Moshe Gil
Moshe Gil

Reputation: 93

Firebase storage security rules not working

I try to imply security rules on Firebase storage using metadata and it not working:

service firebase.storage {
  match <firebase-storage-url> {
  match /{userId}/{allPaths=**}{
  allow read: if resource.metadata.userid== userId;
  allow write: if resource.metadata.userid== userId
  }
  }
}


StorageMetadata  metadata = new StorageMetadata.Builder()
            .setCustomMetadata("userid", user.ID)
            .build();

filepath = mStorage.child( user.ID + "/" + String.valueOf(chatmessageamount + 1) + ".mp3");

Can someone help me?

Upvotes: 0

Views: 2029

Answers (1)

Mike McDonald
Mike McDonald

Reputation: 15963

I think what you want is:

service firebase.storage {
  match /b/{bucket}/o {  // this should be this string literally, no need to put in the bucket name
    match /{userId}/{allPaths=**}{
      allow read: if request.auth.uid == userId;
      allow write: if request.resource.metadata.userId == userId;  // request.resource is the resource being written, resource is what already exists (which on first write will be null)
    }
  }
}

Upvotes: 3

Related Questions