Reputation: 12572
Firestore Firebase Database Rules
I'm trying to set up access rules for my Firestore Firebase database.
(ala. https://firebase.google.com/docs/firestore/security/get-started)
I want 3 rules :
- No access to all tables, except
- Table
public_datahasreadaccess for everyone, and - Table
user_datahasread, writefor just that authenticated user
(and I guess anyone should be able to create a new user too .. thats a bonus rule)
The rule format seems straight forward enough from the documentation, however using the Simulator available under console.firebase.google.com > Database > Cloud Firestore > (my db) > Rules > Simulator the results are not what I expect.
Upvotes: 1
Views: 1742
Answers (1)
Reputation: 12572
Here is what I ended up using :
(https://console.firebase.google.com/u/0/project/[MY_PROJECT_NAME]/database/firestore/rules)
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// 2. Table public_data has read access for everyone
match /public_data/{document=**} {
allow read, write;
}
// 3. Table user_data has read, write for just that authenticated user
match /user_data/{userId} {
allow read, update: if request.auth.uid == userId;
}
// (and I guess anyone should be able to create a new user too .. thats a bonus rule)
match /user_data/{document=**} {
allow create;
// and no one can delete a user
}
}
}
Note that the "1. No access to all tables" happens automatically.
Note that A read rule can be broken into get and list, while a write rule can be broken into create, update, and delete - https://firebase.google.com/docs/firestore/security/rules-structure
I wasn't able to figure out the Simulator that Firestore > Rules provides, I couldn't figure out what path to put into it.
But it is so easy to make the queries of the data that I ended up just testing it myself.
I'm using Flutter, so this package, & there are examples in your favourite language in the Firebase docs, eg. here is a read.
Upvotes: 3