Reputation: 11
How can give access to read but not write in firebase firestore settting rules
This is what I have in my rules setup but it does not allow me to view fetched data from firestore unless I'm logged in.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /Photos/{PhotoID}/{document=**} {
allow read, write: if request.auth.uid != null
}
}
}Upvotes: 0
Views: 1152
Answers (3)
Reputation: 3
If you want to be able to give users read access but not write access you can use this code.
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /Photos/{PhotoID}/{document=**} {
allow read: if true;
allow write: if false;
}
}
}
The issue you were facing was you were using the following line of code: allow read, write: if request.auth.uid != null.
A quick break down of what is does: You 'allow' read AND (because you used a comma) write permission IF the user is signed in using Firebase Authentication.
You would need to separate the read and write. Using the comma will make both of them be the same, which is it, and is set to only allow read and write if the user is signed in.
So change the code from this: allow read, write: if request.auth.uid != null to: allow read: if true; allow write: if false;.
For more information and help, head to these two links: https://firebase.google.com/docs/firestore/security/get-started https://firebase.google.com/docs/firestore/security/rules-conditions
Upvotes: 0
Reputation: 19
You may visit there docs here Basics of firebase security rules
In addition to @Dharmaraj answer:
The code you provided above helps you check if user is logged in, if logged in then it allows both read and write operation else disallows/denies the operation.
Then if you want a free access to your database such that it will not check whether logged in or not , remove the if condition and only end the command with semicolon[;],
But be careful because if you allow both read and write access without checking if user is authenticated or not, then you endanger your data to the entire world.
To allow only read access:
rules_version = '2';
service cloud.firestore {match /databases/{database}/documents
{
match/Photos/{PhotoID}/{document=**} {
allow read:if true;
allow write: if false;
}
}
}
To allow only write access:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match
/Photos/{PhotoID}/{document=**} {
allow read: if false;
allow write:if true;
}
}
}
Upvotes: 0
Reputation: 50930
The request.auth.uid != null will return false if a user requesting data is not logged in with Firebase Authentication. If you want anyone to to fetch data then the rule should be allow read: if true;.
I'm not sure about your use case here but it's best to allow users to read/write their own data only. For that you'll need to store their UID somewhere in the document.
Then rules in your questions apply for Photos collection and all of it's sub-collection as you are using a recursive wildcard.
Upvotes: 1
Related Questions
- firebase rules how to make user can read only his data
- Firebase Cloud Firestore security rules only allow read not write
- Firestore rules to restrict users to read/write only their data
- Cloud Firestore Security Rules allow write only from Firebase function
- Firestore Security Rule denying read/write on firebase-storage
- Cloud Firestore Security Rules - only allow write to specific key in document
- Firebase rules: allow read only if resource property condition met
- Firebase (Firestore) security rules, limit access to object for specific users
- How can I set Rules in Firebase so that only my app can write on my database firestore?
- What am I missing in my firestore security rules that It denies every read and write?