firebase-security

In Firebase Realtime Database Rules, how do you give write access to the users with a certain child value?

ぃ、小莉子 提交于 2021-02-20 00:49:10
问题 ,"people" : { ".read": "auth != null", "$uid": { }, "e2" : { ".read": "auth.uid != null", ".write": "$uid == auth.uid" }, "l1" : { ".read": "auth.uid != null", ".write": "auth.uid != null" } So e2 is the @ of an email. For example @gmail or @aol or @yahoo. For the l1 child, I want to make the write rule: Write if auth.uid != null && e2 has the same value as the e2 of the person you are writing l1 to. The furthest I could get, is something like this: "data.parent().child(people).hasChildren([

Per field rules in Firestore Security Rules

拟墨画扇 提交于 2021-02-19 07:36:08
问题 I have a bunch of documents that contain a few fields each. How can I write rules that only apply to a specific field in each document? For example, if my documents looked like this: { "displayName": "John Doe", // read and write "accessLevel": 3 // read only } How could I make it so that you can Read display name and access level Write to the display name Not write to the access level I've gone through a lot of videos and Firestore docs and haven't found anything that shows how you would

Per field rules in Firestore Security Rules

不问归期 提交于 2021-02-19 07:34:34
问题 I have a bunch of documents that contain a few fields each. How can I write rules that only apply to a specific field in each document? For example, if my documents looked like this: { "displayName": "John Doe", // read and write "accessLevel": 3 // read only } How could I make it so that you can Read display name and access level Write to the display name Not write to the access level I've gone through a lot of videos and Firestore docs and haven't found anything that shows how you would

How to limit number of document reads from a humongous collection in firestore when some malicious user queries the data?

非 Y 不嫁゛ 提交于 2021-02-19 06:13:45
问题 I have a firestore collection called letters which holds a public letter from users. In my app, I am using pagination to limit the results to 20 when they go to public letters screen . My concern is that this would work fine from within the app but if some malicious user query the database from let's say postman then I will be billed heavily for all those reads. I have all security rules in place like the user should be authenticated but this needs to be public collection so I can't think of

How to limit number of document reads from a humongous collection in firestore when some malicious user queries the data?

别说谁变了你拦得住时间么 提交于 2021-02-19 06:13:10
问题 I have a firestore collection called letters which holds a public letter from users. In my app, I am using pagination to limit the results to 20 when they go to public letters screen . My concern is that this would work fine from within the app but if some malicious user query the database from let's say postman then I will be billed heavily for all those reads. I have all security rules in place like the user should be authenticated but this needs to be public collection so I can't think of

How to limit number of document reads from a humongous collection in firestore when some malicious user queries the data?

笑着哭i 提交于 2021-02-19 06:12:42
问题 I have a firestore collection called letters which holds a public letter from users. In my app, I am using pagination to limit the results to 20 when they go to public letters screen . My concern is that this would work fine from within the app but if some malicious user query the database from let's say postman then I will be billed heavily for all those reads. I have all security rules in place like the user should be authenticated but this needs to be public collection so I can't think of

Firebase firestore timestamp based security rules

你离开我真会死。 提交于 2021-02-19 05:33:37
问题 On my client side I am creating a document with one of the fields "createdDate" below is a payload from the firestore simulator { "__name__": "/databases/(default)/documents/billing/aaaa", "data": { "createdDate": 1529237500239, "createdDateTimeFormat": "2018-06-12T07:00:00.000Z" } } I tried to set the security rule to make sure the "createdDate" is not in the future. service cloud.firestore { match /databases/{database}/documents { match /billing/{userId}{ allow create: if (request.resource

Firebase firestore timestamp based security rules

Deadly 提交于 2021-02-19 05:32:18
问题 On my client side I am creating a document with one of the fields "createdDate" below is a payload from the firestore simulator { "__name__": "/databases/(default)/documents/billing/aaaa", "data": { "createdDate": 1529237500239, "createdDateTimeFormat": "2018-06-12T07:00:00.000Z" } } I tried to set the security rule to make sure the "createdDate" is not in the future. service cloud.firestore { match /databases/{database}/documents { match /billing/{userId}{ allow create: if (request.resource

Firebase rules: dynamically give access to a specific user

前提是你 提交于 2021-02-19 02:31:12
问题 I'm building an Android app which requires me to store some pictures for the user. Let's say I have 2 users: A and B. They should be able to read / write on their specific folders: user A can read and write to bucket/images/userA and user B can read and write to bucket/images/userB. They should not have access to anything else. Now let's say user A uploaded picture1.jpg and picture2.jpg. How can user A grant access to bucket/images/userA/picture1.jpg to user B? User B should not have access

How to block users on Firebase in a social media app? for iOS

主宰稳场 提交于 2021-02-18 03:41:51
问题 enter image description hereI'm about 90% with my app, and was ready to release it so it can be released to get tested. I was rejected by apple, because i didn't have a very important feature: - A mechanism for users to block abusive users. I already have a function in which I follow other users, but I'm stuck on how do I block access, so that when one users blocks the other, they don't see anything related to the one who just blocked him. They can't see their profile in search, in new