Reputation: 145
Firebase Security Rules Nesting
I am creating an reddit-type app. I have an array of stories, and each story has a title, description, and a voteCount. I want to have separate .write rules for the voteCount, so I structured my rules like this -
"stories": {
"$story_id": {
"title": { ".write": "auth !== null" },
"description" { ".write": "auth !== null" },
"voteCount": { ".write": "newData.val() === data.val() + 1" },
}
}
This works for existing stories.However, this no longer allows me to add a new story, unless I add the .write rule directly to the $story_id node. And of course this stops me from having the special .write rule for the voteCount node.
Any ideas on why this happens?
Upvotes: 1
Views: 246
Answers (1)
Reputation: 598886
So users have .write access on a higher level, but they can only write data that follow specific rules?
You'll want to put that in a .validation rule, instead of a .write rule.
A simple way to remember this is that .write rules determine who can write data, while .validate rules determine what data can be written.
Upvotes: 1
Related Questions
- Security rules dont cascade like the docs said
- Firebase different security rules for different child
- Firestore nested security rule
- Multiple inhertitance Firebase security rules
- Complex Firebase Security Rule
- Firebase security rules traversing through the database for validation
- Security rules in Firebase
- firebase security rules not working as expected
- Firebase security with angularfire
- Firebase Security Rules