We have developed a web application for use in restaurants that shows a list of the workers available during a specific time and the jobs that need to be done during that time. The "shift leader" drags and drops workers onto positions to make the assignments. Workers can then log-in to the software and see their assignments prior to arriving at work.
Overview of software architecture:
* Google's Firestore database holds all data needed for the application
* Web UI written in Angular 7 is used by users to read or make changes to shift information. It also supports writing sensitive employees reviews which can be accessed by some user roles and not others
* Server script reads data from a separate software system that manages employee schedules and shows who is working when and copies the data into Firestore to be viewed by our users. Server script runs on Nodejs and is triggered by a chron job running every 15 minutes.
* All project source code is in a private Github repository
* We have a Cloud9 IDE that may make it easier for a developer to review the project without a complicated IDE setup on their end
* Changes will need to be made on live production environment without disrupting current paying customers, we don't have a dev / sandbox environment available for testing.
The original developer is not available and we received a notice from Firebase: "Your Realtime Database has insecure rules
We've detected the following issue(s) with your security rules: any user can read your entire database
Without strong security rules, anyone who has the address of your database can read / write to it, leaving your data vulnerable to attackers stealing, modifying, or deleting data as well as creating costly operations."
We do not allow un-authenticated access to the application or database so there is some security, however would like to get bids for someone to review the configuration and create more robust security rules for data access that would be based on Roles. Admins can access all customer's data, employees of one restaurant would not have access to data from another restaurant.
* Note that the software is being used by live paying customers and we do not have a development / sandbox environment to play in so we need to be careful that this project does not interrupt current customers
* review current nodejs server script and understand how it writes data into the Firestore database
* review Angular application and understand how it reads and writes data into the Firestore database
* Without changing Firestore, document the rules to be implemented that will allow the node scripts and Angular application to have the access they need while restricting assess by role.
* After reviewing proposed changes, add security rules to Firestore to constrain users to access only the data they need based on their user role which is defined in the firestore data
18 freelanceria on tarjonnut keskimäärin $225 tähän työhön
Hi there, I am familiar with google cloud firebase and firebase rules over 7 + years. I can do this task very easily and quickly. lets chat to start now. Thank you. Da.
Angular/Firestore expert hello. I checked your details and understand your point. I cam make security rules depending on user roles. Please drop message me to start proejct now. Thank you.