDynamicLinks.instance.getInitialLink();
final Uri deepLink = data?.link;
if (deepLink != null) {
Navigator.pushNamed(context, deepLink.path);
}
}
.
You're mixing two things here.
The First-opens tab gives you the number of unique users who clicked on your Firebase Dynamic Link for the first time.
If you want to know how many unique users used your app, by clicking the Firebase Dynamic Link or not to get to your app, you have to implement the Firebase Analytics plugin to your app.
This way you'll get access to Dashboards showing you how many Unique users you have.
EDIT
Reading your comment, looks like your question is not related to your problem.
What you want here is to attribute rewards for users who invited their friends thanks to a referral link.
Since I never implemented this witout a dedicated backend, the only thing I can share is a use-case I used some time ago explaining the logic to follow to implement it.
https://firebase.google.com/docs/dynamic-links/use-cases/rewarded-referral
EDIT 2
The logic explained in the documentation is the following :
1- Generate a Dynamic Link for UserA.
2- UserA sends the Dynamic Link to someone (called UserB).
3- When UserB starts the app from a Dynamic Link, retrieve the referral informations in the app (to retrieve UserA's informations)
4- Call a route on your backend to attribute the reward to UserA (and check if UserB is really a new user in your database).
The point is, you shouldn't manage a referral/referrer relationship on the client's side (it would be way too easily abused/hacked).
It's the job of a backend (or cloud function) to manage this.
Once you have received the link clickthrough in your app use the google_analytics package to log an event.
Related thread here:
Flutter log event with google analytics
To be honest i have never used Firebase Dynamic Links , But if your Goal is to Achieve a first open or login token , you can always use the Sharedpreferences package , in my case iam using it to navigate to different pages passed on the first login value .
i think that Sharedpreferences is more reliable and easier than what you are trying to achieve with firebase
UPDATE:
what you actually want to do is make a firebase collection with IMEI numbers , when there is a new IMEI that means a new user , when that IMEI is in your collection that means that the app is not installed for the first time ,
you can use this package imei_plugin to get IMEI number and store it on firebase

Request.auth.metadata in security rules?

I have a Firebase project where I'd like for users to be able to see when other users created their profiles. My initial hope was that I could use "user.metadata.creationTime" on the frontend to pass the date into the user's extra info document and verify that it is correct by having "request.resource.data.datecreated == request.auth.metadata.creationTime" as a Database Rule, but it looks like it is not possible according to the documentation.
Is there any way I can verify that the creation date is correct on the backend?
More info edit: Below is the code that is being triggered when a user creates a new account on my profile. The three values are displayed publicly. I'm creating a niche gear for sale page so being able to see when a user first created their account could be helpful when deciding if a seller is sketchy. I don't want someone to be able to make it seem like they have been around for longer than they have been.
db.collection('users').doc(user.uid).set({
username: "Username-156135",
bio: "Add a bio",
created: user.metadata.creationTime
});
Firestore rules:
match /users/{id} {
allow get;
allow create, update: if request.resource.data.username is string &&
request.resource.data.bio is string &&
request.resource.data.created == request.auth.metadata.creationTime;
}
user.metadata.creationTime, according to the API documentation is a string with no documented format. I suggest not using it. In fact, what you're trying to do seems impossible since that value isn't available in the API documentation for request.auth.
What I suggest you do instead is use a Firebase Auth onCreate trigger with Cloud Functions to automatically create that document with the current time as a proper timestamp. Then, in security rules, I wouldn't even give the user the ability to change that field, so you can be sure it was only ever set accurately by the trigger. You might be interested in this solution overall.

Steps to retrieve current user data in firebase using vuejs

I’m creating an application where only users I create manually in firebase can log in.
The app consists of a multistep form to gather user information. For example:
Step1 ==> gather user general information
Step2 ==> information about user’s company
I want the user to be able to log back in, see the form fields populated with his data and allow him to edit them if needed.
So far I have the multi step form, that sends data to firebase. I’m using vuex and vuefire.
I understand that I can retrieve the data in two ways: before/after navigation (https://router.vuejs.org/en/advanced/data-fetching.html)
Should I create a child in the database using the currentuser uid and then reference the database using a dynamic route such as"
db.ref('forms/' + user.uid)
I'm a beginnger and I don’t know how to go about this and if it's the correct way to think about it. How would you go about retrieving the data for a specific user and push that data into each field?
There seems to exist a vuexfire https://github.com/chrisbraddock/vuefire-auth-demo could that be the way to go about this?
I'm not familiar with vuefire but I would request user data like the following
// for getting data once
let uid = firebase.auth().currentUser.uid;
let dbRef = "users/"+uid;
firebase.database().ref(dbRef).once("value", snap => {
let email = snap.val().email;
...
})
// for realtime updates
let uid = firebase.auth().currentUser.uid;
let dbRef = "users/"+uid;
firebase.database().ref(dbRef).on("value", snap => {
this.yourVueObject = snap.val().yourData
});

What is the url to edit other users profile

I can't figure out though how to edit another users profile.
If i'm logged in as an admin I want to be able to edit other users profile.
What's the url for that ? Can someone please point me to the right direction ?
I didn't see anything about what you're looking for....
Every time I've to working with it, I just use the User Manager as it's told in the official documentation...
Here is the specific documentation
Maybe should you think to create your own views :
List of Users
Edit of one User
And a Form mapping your User class.
Here is an extract of how to modify user only with UserManager:
$userManager = $container->get('fos_user.user_manager');
$user = $userManager->findUserByEmail($email);
$user->setUsername('John');
$userManager->updateUser($user);

Avoid "user cross access" in Symfony

I am currently working on a project based on Symfony 1.4. I am using the sfDoctrineGuardPlugin to authenticate my two kinds of users : users and admins. For each module and each action in a module, I am using credentials to prevent unauthorized actions execution.
But I am facing a problem : if an user wants to edit a project, for example, the URL will look like frontend.php/project/edit/id/1. Here, we suppose that the project #1 belongs to him. Now, let's suppose that project #2 does not belong to him. If he types the URL frontend.php/project/edit/id/2, he will have access to the edit form, and will be able to edit a project that does not belong to him.
How can I prevent that behaviour ?
I would like to avoid verifying the ownership of each editable model before displaying the edit form... But can I do differently ?
Do you have any good practice or advices to prevent this behaviour ?
Thanks a lot !
Since you will have to check in the projet to know if the current user is allowed to edit the project, I don't think you will have other way than verifying before the edit, in the action part. Why don't you want to do it this way?
This check can be done inside the preExcute function:
public function preExecute()
{
$request = $this->getRequest()
if ($request->hasParameter('id'))
{
$project = Doctrine_Core::getTable('Project')->find($request->getParameter('id'));
$user_id = $this->getUser()->getGuardUser()->getId();
$this->forward404If(
$project->getUserId() !== $user_id,
'User #'.$user_id.' is not allowed to edit project #'.$project->getId()
);
}
}

Resources