I Have a Project Manager App With 3 roles (Admin - Engineer - technicals) I want to make admin approve new Users before they can authenticate to firebase by sending OTP (One-time password) to signup. So that no one can create a new Account on firestore without admin permission. I'm using flutter 2.2 And Firebase Email/Password Authentication.

CodePudding user response：

The way I would do it is to have preferences associated to every user in a separate collection. You can have your login function check if userId.isApproved is true and if it is, you continue. Otherwise, you'd log them out and redirect them to a page saying "This user in not approved"

CodePudding user response：

Essentially what you're trying to do is set up Role Based Access Control (RBAC).

Here is a solution that might fit your use case: You can follow the instructions here: How to disable Signup in Firebase 3.x to disable registration and allow only the admin-sdk to create accounts. Once users apply (perhaps by creating a new Firestore document), admins can view their application and use the admin sdk to create a new account and notify the user.

The more common solution for an RBAC system is to control access with custom claims. Here's how that could work:

1. An onCreate cloud function trigger notifies your admins of a potential new user (eg add a document to a Firestore collection).

2. The admins then view and assign those users to either the Admin, Engineer, or Tech role/custom claim using the admin sdk.

3. You use these custom claims throughout your Firebase services (Firestore, RTDB, Storage, Functions) to control their access across your project.

4. If the admins wish to deny the user, they can use the admin sdk to remove the account.