Can Firebase Cloud Storage rules validate against Firestore data?

Question

Can we use Firestore data to grant or restrict access to files hosted on Firebase Cloud Storage?

Exemple of what I would like to use as Firebase Security Rule

allow write: if get(/databases/mydbname/documents/guilds/$(guildID)).data.users[(request.auth.uid)] in ["Admin", "Member"]; 

Answer 1

There is currently no way to access different Firebase products from within the security rules of another product. See: is there a way to authenticate user role in firebase storage rules?

But it seems like you are trying to check group-membership of the user. Instead of looking that group-membership up in the database, I recommend that you model it as a so-called custom claim. Instead of (or in addition to) writing the membership to the database, you'll set the claim "user {uid} is a member of group {guild1}" into the user profile using the Firebase Admin SDK:

admin.auth().setCustomUserClaims(uid, {guild1: true}).then(() => {   // The new custom claims will propagate to the user's ID token the   // next time a new one is issued. }); 

With that done, you can check the guild membership in the security rules:

allow read: if request.auth.token.guild1 == true; 

(I'm not sure if/how you can model the guild membership as a map, I'll update this answer if that turns out to be the case.)