Created
February 10, 2016 00:25
-
-
Save katowulf/377d1eba527fefe288ef to your computer and use it in GitHub Desktop.
A list of example patterns for security rules validations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "rules": { | |
| // REQUIRED FIELDS | |
| "example1" : { | |
| "$record": { | |
| // foo and bar are required fields that must always exist | |
| // this will reject writes to $record, as well as directly to $record/foo or $record/bar if they are null | |
| ".validate": "newData.hasChildren(['foo', 'bar'])" | |
| } | |
| } | |
| // NO DELETE ALLOWED | |
| "example2": { | |
| "$record": { | |
| // records can be written but not deleted | |
| ".write": "newData.exists()" | |
| } | |
| } | |
| // RECORDS CAN BE ADDED OR DELETED BUT NOT REPLACED OR MODIFIED | |
| "example3": { | |
| "$record": { | |
| ".write": "(!data.exists() && newData.exists()) || (data.exists() && !newData.exists())" | |
| } | |
| } | |
| // Allow queries but only allow write to specific records | |
| "example4": { | |
| // we can query against example3/ but cannot write to this path | |
| ".read": true, // read access at the parent is necessary to perform queries | |
| "$record": { | |
| // however, we can write to individual records | |
| ".write": true | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment