How to implement collaborator invitations using firebase?

Question

I am developing an app with firebase and angular and angularfire. I would like to implement a "invite collaborators" feature in much the same way as firebase itself implements collaboration - that is, the app user can enter an email address to invite collaborators which would send an email and generate an "inviteToken", just as is done when inviting collaborators in firebase itself. I understand that security rules (to limit collaborator access) and schema design( a /collaborators 'folder' ? ) are one aspect, which can be accomplished using native firebase and angular. My question is how to best implement the invite email and the 'inviteToken'? What would be the most expedient way to implement such an invitation feature? Could it be done using native firebase? Or would one need to implement separate, server side code (nodejs?)? Perhaps someone from the firebase team can opine based on how firebase itself implements collaboration.

Answer 1

You can implementation collaboration by hashing the email address of the user you want to share a particular piece of data with, and storing it under a permissions field.

For example, let's start with a path /items/item1 that is owned by 'user1':

{
  "items": {
    "item1": {
      "data": "foobar",
      "permissions": {
        "user1": true
      }
    }
  }
}

You'd set the security rules for the data as follows:

{
  "rules": {
    "items": {
      "$item": {
        ".read": "data.child('permissions').hasChild(auth.uid)",
        ".write": "data.child('permissions').hasChild(auth.uid)" 
      }
    }
  }
}

Now when 'user1' wants to share 'item1' with 'user2', they will simply write the value 'user2' and set it to true under the permissions key. You can extend the structure of the 'permissions' key to be as granular as you want (eg: collaborators can only read, but owner can both read and write, etc.)

In practice, you may want to use hashes of the user's email addresses, for example. Also take a look at Simple Login for an easy way to authenticate your users (once authenticated, the auth variable used in the security rules above are automatically set for you).