barsju
Reputation: 4446
How to allow users to write new content but not update/delete existing content
So I have this application where anonymous users are allowed to write but not read a specific path. They are posting data to a moderated message board kind of thing.
But with my current security rules, they are allowed to overwrite existing data as well. How can I disallow updates and allow only new posts.
My current security rules:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"inbox" : {
".write": true,
},
"moderated" : {
".read": true,
},
}
}
Upvotes: 4
Views: 1384
Answers (1)
Anant
Reputation: 7428
Use data.exists() to determine if the object they're trying to write already exists:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"inbox" : {
"$post" : {
".write": "!data.exists()",
}
},
"moderated" : {
".read": true,
},
}
}
Upvotes: 6
Related Questions
- How to restrict Firebase data modification?
- Allow only the user who owns the data to edit it in Firebase
- Prevent users from modifying data in Firebase but allow this data to be updated by the application
- How to allow a node to be created, updated and deleted by the creator but not by other users in Firebase?
- How to only allow the user who “owns” the data to edit it? firebase
- Allowing specific user write access
- Firebase - In security rules how do I restrict a user to only update an object that they originally created?
- Firebase allow write without deletion at parent and child nodes
- Firebase user read all, write new, but only modify his own data
- Updating User's Info without allowing user write ability