firebase-security

问题 This question already has answers here : Firebase Security Rules Storage from specific web url (2 answers) Closed 5 months ago . I am building the application which uses the Fiberbase Storage, I do not want the user to log in or signup, just allow them to upload files through my website only. I don't want others to copy the Firebase config key and use in their website to upload a file on my firebase account, so I want to set up some rules which will restrict access over the certain domain 回答1

问题 I think I'm doing something wrong but I can't figure which part... Thanks for all the clarification I can get. So I have a collection named Bases that looks like this: { "id1": { "name": "My base 1", "roles": { "idUser_123": { "name": "John" } } }, "id2": { "name": "My base 2", "roles": { "idUser_456": { "name": "Jane" } } } } idUser_123 log in and want to access his collection. So I do: db.collection('bases').get() And I use a match rule to make sure John is not reading Jane's bases. And

问题 Is is possible to include a payload/parameter when executing a GET request to Firebase Realtime Database, in order to access the payload/parameter in the Firebase Realtime Database rules? Using React Native with Javascript. 回答1: For a GET/read request to the Realtime Database, the following information is available in your security rules: The path that is requested, or the query that was executed. The auth variable indicating the logged in user, including any claims in auth.token. So if you

问题 TL;DR How do you perform a query on a secure Firestore collection? In Firestore have the following Security Rule: service cloud.firestore { match /databases/{database}/documents { match /users/{userId} { allow read, update, delete: if request.auth.uid == userId; allow create: if request.auth.uid != null; } } } Currently, the document ID is the userId and there is also a field in each document with the userId. I can find the document if I go straight to a specific document using its document

问题 I am using cloud Firestore database and I have 'users' collection on my root database and in it there are all the users documents (named as the uid) and inside it the data I collect. I wanted to allow users to only read/write to their own collections so I started my security rules with service cloud.firestore { match /databases/{database}/documents { // Allow only authenticated content owners access match /users/{userId}/{documents=**} { allow read, write: if request.auth.uid == userId } } }

问题 I am using cloud Firestore database and I have 'users' collection on my root database and in it there are all the users documents (named as the uid) and inside it the data I collect. I wanted to allow users to only read/write to their own collections so I started my security rules with service cloud.firestore { match /databases/{database}/documents { // Allow only authenticated content owners access match /users/{userId}/{documents=**} { allow read, write: if request.auth.uid == userId } } }

问题 I am currently trying to implement a trading system for my unity android app using firebase. For that I have to check, if a player pressed the buy button for one trade, if the selected trade is still available in the firebase database. The way it is supposed to work is, that the player who wants to buy something checks in the corresponding trade, if the buyerId is still empty, and if so puts his own id in there. I've set up the firebase rules, so that the buyerId and buyerName can only be set

问题 I have an application in android that registers sellers, which have a unique email, I am storing them in firebase. Create a rule to not allow duplicates to be added but it does not seem to work. What am I doing wrong? { "rules": { ".read": true, ".write": true, "sellers": { "$seller": { "email": { ".write": "!data.exists()" } } } } } my method to add public void addSeller(Seller seller){ HashMap<String,Seller> map= new HashMap<>() ; String email = seller.getEmail().replace(".",","); map.put

问题 I have an application in android that registers sellers, which have a unique email, I am storing them in firebase. Create a rule to not allow duplicates to be added but it does not seem to work. What am I doing wrong? { "rules": { ".read": true, ".write": true, "sellers": { "$seller": { "email": { ".write": "!data.exists()" } } } } } my method to add public void addSeller(Seller seller){ HashMap<String,Seller> map= new HashMap<>() ; String email = seller.getEmail().replace(".",","); map.put

问题 I am writing a small program in react that manages a league of sorts. The problem I have is how do I allow access (read, write) to the matchdays of a league for the correct user. The matchdays are named "matchday-1", "matchday-2", and so on, and are collections of documents (the matches), and are subcollections inside the league. My firebase structure looks like this basically: leagues(collection) -> league(document) -> matchday-n(collection) -> match-m(document) where n and m are numbers.