appendToAdminClaims()

appendToAdminClaims

Function Name

appendtoadminclaims

Trigger

This Cloud Function is triggered by a direct call (onCall). It expects to be invoked typically through a client-side request.

Inputs

The function expects a JSON payload with the following structure:

  • requesterUid: The UID of the user making the request. Extracted from request.auth.uid, indicating this function is protected and can only be called by authenticated users.
  • targetUid: The UID of the user whose admin claims are being updated.
  • districtId: The ID of the district to append to the user's claims.
  • schoolId: The ID of the school to append to the user's claims.
  • classId: The ID of the class to append to the user's claims.
  • familyId: The ID of the family to append to the user's claims.
  • groupId: The ID of the group to append to the user's claims.

The input also contains an action key, which is statically set to "append". This function is designed to add organizational affiliations to a user's administrative permissions.

Outputs

The function outputs the result of the appendOrRemoveAdminOrgs function, which is a method handling the database update logic.

Description

The appendtoadminclaims function is responsible for appending organization-specific claims to a specified user's administrative profile. This operation facilitates the dynamic management of user access within various organizational structures like schools, classes, and groups. By modifying admin claims, the system can control access to certain resources or administrative functionalities.

Error Handling

While explicit error handling is not shown in the snippet, it should be implemented within the appendOrRemoveAdminOrgs function or be part of a higher-level error management strategy. Errors might include unauthorized access attempts, invalid UID entries, or failures in database operations. These should be logged and, where appropriate, returned to the caller in a format that aids in debugging but does not expose sensitive system details.

Security Considerations

  • Authentication: The function checks that the request is made by an authenticated user (request.auth.uid must exist).
  • Authorization: It should be verified that the requester has the appropriate rights to modify admin claims, especially if targeting another user’s claims. This might involve additional checks against userClaims to confirm administrative privileges.
  • Data Validation: The function should validate the input data to ensure that all IDs are in a proper format and refer to existing entities in the system. This prevents injection of invalid data into the system.

Deployment

This function is deployed automatically using GitHub actions, whenever changes are merged into the main branch.

Edit this page
Last Updated:
Contributors: Kyle Montville, Adam Richie-Halford, Kyle, Elijah Kelly