Menu
This are my rules, applied to an img dir:
match /img {
match /{fileId} {
allow read,
write: if request.resource.contentType.matches('image/jpeg')
|| request.resource.contentType.matches('image/png')
|| request.resource.contentType.matches('image/gif')
&& request.resource.size < 2 * 1024 * 1024
}
}
}
The problem is that those rules are also being applied to delete() as it is a write method too, so it always returns a permission error. I couldn't find anything in the documentation regarding this. How can I defer from POST/PUT rules and DELETE rules?
340
Found the solution by myself. By letting the rule to apply when there is no resource sent at all (delete), it also gets write permission. The rest of the create/update code is sent to an OR expression.
match /img {
match /{fileId} {
allow read,
write: if request.resource == null ||
(request.resource.contentType.matches('image/jpeg')
|| request.resource.contentType.matches('image/png')
|| request.resource.contentType.matches('image/gif')
&& request.resource.size < 2 * 1024 * 1024)
}
}
This for those who wants specific user to create and delete.
// Grants a user access to a node matching their user ID
service firebase.storage {
match /b/{bucket}/o {
// Allow write files to the path "images/*", subject to the constraints:
// 1) File is less than 10MB
// 2) Content type is an image or Content type is null for delete operation
match /user/{userId}/images/{allPaths=**} {
allow read: if resource.size < 10 * 1024 * 1024
&& request.auth != null;
allow write: if request.auth.uid == userId
&& (
request.resource == null
||
(
request.resource.contentType.matches('image/.*')
&& request.resource.size < 10 * 1024 * 1024
)
)
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
