Last active
January 3, 2018 14:49
-
-
Save kmaida/4457f0faed0bf0da36a3731754df3f24 to your computer and use it in GitHub Desktop.
Firebase rules: all users can read, authenticated users can create if they provide a uid, owner can delete, owner can update.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "rules": { | |
| ".read": "true", | |
| ".write": "auth != null", | |
| "<ITEMS>": { | |
| ".indexOn": "<PROPERTY TO INDEX BY>", | |
| "$comment": { | |
| ".write": "(!data.exists() && newData.child('uid').val() == auth.uid) || (data.exists() && data.child('uid').val() == auth.uid && !newData.exists()) || (data.exists() && data.child('uid').val() == auth.uid && newData.child('uid').val() == auth.uid)" | |
| } | |
| } | |
| } | |
| } |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Authenticated users can write new data:
(!data.exists() && newData.child('uid').val() == auth.uid)No existing data, new data being written has a
uidproperty that matches the authenticated user'suidAuthenticated users can delete their own data:
(data.exists() && data.child('uid').val() == auth.uid && !newData.exists())Data exists, the data has a property
uidmatching the authenticated user'suid, and no new data is being writtenAuthenticated users can update their own data:
(data.exists() && data.child('uid').val() == auth.uid && newData.child('uid').val() == auth.uid)Data exists, the data has a property
uidmatching the authenticated user'suid, and new data being written also has matchinguidNotes:
Firebase RTDB security rules cascade, meaning additional access can be granted down the cascade, but access cannot be revoked. Most permissive rule must be at the top.