i need to set a folder public with only read permisions in firebase storage, my security rules are
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write:if request.auth.uid != null;
}
match /{platos=**} {
allow read;
}
}
}
the folder is called platos and im not sure if those rules are secured the others folders must have protection only for logued users
The first rule should concern your folder, because otherwise the first rule is applied which rejects reads:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /platos/{allPaths=**} {
allow read;
allow write: if request.auth != null;
}
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
You can just delete the authentication code request.auth.uid != null and give only the read permission.
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
}
}
}
Related
I am using Firebase for Auth and image storage--images that are publically available thoughout my app, like profile pictures. How do I set up the permissions appropriately so that any user (or even non-authenticated entities) can read these public images?
My security rules:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
In your question, you say that you want non-authenticated entities to see the images, but your rules are set up to only allow authenticated entities to see them. You can change your rules to:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
allow write: if request.auth != null;
}
}
}
I mean I want to check to be sure the document id of the request is the same as the document id in the database.
I tried this but it doesn't work:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read: if request.resource.id == userId;
}
}
}
Also tried this and it also didn't work:
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
match /users/{userId} {
allow read: if request.resource.id == resource.id;
}
}
}
I've searched online for hours and every single post is about using authentication uid.
if you want to make sure the uid in request matches name of the user document, then use this:
match /users/{userId} {
allow read, update, delete: if request.auth != null && request.auth.uid == userId;
}
and if you want to allow new users to be created add this too:
allow create: if request.auth != null;
more details : https://firebase.google.com/docs/firestore/security/rules-conditions
I need to set firebase storage rules so unauthenticated users can upload a file but can't read a file.
So far I have:
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow write: if true
allow read: if false
}
}
}
Is this the correct way to do this?
This rule will help you to read only if user is authenticated else it won't allow. For more details you can read docs
rules_version = '2';
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read: if request.auth != null;
allow write: if true;
}
}
}
I have a "game" collection on firestore with a "levels" sub-collection. I'm trying to set-up the security rules so that you can only access game or level you created.
All documents (games or levels) have an authorId field with the uid of the user that created them. I have try this rule but still got an Missing or insufficient permissions error:
service cloud.firestore {
match /databases/{database}/documents {
match /games/{document=**} {
allow read, write: if document.data.authorId == request.auth.uid;
}
}
}
What am I missing?
I have tried the following rules too with no success:
service cloud.firestore {
match /databases/{database}/documents {
match /games/{game}/levels/{level} {
allow read, write: if level.data.authorId == request.auth.uid;
}
}
}
service cloud.firestore {
match /games/{game} {
allow read, write: if game.data.authorId == request.auth.uid;
match /levels/{level} {
allow read, write: if level.data.authorId == request.auth.uid;
}
}
}
According to the reference documentation, resource is the object that contains the document data that the user is trying to write. You use its data property to get a hold of its field values.
service cloud.firestore {
match /databases/{database}/documents {
match /games/{document=**} {
allow read, write: if resource.data.authorId == request.auth.uid;
}
}
}
match /databases/{database}/documents {
match /users/{uid} {
allow read, write: if request.auth.uid == uid;
}
match /data/{uid}/temperature
/{document=**}{
allow read, write: if request.auth.uid == uid;
}
match /data/{uid}/blood_pressure
/{document=**}{
allow read, write: if request.auth.uid == uid;
}
}
}
I did this to access subcollections "blood_pressure" and "temperature" for only authenticated users. It works fine for me.
I want my files in firebase storage to be public for download without need to be authenticated user.
The default rules are:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read, write: if request.auth != null;
}
}
}
According to the example here I changed it to:
service firebase.storage {
match /b/{bucket}/o {
match /{allPaths=**} {
allow read;
allow write: if request.auth != null;
}
}
}
But I get the following strange error:
Error saving rules - Undefined parameter - ERRORS
Anyone know what can be the problem?