Last active
April 26, 2022 22:21
-
-
Save sararob/331760829a9dcb4be3e7 to your computer and use it in GitHub Desktop.
Role-based security in Firebase
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This example shows how you can use your data structure as a basis for | |
| your Firebase security rules to implement role-based security. We store | |
| each user by their Twitter uid, and use the following simplistic approach | |
| for user roles: | |
| 0 - GUEST | |
| 10 - USER | |
| 20 - MODERATOR | |
| 99 - ADMINISTRATOR | |
| This file shows the data structure, and the security-rules file below | |
| shows the corresponding security rules. | |
| */ | |
| { | |
| "users": { | |
| "twitter:12345": { | |
| "full-name": "Sara Robinson", | |
| "username": "SRobTweets", | |
| "role-value": 10 | |
| }, | |
| "twitter:56789": { | |
| "full-name": "Michael 'Kato' Wulf", | |
| "username": "katowulf", | |
| "role-value": 20 | |
| } | |
| .... | |
| }, | |
| "rooms": { | |
| "public-room-1": { | |
| "users": { | |
| "twitter:56789": 20, | |
| "twitter:12345": 10 | |
| } | |
| }, | |
| "admin-only-room": { | |
| "users": { | |
| "twitter:56789": 20 | |
| } | |
| } | |
| ... | |
| }, | |
| "messages": { | |
| "public-room-1": { | |
| -JVwTPcWMIt0J6Gbtrqh: { | |
| "user": "twitter:12345", | |
| "text": "Hello everyone!" | |
| } | |
| ... | |
| }, | |
| "admin-only-room": { | |
| -JVwU5tLQRPbzXo4s_a1: { | |
| "user": "twitter:56789", | |
| "text": "This is a top secret message." | |
| } | |
| ... | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "rules": { | |
| ".read": true, | |
| "users": { | |
| "$user": { | |
| //can add a message if authenticated | |
| ".write": "auth.uid === $user" | |
| } | |
| }, | |
| "rooms": { | |
| "$room": { | |
| "users": { | |
| // can write to the users list only if ADMINISTRATOR | |
| "$user": { | |
| "write":"newData.parent().child(auth.uid).val() === 99" | |
| } | |
| } | |
| } | |
| }, | |
| "messages": { | |
| "$room": { | |
| "$message": { | |
| //can add a message if they are a MEMBER | |
| ".write": "(!data.exists() && newData.exists() && root.child('rooms/' + $room + '/users/' + auth.uid).val() >= 10)" | |
| } | |
| } | |
| } | |
| } | |
| } |
@lazabogdan if it still matter, that code was written in Bolt.
Accordingly to Firebase "Bolt is a high level modeling and security language that lets you easily translate your application’s data structure to the low-level JSON rules needed to secure your data in Firebase."
I`m using it in some projects and its preety good.
are you still using it ? It is not clear if it will be maintained after Firebase 3.0
I am working on an advanced role based security rules system for an app based on this.
chat_permissions
chat1
admins
user1= true
user2 = true
observers
user3 = true"chat_permissions": {
".read": "auth != null",
"$group": {
".write": "data.child('admins').hasChild(auth.uid) || !data.child('admins').exists() "
// allows to modify users permissions (as well as add or delete users) if user is admin or if there are no admins
}
}
After this you set all security rules based on user permissions
Why do you want to this ir you have the admin sdk for node?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I just wrote up some thoughts on what I think is a promising solution to admin / moderator roles from the Firechat app (written by the Firebase devs) - http://curlybrackets.co/blog/2016/03/07/implementing-roles-in-firebase/