tclarkMEOW
Reputation: 141
Firebase Realtime Database Security Rules for prevent create/delete not working
I saw in several places that the way to prevent create and delete was with data.exists() && newData.exists(). But when I implement them in these rules, I can still create and delete to my liking when I'm logged in. What am I doing wrong? My goal is to let authenticated users update, but not create or delete.
"rules": {
"listings": {
".read": true,
".write": "data.exists() && newData.exists() && auth != null",
},
}
Upvotes: 0
Views: 448
Answers (1)
Frank van Puffelen
Reputation: 598847
My guess is that you want to allow the user to update a specific listing, and not all listings at once.
In that case you should define the .write rule on each specific listing:
"rules": {
"listings": {
".read": true,
"$listingid": {
".write": "data.exists() && newData.exists() && auth != null",
}
},
}
So with this, a user can update any existing listing, but not all listings at one.
Upvotes: 2
Related Questions
- Security rules of realtime database doesn't work
- Firebase Realtime Database prevent delete - based on condition
- Firebase rules restrict writing not working
- Issue with my Firebase realtime data base security rules
- Firebase Security Rules newData does not work
- Firebase database rules allow update but prevent create
- Allow delete and write with Firebase Rules
- Firebase Database Rules: can't write to database
- Firebase Delete or a Create rule
- How to write a rule to prevent any deletion of node from database