Hello guys I've created an authentication page for my website using Firebase, till now everything works fine, I'm able to login, signup and logout.
I'm using firestore as database, my page also has the option that only registered users can see some information that I've added manually in my firestore database.
What I would like to know is how every registered user can add their personal information in their profile and only they should be allowed to delete or change it and other users can only see that information.
I'm using firebase version 5.6.0, I'll appreciate any idea or advise, thank you guys!
CodePudding user response:
What I would like to know is how every registered user can add their personal information in their profile and only they should be allowed to delete or change it and other users can only see that information.
What you need is Firestore Security Rules.
Firestore Rules is a feature that permits you to set permissions on Firestore data as you have just described. The Rules tab is next to the Data tab in the Firestore Database section of the Firebase Console.
In your case, where only a given signed-in user can manage their data and all signed-in users can view other users' data; you could have the following firestore rules:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if false;
}
match /users/{userId} {
allow create, update, delete: if request.auth != null && request.auth.uid == userId;
allow read: if request.auth != null;
}
}
}
request.auth != null tells Firebase that the user must be authenticated. Also, it is common practice to set the id of a user's document as the uid of the given user from Firebase Authentication. So that, the Firestore rule will allow signed-in users on the users collection to match request.auth.uid.
So with this in mind, you can comfortably manage user data with Firestore and read the data as well.
Note on version
I'm using firebase version 5.6.0, I'll appreciate any idea or advise, thank you guys!
Firebase for front-end JavaScript is currently in version 9. I advise you to upgrade to the latest version for two reasons.
Maintenance of the old versions is not sure.
Firebase introduced a major breaking change in the JavaScript SDK with v9. In version 9, Firebase is now modular and tree-shakeable. You must use npm to install firebase and use access only what you need. Read here for more info.