ronenmiller
Reputation: 1137
Firebase - limit write to authorized user
I am writing an app where I have users, and each user has trips.
I have managed to authenticate and insert user's data. Now I want to define rules for the trips list.
Currently I can't get the simulator to work even with the same definitions (getting write/read permissions to users, but failing for trips, see pics):
This is what I have that is failing:
{
"rules": {
"users": {
"$uid": {
".write": "$uid === auth.uid",
".read": "$uid === auth.uid"
},
"trips" : {
"$uid" : {
".write": "$uid === auth.uid",
".read": "$uid === auth.uid"
}
}
}
}
}
What I actually want eventually is:
{
"rules": {
"users": {
"$uid": {
".write": "$uid === auth.uid",
".read": "$uid === auth.uid"
},
"trips" : {
"$tid" : {
".indexOn": ["uid"],
".write": "<only if child field 'uid' is same as auth.uid>",
".read": "auth != null"
}
}
}
}
}
Upvotes: 1
Views: 268
Answers (1)
Rosário P. Fernandes
Reputation: 11326
That's because you've nested your "trips" rules under the "users" rules. They should both be under the "rules" node. Like this:
{
"rules": {
"users": {
"$uid": {
".write": "$uid === auth.uid",
".read": "$uid === auth.uid"
}
},
"trips" : {
"$tid" : {
".write": "$tid === auth.uid",
".read": "auth!=null",
".indexOn":"uid"
}
}
}
}
Upvotes: 2
Related Questions
- Restricting Firebase read/write access to only myself
- How do I configure Firebase-Security rules to limit 'what & when' users can write to Firebase data?
- Allow only admins to write data - Firebase Realtime Database - Security Rules
- Only allow logged in users to read and write Firebase data
- Firebase Realtime Database rules to allow a single user Write access
- Securing firebase table that multiple users need to write to
- Locking down write access using a specific UID
- Firebase read and write by user
- Write to Firebase database only with authenticated users android
- Firebase read/write permission for certain users