The question is the tech stack I'm using for a Flutter Web App. I've already made a firebase authentication class on django and the two are working great so far.
My question is if it's necessary for me to use Django's permissions. For example, the IsAuthenticated permission class states that it
will deny permission to any unauthenticated user, and allow permission otherwise.This permission is suitable if you want your API to only be accessible to registered users.
I can do a similar work around with Firebase Auth as I could show the user a completely different page based on their Firebase Auth status. For example, if a user tries to navigate to a simplified dashboard in the url could I use this as a crude form of authorization?
class UserDashBoard extends StatelessWidget {
const UserDashBoard({required Key key}) : super(key: key);
@override
Widget build(BuildContext context) {
var user = FirebaseAuth.instance.currentUser;
return Scaffold(
body: user == null
? const Text(
'You are not signed in. Please sign in or register an account')
: Center(
child: Text('Welcome, ${user.displayName}'),
),
);
}
}
It seems like sending a network request would be accomplishing the same thing. I feel like similar code can be done to accomplish Django's IsAuthenticatedOrReadOnly permisson class as well, however maybe I'm missing out on a big security issue. If that's the case, I would likely implement the same solution just with some permission classes as well on the backend just in case.
