Firebase security rules custom field

400 views Asked by At

My Firebase security rules look as follows:

"users": {
      "$uid": {
        // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",

        // grants read access to any user who is logged in with an email and password
        ".read": "auth !== null && auth.provider === 'password'"
      }
    },

In addition, I have a custom userId, which I store in users/$uid. So as an example my users/$uid look as follows:

users
   /$uid
       /email: [email protected]
       /userId: "foobargayid123456"

I use this userId in other nodes, for example the node profile_pictures to set the dependencies:

profile_pictures
   /userId
       /thumbnail: "datablabla"

Question

How can I set the security rules in firebase for the node profile_pictures such that only user with id: users/$uid/userId can .write the node profile_pictures/userId

1

There are 1 answers

1
Frank van Puffelen On BEST ANSWER

I think this is what you're looking for.

{ 
  "rules": {
    "profile_pictures": {
      "$userId": {
        ".write": "
          root.child('users').child(auth.uid).child('userId').val == $userId"
      }
    }
  }
}