Home > Back-end >  Firebase RealTime Rules
Firebase RealTime Rules

Time:11-04

my app have an admin panel, and i would like to set firebase rules so that only admin are allowed to put new products or items in certain firebase.Child

i want the only users from the child("Admins") would be allowed to write into other categories like Work, private, video, so how to make a child from a reference like Admins only be able to access other children ?

this is my current firebase-RealTime Rules.

  {
  "rules": {
    "Admins": {
      ".read": true,
      ".write": false
    },
    "Users": {
        ".read": true,
            ".write": true,
          ".validate": "newData.hasChildren(['name', 'phoneNumber', 'uid'])",
          "name": {".validate": true},
          "phoneNumber": {".validate": true},
          "uid": {".validate": true},
          "$other": {".validate": false}
    },
    "PrivateWork": {
      ".read": "auth.uid != null",
        ".write": false
    },
    "Likes": {
      ".read": "auth.uid != null",
        ".write": "auth.uid != null"
    },
    "Work": {
      ".read": "auth.uid != null",
        ".write": false
    },
    "videos": {
      ".read": "auth.uid != null",
        ".write": false
    }
  }
}

enter image description here

CodePudding user response:

To allow admins global write access, you can add a single top-level rule like this:

{
  "rules": {
    ".write": "root.child('Admins').child(auth.uid).exists()",
    "Admins": {
      ...

Since permission cascades downwards, this will also grant them access on all child nodes.

  • Related