在Firebase上创建/添加用户

Question

I have been playing with Firebase and I got stuck with a question, I tried to look some docs but I couldn't find a proper answer.

The thing is that Firebase provides a user authentication, that's good, but can I set some limits to this user? So it could have access just to one part of my database scheme? eg: have two grupos on my database:

https://MYFIREBASE.firebaseio.com/group1/posts/ https://MYFIREBASE.firebaseio.com/group2/posts/

and which one has different users, different posts.

Thanks!!

Answer 1

You're looking for Security Rules.

Security Rules are server side validations that restrict access to your Firebase database.

Below are the rules for a read-only database.

{
  "rules": {
     ".read": true,
     ".false": false
  }
}

Security Rules provide server variables that hold important server-side information. The variable you'll be interested in is the auth variable.

The auth variable allows you to check if the user trying to access the database is authenticated.

{
  "rules": {
    "group1": {
       ".read": "auth !== null",
       ".write": "auth !== null"
    }
  }
}

According the rules above only authenticated users can access the /group1 location.

But for user based security, you'll need to index using the user's uid .

{
  "rules": {
    "group1": {
       "posts": {
         "$uid": {
           ".read": "auth.uid == $uid",
           ".write": "auth.uid == $uid"
         }
       }
    }
  }
}

And using wildcards (which are basically route parameters) , you can check to see if the user trying to access the data owns the data.