Custom Firebase Security Rule
Question
What needs to be done?
- Everybody can read items.
- Everybody who is logged in can write items to database.
- Everybody can edit the items with his/her uid as author.
- Users logged in via password (not twitter...) are moderators and can edit all items.
The database:
{
items: [
{
title: "some title",
content: "voila, some content",
author: {
uid: "FSDF-SDFSDF-SDFS-SFZE"
}
}, {
title: "some second title title",
content: "voila, some other content",
author: {
uid: "1234-234235-2342-2342"
}
}
]
}
The rules:
"items": {
".read": true,
".write": "auth !== null",
"$item": {
".read": true,
".write": "auth !== null && auth.provider === 'password' or root.child('items/' + $item + '/author/uid').val() === auth.uid"
}
}
What is wrong?
1 answers
solution1
0 2015-12-18 14:48:04
You can use the newData server variable to get the author.uid property. Then use that to check it against auth.uid .
"items": {
".read": true,
"$item": {
".write": "newData.child('author/uid').val() === auth.uid || auth.provider === 'password'"
}
}
You also had the word or in the expression rather than || .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Unable to structure a Firebase Database security rule properly
Firebase EqualTo performance & security
Firebase Security Rules?
Change the firebase security role
Network Security Group Rule Audit (Azure)
Access property in firebase security rules
FireBase Security Rules with User roles
Firebase security - how to stop overwriting
Firebase rule - how to restrict value to boolean?
Parse AWS security group with jq and add new ingress rule
Related Tags