Last active
January 28, 2024 19:07
-
-
Save codediodeio/6dbce1305b9556c2136492522e2100f6 to your computer and use it in GitHub Desktop.
Common Database Rules for Firebase
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // No Security | |
| { | |
| "rules": { | |
| ".read": true, | |
| ".write": true | |
| } | |
| } | |
| // Full security | |
| { | |
| "rules": { | |
| ".read": false, | |
| ".write": false | |
| } | |
| } | |
| // Only authenticated users can access/write data | |
| { | |
| "rules": { | |
| ".read": "auth != null", | |
| ".write": "auth != null" | |
| } | |
| } | |
| // Checks auth uid equals database node uid | |
| // In other words, the User can only access their own data | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| ".read": "$uid === auth.uid", | |
| ".write": "$uid === auth.uid" | |
| } | |
| } | |
| } | |
| } | |
| // Validates user is moderator from different database location | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| ".write": "root.child('users').child('moderator').val() === true" | |
| } | |
| } | |
| } | |
| } | |
| // Validates string datatype and length range | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| ".validate": "newData.isString() | |
| && newData.val().length > 0 | |
| && newData.val().length <= 140" | |
| } | |
| } | |
| } | |
| } | |
| // Checks presense of child attributes | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| ".validate": "newData.hasChildren(['username', 'timestamp'])" | |
| } | |
| } | |
| } | |
| } | |
| // Validates timestamp is not a future value | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| "timestamp": { | |
| ".validate": "newData.val() <= now" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| // Prevents Delete or Update | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| ".write": "!data.exists()" | |
| } | |
| } | |
| } | |
| } | |
| // Prevents only Delete | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| ".write": "newData.exists()" | |
| } | |
| } | |
| } | |
| } | |
| // Prevents only Update | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| ".write": "!data.exists() || !newData.exists()" | |
| } | |
| } | |
| } | |
| } | |
| // Prevents Create and Delete | |
| { | |
| "rules": { | |
| "posts": { | |
| "$uid": { | |
| ".write": "data.exists() && newData.exists()" | |
| } | |
| } | |
| } | |
| } | |
hi i want know .. how i created key and i cant delet it only . or update . without is child"data"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nice one, thanks for this...
JUST 2 DOUBT, any help will be highly appreciated.
// Checks auth uid equals database node uid
// In other words, the User can only access their own data
{
"rules": {
"posts": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
}
}
}
DOUBT-1
In the above security rule,
the current logged in user can be able to access (read/write) their node/data.
is my understanding correct??
DOUBT-2
and how can i achieve that when the admin of this firebase logged in, then the admin can be able to write, and other user will not be able to access any write operation???