AngularM
Reputation: 16618
Firebase - In security rules how do I restrict a user to only update an object that they originally created?
Firebase - In security rules how do I restrict a user to only update an object that they originally created.
So they cannot update another persons object?
Current security rules:
{
"rules": {
"organisations": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
}
}
}
This prevents the user doing anything.
This is the firebase organisations table:
Upvotes: 1
Views: 249
Answers (1)
David East
Reputation: 32604
You can check on the auth.uid variable and the newData variable.
{
"rules": {
"organisations": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid",
".validate": "newData.hasChildren(['uid'])
}
}
}
}
This means that your data must have a uid property.
Check out the Firebase Security Guide for more information.
Also, you may want to check out the Bolt compiler.
Upvotes: 2
Related Questions
- Firebase security rules: allow update only one field
- Firestore rules - How to allow create but not update?
- how to set security rules to prevent updating of data by other users in firebase
- How to restrict Firebase data modification?
- How to set firebase security rules in order to allow only update of certain fields in document?
- Firebase database rules allow update but prevent create
- Set rule to allow unauthenticated users to only write new data in Firebase database
- Firebase Rules for object only for creator and admin user
- Firebase user read all, write new, but only modify his own data
- How to allow users to write new content but not update/delete existing content