1

I have a Firestore structure with an "organizations" collection and a "users" collection.

When a user creates an account via Auth, I'd like to create a new "Organization" and add him to this organization. That means having a "Create" right.

The problem is that, by doing so, the user can create multiple Organizations and be in them.

The other issue I'm facing is regarding the changes. When that user will change their information (name, email, etc), it will also update their line at the "users" collection, but that also means they will be able to change the "organization" reference and point it to another one, which is bad.

So I wonder what is the proper way to do so, and/or if I'm doing it wrong.

Alex Mamo
  • 130,605
  • 17
  • 163
  • 193
Cyril N.
  • 38,875
  • 36
  • 142
  • 243
  • `The problem is that, by doing so, the user can create multiple Organizations and be in them.` Does that mean an user is able to create multiple accounts via Auth? Secondly, if you want to prevent the user from changing any certain field, say in your case `organisation reference`, you can use Firestore Security rules mentioned [here](https://firebase.google.com/docs/firestore/security/rules-fields#preventing_some_fields_from_being_changed) to achieve that. – Prabir Nov 21 '21 at 07:52
  • No, one user can create only one account, but if I give him the right to create an organization (needed when creating an account on a new organization), then that user will be able to create multiple organizations. That's my issue. – Cyril N. Nov 21 '21 at 20:45
  • Before letting the user create an Organization you can query the database and validate if there is an existing Organization linked to the user. If it is linked then the request to create can be rejected. If there is no Organization linked then only the user should be able to create it. – Prabir Nov 22 '21 at 10:17
  • @Prabiryour suggestion is interesting, but it doesn't block the user from creating multiple new organizations. One solution I have in mind, is to move that process to the backend, and disallow writes for the user. – Cyril N. Nov 22 '21 at 10:36
  • Yeah, I was telling for the validation in the backend only. – Prabir Nov 22 '21 at 10:54

1 Answers1

0

That technique is called denormalization and it's a common practice when it comes to top NoSQL databases.

As I understand from your question, you want to add users to be part of the organization. In that case, there is no need to duplicate the data. I would use a structure that looks like this:

Firestore-root
  |
  ---- users (collection)
  |     |
  |     --- $uid (document)
  |          |
  |          --- organizations: [$orgId, $orgId, $orgId] (array)
  |
  ---- organizations (collection)
        |
        --- $orgId (document)
             |
             --- users: [$uid, $uid, $uid] (array)

In which "organizations" is an array that holds organizations IDs, and "users" is an array that holds user IDs.

Since we usually are structuring a Firestore database according to the queries that we want to perform, the above schema will help you query all the organizations a user is a part of or all users that are a part of an organization. This means that if you want to display user data, you have to perform a new Firestore database call.

Alex Mamo
  • 130,605
  • 17
  • 163
  • 193
  • I don't have any issues with denormalization. My problem is on how to ensure that the user will be on the proper organization, while ensuring that user won't be able to have rights to change their organizations to another one, and/or create any new organizations. – Cyril N. Nov 21 '21 at 20:46
  • In that case, you should limit the user not to perform such operations. That can be simply done using [security rules](https://firebase.google.com/docs/firestore/security/get-started). – Alex Mamo Nov 22 '21 at 08:58