Home > Enterprise >  Recommend Firebase security rules doesn't work s
Recommend Firebase security rules doesn't work s

Time:11-14

I've been receiving emails from Firebase saying my secure rules are secured, so I had to find how is the right way to make them secured.

Not recommended:

// Allow read/write access to all users under any conditions
// Warning: **NEVER** use this rule set in production; it allows
// anyone to overwrite your entire database.

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if true;
    }
  }
}

Recomended:

service cloud.firestore {
  match /databases/{database}/documents {
    // Assign roles to all users and refine access based on user roles
    match /some_collection/{document} {
     allow read: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Reader"
     allow write: if request.auth != null && get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role == "Writer"

     // Note: Checking for roles in your database using `get` (as in the code
     // above) or `exists` carry standard charges for read operations.
    }
  }
}

Just after I try the recommended rules, my app stopped working for authenticated users and I had to keep the unsecured rules to allow the users to get back to use the app... Does anyone have any idea why it did happen?

CodePudding user response:

Try this

service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}   
 match /your_collecton_name/{your_documents} {
allow read,write: if request.auth != null 
}
}
}
  • Related