-
-
Save codediodeio/6dbce1305b9556c2136492522e2100f6 to your computer and use it in GitHub Desktop.
// No Security | |
{ | |
"rules": { | |
".read": true, | |
".write": true | |
} | |
} | |
// Full security | |
{ | |
"rules": { | |
".read": false, | |
".write": false | |
} | |
} | |
// Only authenticated users can access/write data | |
{ | |
"rules": { | |
".read": "auth != null", | |
".write": "auth != null" | |
} | |
} | |
// Checks auth uid equals database node uid | |
// In other words, the User can only access their own data | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
".read": "$uid === auth.uid", | |
".write": "$uid === auth.uid" | |
} | |
} | |
} | |
} | |
// Validates user is moderator from different database location | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
".write": "root.child('users').child('moderator').val() === true" | |
} | |
} | |
} | |
} | |
// Validates string datatype and length range | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
".validate": "newData.isString() | |
&& newData.val().length > 0 | |
&& newData.val().length <= 140" | |
} | |
} | |
} | |
} | |
// Checks presense of child attributes | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
".validate": "newData.hasChildren(['username', 'timestamp'])" | |
} | |
} | |
} | |
} | |
// Validates timestamp is not a future value | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
"timestamp": { | |
".validate": "newData.val() <= now" | |
} | |
} | |
} | |
} | |
} | |
// Prevents Delete or Update | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
".write": "!data.exists()" | |
} | |
} | |
} | |
} | |
// Prevents only Delete | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
".write": "newData.exists()" | |
} | |
} | |
} | |
} | |
// Prevents only Update | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
".write": "!data.exists() || !newData.exists()" | |
} | |
} | |
} | |
} | |
// Prevents Create and Delete | |
{ | |
"rules": { | |
"posts": { | |
"$uid": { | |
".write": "data.exists() && newData.exists()" | |
} | |
} | |
} | |
} | |
Only if you authenticate the user , the access is given .Like you need to perform firebase authentication using email password or mobile signin or any other method and then try to access the database .
This doesn't seem to be correct (checking if the user is a moderator): ".write": "root.child('users').child('moderator').val() === true"
Shouldn't it be this way? ".write": "root.child('users').child('moderator').child(auth.uid).exists()"
@bulatgab - Were you able to get this to work? I've tried this but keep getting 401 errors.
Hi all. I am using the Firebase rest API to read/write to Firebase real-time database. e.g. "[path-to-db].json".
How do I set the db rules to be able to freely read from the database, while needing to pass an auth password in URL to be able to write to the database? e.g. "[path-to-db].json?auth=[some-password]"
Nice one, thanks for this...
JUST 2 DOUBT, any help will be highly appreciated.
// Checks auth uid equals database node uid
// In other words, the User can only access their own data
{
"rules": {
"posts": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
}
}
}
DOUBT-1
In the above security rule,
the current logged in user can be able to access (read/write) their node/data.
is my understanding correct??
DOUBT-2
and how can i achieve that when the admin of this firebase logged in, then the admin can be able to write, and other user will not be able to access any write operation???
hi i want know .. how i created key and i cant delet it only . or update . without is child"data"
Can you help me? I'm newer so I don't know in deep of this problem. When I used this:
{
"rules": {
".read": "auth != null",
".write": "auth != null"
}
}
It's doesn't worked. It appear a message 401 (Unauthorized)
It worked only for:
{
"rules": {
".read": true,
".write": true
}
}