CODEWITHSUNDEEP
firebasefirebase-storagefirebase-security
fractal
fractal

Reputation: 1679

How to apply firebase storage rules so only admin can access a folder

I have a structure like the following. The subfolders follow the same structure from the root. How do I set Firebase storage rules to only allow admin to add/edit/delete the private subfolder and allow anyone on my app to read the public subfolder?

Root >> folder 1 >> public subfolder
                >> private subfolder
...

     >> folder n >> public subfolder
                >> private subfolder

Upvotes: 1

Views: 1601

Answers (1)

Dharmaraj
Dharmaraj

Reputation: 50930

Best way would be to use Firebase custom claims. These provides the ability to implement various access control strategies, including role-based access control, in Firebase apps.

You would have to add the "admin" claim to your users. Only the Admin SDK (which must be used in a secure environment like cloud functions or your own server) can add these custom claims. You can refer to this answer for a simple example on adding custom claims. Once you've added the "admin" claim to the relevant users, you can try these security rules:

match /{folderName}/private {
  allow read, write: if request.auth != null && request.auth.token.admin;
}

match /{folderName}/public {
  allow read: if true;
}

Upvotes: 4

Related Questions