Ronnie Smith
Reputation: 18575
Firebase Security Rules for .remove () method
I want to restrict .remove() method on my data - only allowing the author/creator the ability to .remove the node. Is this possible?
I have the standard users tree and a pair of data trees geoFire and one named details. 'Details' has nodes that contain entries like timestamp and user (which matches auth.uid).
Upvotes: 5
Views: 2441
Answers (2)
Govind Samrow
Reputation: 10189
You need to data.exists() rule to add in validate method otherwise it'll be failed for add a node:
i.e. note to delete :
db.ref('path/to/node/' + user).remove()
Rules:
".write": "auth != null",
// Delete or Add
".validate": "data.exists() || (newData.hasChildren(['child1', 'child2', '...'])" ,
Upvotes: 0
Frank van Puffelen
Reputation: 599101
A remove in Firebase means that you're writing no/empty data to a location that currently contains data:
".write": "!data.exists() || newData.exists()"
Quick table to ensure I got all of them:
data. newData.
exists() exists() .write
--------+---------+--------
false false true
false true true
true false false
true true true
Upvotes: 5
Related Questions
- Firebase Cloud Storage security rule for deleting
- Firebase: Doubts about delete rule
- Firebase security rule does not prevent removeValue()
- firebase rules, owner can delete
- Firebase Security Rules - permission denied when trying to remove data from a tree node
- Firebase Delete or a Create rule
- Firebase Security & Rules, How can I let users delete their own data?
- Forbid deleting of data in Firebase
- Remove a user from firebase
- Firebase delete child with security rule !data.exists on write