ABC
Reputation: 399
How do I implement access control permissions on Firebase Storage?
We store user permissions in claims.
Here's how the claim of a enterprise customer looks like:
{"roles": ["enterprise"]}
Then, in the rules of Firebase Storage, we try to check whether a customer is enterprise before they are granted access to some files:
function isEnterprise() {
return (request.auth.token.roles) && ("enterprise" in request.auth.token.roles);
}
Then, when the user attempts to retrieve the Download URL of a file from the web using getDownloadURL, Firebase throw a permissions error.
Could you please provide a solution?
Upvotes: 0
Views: 94
Answers (1)
ABC
Reputation: 399
Fixed it with this:
function isEnterprise() {
return request.auth.token.roles.hasAny(['enterprise']);
}
Upvotes: 2
Related Questions
- Role based rules in firebase storage
- How to restrict access to files to group members?
- firebase cloud storage restrict read of access token
- how do I implement role based access control in firebase
- Firebase Storage Security Rules for Groups
- How to manage rights in firebase to allow differents users to read/upate/write?
- Firebase Storage Permissions for Folder
- Restricting access to Firebase Firestore and Storage
- Firebase Storage access control - single user as interface
- How to restricts firebase storage access with my own authentication service