Menu
In my Firebase security rules, I want anonymous users to be able to read anything except one field (secret_field):
{
"rules": {
".read": true,
".write": "auth != null",
"stuff" : {
"$stuffID" : {
"secret_field" : {
".read" : "auth != null"
}
}
}
}
}
However, in Firebase, if any read rule on the way to secret_field evaluates as true, read access on secret field is granted.
Is there a way to reverse that behavior? (If any read rule on the way to secret_field evaluates to false, disallow read access)
233
If you need some value (or combination of values) to be unique, you need to create a node that contains that value (or combination) as its key. If you need to guarantee that multiple values (or combinations) are unique, you'll need multiple of such nodes.
Implementation path Set up Cloud Firestore, Cloud Storage, or Realtime Database for your app. Use the Realtime Database and Cloud Firestore emulators to test your app's behavior and validate your rules before you deploy them to production. Use the Firebase console or the Firebase CLI to deploy your rules to production.
Listening to query results Cloud Firestore allows you to listen to the results of a query and get realtime updates when the query results change. When you listen to the results of a query, you are charged for a read each time a document in the result set is added or updated.
You can't reverse the behavior, but you can solve this by introducing a "container" for the public fields and setting .read to true for it. For example:
{
"rules": {
"stuff" : {
"$stuffID" : {
"public" : {
".read": true
},
"secret_field" : {
".read" : "auth != null"
}
}
}
}
}
And then everything under .../public/ is accessible to everybody but .../secret_field is only accessible for authenticated users.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
