Menu
I'd like to have a read-only property called suspendedProfile in a user document with all the other properties with read/write access for currently logged in user. Is there a way to do it with a simple security rule?
I thought about 2 solutions:
allow write: if request.resource.data.suspendedProfile == null;
/secure collection with allow read; inside the user document I think the first option is better all the user-related properties are in a single docment, but I'd love to hear your thoughts. Is there any other simpler way to achieve this?
886
asked Dec 21 '17 09:12
Use the Firebase console To set up and deploy your first set of rules, open the Rules tab in the Cloud Firestore section of the Firebase console. Write your rules in the online editor, then click Publish.
firestore. rules // is a file used to define the security rules for your Firestore database. firestore.
If you need some value (or combination of values) to be unique, you need to create a node that contains that value (or combination) as its key. If you need to guarantee that multiple values (or combinations) are unique, you'll need multiple of such nodes.
I think I managed to find a solution for my own answer using Firebase documentation.
// A user can update a product reviews, but they can't change
// the headline.
// Also, they should only be able up update their own product review,
// and they still have to list themselves as an author
allow update: if request.resource.data.headline == resource.data.headline
&& resource.data.authorID == request.auth.userID
&& request.resource.data.authorID == request.auth.userID;
So in my case, I will just allow update: if request.resource.data.suspendedProfile == resource.data.suspendedProfile
64
answered Sep 23 '22 07:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With