search

AmitXShukla / Online-School-Management-App-Angular-Firebase

Angular 11.0 Firebase App - Online School , Student Management App
184 stars 88 forks source link

list of students created by admin , and the original users logged in as students are not linked ?! how to sync them together ?! #12

Closed thotasirisha closed 4 years ago

thotasirisha commented 4 years ago

Sir , this project is very good. i'm really glad i found this. i'm using this for my major project. (logged in as admin here) Sir, what i noticed is, when an admin creates students, he has to mention which enrollment code , fee code and marks code does the student belong to. As you've mentioned in your video, that they will get updates or view information based ONLY on that criteria. like this image

(even in your explanatory video 0 and 1, you skipped the part saying i have to update data then it will show )

sooo, in personal information, sir, in this , is the "student id" and "passcode" the actual login details? i dont think so.

so a student information is being created with enrollment codes, but how to find actual login details of that particular student??

section 2 : when a new account is created, i made that person as student /admin/ teacher based on the secret org key (yes i set up the org keys ). which is working well and good,
(so now i logged in as a new student and it shows like this )

image

yes, the student should not be able to modify that information. but it is blank!! but same time, how to set those values to him? like how to give those enrollment, fee etc to him ? how to make this student account and the student in the list of students account sync together ? something is missing.
what are the "missing user permissions" error ? and how to grant them ?

I WOULD BE VERY GRATEFUL TO YOU IF YOU RESOLVE THIS SIR. AWAITING YOUR REPLY. THANKYOU.

AmitXShukla commented 4 years ago

Thanks for reaching out and I understand open issues/GAP with this app. First of all, this is a community project and so things may not be perfect. However, since you made this far, I am very sure you are very close to making it perfect.

Please see, only admin/employee or staff should create user at first through Manage Student menu. Once they create students, they need to share SKEY with Students. Students can further save this SKEY as their Phone # in settings page. and if both of this matches, Students will be able to see their profiles.

Online-School-Management-App-Angular-Firebase/src/app/manage/student-view.component.ts BackendService Line #76 getUserStudentDoc() { return this.getDoc('USERS', this.afAuth.auth.currentUser.uid) .pipe(switchMap(res => this._afs.collection(this.getCollUrls('STUDENT'), ref => ref.where('SKEY', '==', res['phone'])).valueChanges() )); }

thotasirisha commented 4 years ago

sir i tried giving the same skeys from the student created by the user and updated it in the student settings page in "phone# passcode" , but still there is no change.

the personal details are not being updated with enrollment codes and also student is not able to view the respective tutorials or homeworks or anything that is uploaded .

AmitXShukla commented 4 years ago

Can you please create a temp GitHub repo and upload your source code.

  1. Otherwise, do a console log on the functions I mentioned above and try to debug.
  2. Please make sure you do not see any missing permission errors, that means your Firebase authentication or Firebase rules aren’t setup correctly.
  3. Please try to write your own function and from manage student page and student view page and do comparison on console to see what values you are comparing in functions and what are you entering in form.

On Mar 12, 2020, at 10:54 PM, thotasirisha notifications@github.com wrote:

 sir i tried giving the same skeys from the student created by the user and updated it in the student settings page in "phone# passcode" , but still there is no change.

the personal details are not being updated with enrollment codes and also student is not able to view the respective tutorials or homeworks or anything that is uploaded .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

thotasirisha commented 4 years ago

sir i have errors in firebase rules but i copy pasted exactly .
unused function isSMSParent , and SMSStudent , and Invalid variable name: request

errors

thotasirisha commented 4 years ago

sir i tried giving the same skeys from the student created by the user and updated it in the student settings page in "phone# passcode" , but still there is no change.

the personal details are not being updated with enrollment codes and also student is not able to view the respective tutorials or homeworks or anything that is uploaded .

sir what i observed is, the passcode when matched, the student information is being displayed/updated correctly, it works well BUT only when the role is being as ADMIN, ( when i set the role as admin and i try to check different passcodes, different students info is being updated nicely )

the same scene when the passcode is updated but role is STUDENT , then it is showing missing permissions error.

AmitXShukla commented 4 years ago

can you please copy paste all of your firestore rules? it;s difficult to see in pic. and I assume, this is a FireStore database not Firebase.

thotasirisha commented 4 years ago

rules_version = '2'; service cloud.firestore { match /databases/{database}/documents {

// This rule allows anyone on the internet to view, edit, and delete
// all data in your Firestore database. It is useful for getting
// started, but it is configured to expire after 30 days because it
// leaves your app open to attackers. At that time, all client
// requests to your Firestore database will be denied.
//
// Make sure to write security rules for your app before that time, or else
// your app will lose access to your Firestore database

// SMS App Rules START

// SMS App Rules START match /SMS_ROLES/{document} { allow read, write: if false; } match /SMS_USERS/{document} { allow create: if exists(/databases/$(database)/documents/SMS_ROLES/$(request.resource.data.secretKey)) && get(/databases/$(database)/documents/SMS_ROLES/$(request.resource.data.secretKey)).data.role == request.resource.data.role; allow update: if exists(/databases/$(database)/documents/SMS_ROLES/$(request.resource.data.secretKey)) && get(/databases/$(database)/documents/SMS_ROLES/$(request.resource.data.secretKey)).data.role == request.resource.data.role && isDocOwner(); allow read: if isSignedIn() && isDocOwner(); } match /SMS_CONFIG_ENROLL_CD/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } match /SMS_CONFIG_FEE_CD/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } match /SMS_CONFIG_MARKS_CD/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } match /SMS_STUDENTS/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } match /SMS_STUDENTS/{document}/notifications/{doc} { allow read: if isSignedIn(); } match /SMS_FEE/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } match /SMS_MARKS/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } match /SMS_EMPLOYEE/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff(); } match /SMS_SALARY/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff(); } match /SMS_SALARY_CD/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff(); } match /SMS_VOUCHER/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff(); } match /SMS_EXPENSES/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff(); } match /SMS_ASSIGNMENT/{document} { allow read, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); allow write: if true; } match /SMS_CLASSES/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } match /SMS_HOMEWORK/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } match /SMS_TUTORIALS/{document} { allow read, write, delete: if isSMSAdmin() || isSMSStaff() || isSMSTeacher(); } function isSMSAdmin() { return get(/databases/$(database)/documents/SMS_USERS/$(request.auth.uid)).data.role == 'admin'; } function isSMSStaff() { return get(/databases/$(database)/documents/SMS_USERS/$(request.auth.uid)).data.role == 'staff'; } function isSMSParent() { return get(/databases/$(database)/documents/SMS_USERS/$(request.auth.uid)).data.role == 'parent'; } function isSMSTeacher() { return get(/databases/$(database)/documents/SMS_USERS/$(request.auth.uid)).data.role == 'teacher'; } function isSMSStudent() { return get(/databases/$(database)/documents/SMS_USERS/$(request.auth.uid)).data.role == 'student'; } function isDocOwner(){ // assuming document has a field author which is uid // Only the authenticated user who authored the document can read or write return request.auth.uid == resource.data.author; // This above read query will fail // The query fails even if the current user actually is the author of every story document. // The reason for this behavior is that when Cloud Firestore applies your security rules, // it evaluates the query against its potential result set, // not against the actual properties of documents in your database. // If a query could potentially include documents that violate your security rules, // the query will fail. // on your client app, make sure to include following // .where("author", "==", this.afAuth.auth.currentUser.uid) } function isSignedIn() { // check if user is signed in return request.auth.uid != null; } // SMS App Rules END

} }

thotasirisha commented 4 years ago

yes sorry , it is firestore database.
when i remove the first line in the above rules shows no errors, but the missing permissions problem still persists.

and i couldnt make a repo, this is the drive link instead https://drive.google.com/open?id=12A3JbSJOjpnVLKBVGrcAEzPdbc_t_PTW

sir i have errors in firebase rules but i copy pasted exactly . unused function isSMSParent , and SMSStudent , and Invalid variable name: request

errors

AmitXShukla commented 4 years ago

Try to delete all unused function, but point is, you should not see any error in your FireStore Rules setup. Not coming back to missing permission problem, please make sure, backend.service functions you write, matches the criteria. I will also try to download this repository and refresh it with new code, but Last I checked, it was working fine for me with out any issues. Please have some patience and try to debug one function at a time like I suggested above Debug means, for the collection (Like SMS_STUDENTS), try changing rule like say read, write = true and get rid of all functions and see if your front end is able to access that collection or not.

thotasirisha commented 4 years ago

Sir, i changed the firebase rules as per requirement and now i can see all the data being uploaded is displayed correctly as per roles.. thankyou. But i found 2 more issues now.

1. live notifications is not working. Console is not showing any error. i tried changing the rules of match /SMS_USERS/{document} create, update, delete as true and tried, and also
match /SMS_STUDENTS/{document}/notifications/{doc} this function also. still notifications are not displayed. i attached rules and console screenshot in the document.

2 the contact form in the navbar , when details are filled and submitted, it says network connection error. console shows error. plz see the document.

https://docs.google.com/document/d/15jU3LIDnfH0a421bWkyzKCFrtCPEL9MN99DiwH-ogOU/edit?usp=sharing