Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Temporary Variables in Firebase Security rules

Tags:

firebase

firebase-authentication

firebase-security

So I'm setting up the firebase security rules for my project and for the user to have read access to a room, we need to make sure they are part of that organization. So I have a security rule like this:

root.child('organizations').child(data.child('organization_id').val()).child('user_ids').hasChild(auth.uid)

Not only is this really ugly, there are several other rules in the same statement (separated by &&/||) which have start with root.child('organizations').child(data.child('organization_id').val()) to access data from the organization variable associated with this room.

This leads to some UGLY security rules, is there any way I can make temporary variables or something like that so I can make this a lot more readable? Thank you!

like image 830
user1032369 Avatar asked Oct 23 '15 15:10

user1032369

People also ask

How do you secure a Firebase rule?

Firebase Security Rules work by matching a pattern against database paths, and then applying custom conditions to allow access to data at those paths. All Rules across Firebase products have a path-matching component and a conditional statement allowing read or write access.

Does firebase Admin bypass rules?

1. Admin SDK bypasses security rules. As you explore security rules in depth, you will eventually discover that requests from the Firebase Admin SDK are not gated by rules. The Admin SDK is initialized with a service account, which gives the SDK full access to your data.

How do I change security rules in Firebase?

Edit and update your rulesOpen the Firebase console and select your project. Then, select Realtime Database, Cloud Firestore or Storage from the product navigation, then click Rules to navigate to the Rules editor. Edit your rules directly in the editor.

How many rules are you used to secure real time database?

The RTDB has only three rule types: . read.

1 Answers

Nope. The Firebase Security rules language doesn't have support for custom variables. This indeed leads to lots of duplication between rules.

The best solution is to write your rules in a higher-level language, that compiles into Firebase Security rules. The most well-known ones are Blaze (the grand-daddy of them all), Butane (not from Firebase itself) and Bolt (new and under very active development).

Bolt for example allows you to define (global) functions, which can easily encapsulate the repeated snippet and much more.

like image 197
Frank van Puffelen Avatar answered Oct 13 '22 12:10

Frank van Puffelen
Sign in to Comment

Related questions

Firestore get path of already queried document
Firebase App Distribution found more than 1 output file for this variant
Firebase Cloud Firestore trigger context.auth is always null [duplicate]
How to properly update state with Firebase and useEffect()?
Could I use GCP infrastructure as a code to setup Firebase Auth, Firestore, RDB, Cloud Functions?
FirebaseError: Function DocumentReference.set() called with invalid data. Unsupported field value: undefined (found in field nombre)
Firebase Admin SDK global app initialization in Node.js
Is the Firebase Console is dead (not showing projects)?
How to overcome "A non-serializable value detection"
FirebaseError: Failed to get document because the client is offline
How exactly to merge multiple streams in firebase firestore
How to prevent some fields of my object to be transformed by class-transformer
Cannot deploy/serve Firebase with error: No "exports" main defined in package.json [closed]
How do you prevent client side console hacks on firebase web apps?
How do I prevent duplicate voting while incrementing the vote count on Firebase?
Retrieve firebase server time without setting it first
How to persist Firebase simple login authentication for a multipage WebApplication
how to parse a firebase FDataSnapshot object?
When using AngularFire, the cursor jumps to end of field while typing
Firebase multiple child listeners

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!