From console.cloud.google.com/logs, I get this error.
ERROR: "_baseMessage: "Firebase Storage: User does not have
permission to access '[my_file_name_here]'
I was under the impression that firebase functions have admin access to manipulate Firestore and Firebase storage data regardless of permissions as discussed here. What I am experiencing seems to be the opposite. Maybe it is only because I am working with storage rather than firestore?
The firebase functions can successfully write to the storage if the read & write privileges are true. They fail when setting rules to if false;
or if request.auth != null;
Is there a way that I can specify permission for ONLY firebase functions to be able to read/write data to storage? I prefer not to give read/write access to everyone.
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if false;
}
}
}
CodePudding user response:
The answer for me was using firebase_admin npm package in my firebase functions to upload the file. Using this library gives context of having admin privileges. Hence, we can read/write even if rules deny it.
static uploadFileAsAdmin(bufferFile: Buffer, storageDestination: string
): Promise<void> {
return firebaseAdmin.storage().bucket()
.file(storageDestination)
.save(bufferFile, { preconditionOpts: { ifGenerationMatch: 0 } });
}
I was previously using firebase npm package to upload the file.
This SDK is intended for end-user client access
Because it is intended for this kind of access, Firestore rules blocked access.