CODEWITHSUNDEEP
firebasegoogle-cloud-firestorefirebase-security
K20GH
K20GH

Reputation: 6263

Restricting access to Firebase Firestore and Storage

I'm using Firebase exclusively in my app - Auth, Firestore, Functions and Storage.

Within Firestore, my data is structured as below:

/users/<user_id>/<user_data>
/listings/<listing_id>/<listing_data>

<listing_data> contains a user_id field.

Within Storage, my data is structured as below:

/images/<user_id>/<image_id>/<images>

I have the following scenario:

I have no ideas how I can go about this. At the moment, anyone can access anything if they're authenticated, so I guess the first step is to lock this down, and then some how assign rights?

I thought about adding an access list object, and then writing middleware to check this, but it doesn't feel like the correct way

Upvotes: 0

Views: 420

Answers (1)

Sushant Somani
Sushant Somani

Reputation: 1500

You have to modify the rules of firestore as:

service cloud.firestore {
  match /databases/{database}/documents {
        // Restaurants:
        //   - Authenticated user can read
        //   - Authenticated user can create/update (for demo)
        //   - Validate updates
        //   - Deletes are not allowed
    match /restaurants/{restaurantId} {
      allow read, create: if request.auth.uid != null;
      allow update: if request.auth.uid != null
                    && request.resource.data.name == resource.data.name
      allow delete: if false;

      // Ratings:
      //   - Authenticated user can read
      //   - Authenticated user can create if userId matches
      //   - Deletes and updates are not allowed
      match /ratings/{ratingId} {
        allow read: if request.auth.uid != null;
        allow create: if request.auth.uid != null
                      && request.resource.data.userId == request.auth.uid;
        allow update, delete: if false;

        }
    }
  }
}

The root of my database is restaurants.You have to replace those parameters with that of yours.

Upvotes: 1

Related Questions