CODEWITHSUNDEEP
firebasefirebase-realtime-databasefirebase-storagefirebase-security
user9609225
user9609225

Reputation:

Firebase rules: is it possible to communicate between security rules of different products

I understand that I can specify rules for some features in firebase like real-time database and firebase storage.

Example:

I can specify a rule in real time database that allows only users to update their data under their specific UID.

Question:

Is it possible to specify a rule in firebase storage such that a user can download a file (ex: image) if and only if he exists under a certain node in the real time database?

Is this communication between security rules of different products possible?

If no, what can I do?

Thanks.

Upvotes: 3

Views: 58

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317372

You can't communicate between products like this.

What you can do instead is use custom claims on authenticated user profiles to control who can access what locations in various products.

Read more about custom claims here.

Read more about realtime database rules with custom claims. Read about auth.token.

In Firestore, you can use request.auth.token to access custom claims.

In Cloud Storage, you can also use request.auth.token.

Upvotes: 4

Related Questions