Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Security rules for creating an incremental, numeric ID in Firebase. See http://jsfiddle.net/firebase/xLq7grcc/
{
"rules": {
".read": true,
".write": false,
"incid": {
"counter": {
// this counter is set using a transaction and can only be incremented by 1
// the total number of records must be less than 10,000 simply for demo purposes
".write": "newData.isNumber() && ((!data.exists() && newData.val() === 1) || newData.val() === data.val()+1) && newData.val() <= 10000"
},
"records": {
"$id": {
// this rule allows adds but no deletes or updates
// the id must inherently be in the format rec# where # is the current value of incid/counter
// thus, to add a record, you first create a transaction to update the counter, and then use that counter here
// the value must be a string less than 1000 characters simply for demo purposes
".write": "$id >= 'rec'+root.child('incid/counter').val() && !data.exists() && newData.isString() && newData.val().length <= 1000"
}
},
// strictly for demo purposes (allows data to be reset)
".write": "!newData.exists()"
}
}
}
@BrunoQuaresma

This comment has been minimized.

Copy link

@BrunoQuaresma BrunoQuaresma commented Apr 7, 2016

Not works the counter :/

@jacwright

This comment has been minimized.

Copy link

@jacwright jacwright commented Jun 5, 2017

Shouldn't $id >= 'rec'+root.child('incid/counter').val() use == instead of a greater than? I don't understand how your fiddle works otherwise because you should be able to put any rec# greater than the current counter in there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment