I have an app where artists can upload songs and users can download and listen to these songs. I want to prevent artists from accessing the content available to users and users to prevent the content available to artists. I am currently using StreamBuilder with userChanges() to achieve that. The problem is that users are able to access artist's screen using the token they get from logging in/signing up, and the same is the case on the artist side.
Is there a way where I can make sure users are unable to access artist screen, and vice-versa?
CodePudding user response:
There are a few ways to do this, depending on whether you would like to secure the frontend, database or both.
On the frontend you can use properties on the users document such as artist
or an object on their document such as
permissions: {
user: true,
artist: false
}
You can then read that property on the frontend and route away as needed.
To secure the database you can use security rules
.
Please see The Docs for more role based authentication information.