farouk osama
farouk osama

Reputation: 2539

How To use Firebase Auth with Firestore in flutter

I have a flutter application based on cloud_firestore and firebase_auth, I Add user (blue button) by Authentication firebase, and kept the ID in the code so that this user is the administrator, regular users can create an account by application (email and password), What I want is to make sure the administrator is the only one can delete data from the database, while the rest of the users are only allowed to read and write, so I did this:

I changed roles in my Cloud Firestore project to this:

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
      allow delete : if request.auth.uid == 'psqxVzX6BvYCuWbajhcEK1QGZOo1';
    }
  }
}

Is this true or not, and how can Firebase be sensitive to uid?

Maybe my question is how to send the uid with the firestore request.

Thank you in advance

Upvotes: 1

Views: 843

Answers (1)

Frank van Puffelen
Frank van Puffelen

Reputation: 599976

  1. If you have a write rule, that rules allows create, update and delete operations.
  2. If you have multiple rules for the same operation, they are OR'ed together.

This means that your allow read, write: if request.auth != null allows any authenticated user to create, update and delete any document in the database.

If you only want to allow any authenticated user to create or update a document, but only want the user with that specific UID to delete documents, you have to explicitly name those operations:

allow read, create, update: if request.auth != null;
allow delete: if request.auth.uid == 'psqxVzX6BvYCuWbajhcEK1QGZOo1';

For full info, see the documentation on granular operations.

Upvotes: 1

Related Questions