Menu
Can we use wildcards in Firebase database rules? From my experiments, it doesn't seem like that's the case. Am I missing something or is that what's supposed to happen?
So, for example, I might have the same rules for all products_* entries and it would be easier to group them together using a wildcard.
To clarify, it's an web app and I am concerned with the database permissions that we set in the console. Can we use wildcard there ?
For example,
{
"rules": {
"products_A": {
<rules>
},
"products_B": {
<rules>
}
}
I would like to have only 1 set of rules like:
{
"rules": {
"products_*": {
<rules>
}
}
Thanks.
623
Firebase Realtime Database Security Rules determine who has read and write access to your database, how your data is structured, and what indexes exist. These rules live on the Firebase servers and are enforced automatically at all times. Every read and write request will only be completed if your rules allow it.
These rules are hosted on Firebase servers and are applied automatically at all times and you can change the rules of your database in Firebase console. You just have to select your project, click on the Database section on the left and select the Rules tab.
The RTDB has only three rule types: . read.
The Rules Playground is a convenient tool to use as you're exploring new behaviors or quickly validating rules as you write them. It displays a message confirming that access was either allowed or denied according to the parameters you set for the simulation.
Firebase offers a wildcard path used to represent ids and dynamic child keys. For example, $uid in the below rules is a 'wildcard' that allows the parameters within that node to refer to the parent node.
{
"rules": {
"users": {
"$uid": {
".write": "$uid === auth.uid"
}
}
}
}
in the above example, the $uid is the wildcard path for every user node within the /users node. Here is how the above rules expands per node
users
uid_0 <--------|
V
".write": "uid_0 === auth.uid" //only user with uid = uid_0 can write
uid_1
".write": "uid_1 === auth.uid" //only user with uid = uid_1 can write
uid_2
".write": "uid_2 === auth.uid" //only user with uid = uid_1 can write
You can expand on this to provide a great level of flexibility. Say you want a certain set of users to be able to access a groups node. The group rules could be
"rules": {
"Groups": {
"$group_id" : {
".read": "root.child('Allowed_Users/' + auth.uid).val() === $group_id",
".write": "root.child('Allowed_Users/' + auth.uid).val() === $group_id"
}
}
This limits access to each group node to a certain set of users, specified in the Allowed_Users node. The data in the Firebase database could look like:
Groups
group_0
//data
group_1
//data
Allowed_Users
uid_0: group_0
uid_1: group_0
Is this example, users uid_0 and uid_1 could read/write to group_0 but not read/write to group_1
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
