Last active
April 19, 2024 05:45
-
-
Save DennisAlund/47f48e2d07f595c082327abe2f254792 to your computer and use it in GitHub Desktop.
Firestore rules for article
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
service cloud.firestore { | |
match /databases/{database}/documents { | |
// Alt A: Using roles stored in Firestore user documents to determine access | |
match /collection-a/{document} { | |
allow read: if 'admin' in getUserRoles(); | |
} | |
// Alt B: Using auth claims (role as an array) to determine access | |
match /collection-b/{document} { | |
allow read: if request.auth != null && 'admin' in request.auth.token.roles; | |
} | |
// Function to get user roles from Firestore document | |
function getUserRoles() { | |
return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
service firebase.storage { | |
match /b/{bucket}/o { | |
// Alt A: Using roles in user documents to determine access | |
match /folder-a/{allPaths=**} { | |
allow read: if 'admin' in getUserRoles(); | |
} | |
// Alt B: Using auth claims to determine access | |
match /folder-b/{allPaths=**} { | |
allow read: if request.auth != null && 'admin' in request.auth.token.roles; | |
} | |
// Function to get user role from Firestore document | |
function getRoleFromFirestore() { | |
return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment