Firebase rules with custom IDs on nodes
I've been trying to create some rules for my firebase database, but it seems like I'm hitting a brick wall or (hopefully) there's just some point I'm not getting.
My data structure looks something like this:
units
<custom user id eg. 1234>
unit1
unit2
...
users
<custom user id eg. 1234>
name
email
phone
...
node3
<custom user id eg. 1234>
object1
object2
...
What I'd like to do is create rules that will only allow the user with ID 1234 (which is obviously different than the user's uid in Firebase authentication) to access his nodes.
Is there some way I can achieve this?
firebase firebase-realtime-database firebase-security-rules
add a comment |
I've been trying to create some rules for my firebase database, but it seems like I'm hitting a brick wall or (hopefully) there's just some point I'm not getting.
My data structure looks something like this:
units
<custom user id eg. 1234>
unit1
unit2
...
users
<custom user id eg. 1234>
name
email
phone
...
node3
<custom user id eg. 1234>
object1
object2
...
What I'd like to do is create rules that will only allow the user with ID 1234 (which is obviously different than the user's uid in Firebase authentication) to access his nodes.
Is there some way I can achieve this?
firebase firebase-realtime-database firebase-security-rules
2
Have you read the documentation? There is a page on per-user security rules. It describes everything you need to know. firebase.google.com/docs/database/security/user-security
– Doug Stevenson
Nov 28 '18 at 13:38
The thing is, it doesn't seem to work when I've created the nodes with "custom" ids rather than let firebase create them dynamically?
– foamy
Nov 28 '18 at 13:48
2
Edit the question to show the rules that don't work the way you expect, along with the code that accesses your database. You'll need to make it clear to us what exactly does not work.
– Doug Stevenson
Nov 28 '18 at 13:59
add a comment |
I've been trying to create some rules for my firebase database, but it seems like I'm hitting a brick wall or (hopefully) there's just some point I'm not getting.
My data structure looks something like this:
units
<custom user id eg. 1234>
unit1
unit2
...
users
<custom user id eg. 1234>
name
email
phone
...
node3
<custom user id eg. 1234>
object1
object2
...
What I'd like to do is create rules that will only allow the user with ID 1234 (which is obviously different than the user's uid in Firebase authentication) to access his nodes.
Is there some way I can achieve this?
firebase firebase-realtime-database firebase-security-rules
I've been trying to create some rules for my firebase database, but it seems like I'm hitting a brick wall or (hopefully) there's just some point I'm not getting.
My data structure looks something like this:
units
<custom user id eg. 1234>
unit1
unit2
...
users
<custom user id eg. 1234>
name
email
phone
...
node3
<custom user id eg. 1234>
object1
object2
...
What I'd like to do is create rules that will only allow the user with ID 1234 (which is obviously different than the user's uid in Firebase authentication) to access his nodes.
Is there some way I can achieve this?
firebase firebase-realtime-database firebase-security-rules
firebase firebase-realtime-database firebase-security-rules
edited Nov 28 '18 at 13:44
Doug Stevenson
81.9k997115
81.9k997115
asked Nov 28 '18 at 13:18
foamyfoamy
4101612
4101612
2
Have you read the documentation? There is a page on per-user security rules. It describes everything you need to know. firebase.google.com/docs/database/security/user-security
– Doug Stevenson
Nov 28 '18 at 13:38
The thing is, it doesn't seem to work when I've created the nodes with "custom" ids rather than let firebase create them dynamically?
– foamy
Nov 28 '18 at 13:48
2
Edit the question to show the rules that don't work the way you expect, along with the code that accesses your database. You'll need to make it clear to us what exactly does not work.
– Doug Stevenson
Nov 28 '18 at 13:59
add a comment |
2
Have you read the documentation? There is a page on per-user security rules. It describes everything you need to know. firebase.google.com/docs/database/security/user-security
– Doug Stevenson
Nov 28 '18 at 13:38
The thing is, it doesn't seem to work when I've created the nodes with "custom" ids rather than let firebase create them dynamically?
– foamy
Nov 28 '18 at 13:48
2
Edit the question to show the rules that don't work the way you expect, along with the code that accesses your database. You'll need to make it clear to us what exactly does not work.
– Doug Stevenson
Nov 28 '18 at 13:59
2
2
Have you read the documentation? There is a page on per-user security rules. It describes everything you need to know. firebase.google.com/docs/database/security/user-security
– Doug Stevenson
Nov 28 '18 at 13:38
Have you read the documentation? There is a page on per-user security rules. It describes everything you need to know. firebase.google.com/docs/database/security/user-security
– Doug Stevenson
Nov 28 '18 at 13:38
The thing is, it doesn't seem to work when I've created the nodes with "custom" ids rather than let firebase create them dynamically?
– foamy
Nov 28 '18 at 13:48
The thing is, it doesn't seem to work when I've created the nodes with "custom" ids rather than let firebase create them dynamically?
– foamy
Nov 28 '18 at 13:48
2
2
Edit the question to show the rules that don't work the way you expect, along with the code that accesses your database. You'll need to make it clear to us what exactly does not work.
– Doug Stevenson
Nov 28 '18 at 13:59
Edit the question to show the rules that don't work the way you expect, along with the code that accesses your database. You'll need to make it clear to us what exactly does not work.
– Doug Stevenson
Nov 28 '18 at 13:59
add a comment |
1 Answer
1
active
oldest
votes
I am not sure why are you not using Firebase Authentication user UID instead of custom UID but ok :)
If you have mapping somewhere in your database between Firebase Authentication UID and your custom UID (e.g. you have saved Firebase Auth UID for user 1234 in mapping/1234/authUID), then you can write the database rule like this:
"users": {
"$customUserUid": {
".write": "root.child('mapping').child($customUserUid).child('authUID').val() === auth.uid"
}
}
This seems like just the hint I need, many thanks! :) EDIT: The reason behind the custom UIDs is unfortunately out of my hands
– foamy
Nov 28 '18 at 14:06
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53520386%2ffirebase-rules-with-custom-ids-on-nodes%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I am not sure why are you not using Firebase Authentication user UID instead of custom UID but ok :)
If you have mapping somewhere in your database between Firebase Authentication UID and your custom UID (e.g. you have saved Firebase Auth UID for user 1234 in mapping/1234/authUID), then you can write the database rule like this:
"users": {
"$customUserUid": {
".write": "root.child('mapping').child($customUserUid).child('authUID').val() === auth.uid"
}
}
This seems like just the hint I need, many thanks! :) EDIT: The reason behind the custom UIDs is unfortunately out of my hands
– foamy
Nov 28 '18 at 14:06
add a comment |
I am not sure why are you not using Firebase Authentication user UID instead of custom UID but ok :)
If you have mapping somewhere in your database between Firebase Authentication UID and your custom UID (e.g. you have saved Firebase Auth UID for user 1234 in mapping/1234/authUID), then you can write the database rule like this:
"users": {
"$customUserUid": {
".write": "root.child('mapping').child($customUserUid).child('authUID').val() === auth.uid"
}
}
This seems like just the hint I need, many thanks! :) EDIT: The reason behind the custom UIDs is unfortunately out of my hands
– foamy
Nov 28 '18 at 14:06
add a comment |
I am not sure why are you not using Firebase Authentication user UID instead of custom UID but ok :)
If you have mapping somewhere in your database between Firebase Authentication UID and your custom UID (e.g. you have saved Firebase Auth UID for user 1234 in mapping/1234/authUID), then you can write the database rule like this:
"users": {
"$customUserUid": {
".write": "root.child('mapping').child($customUserUid).child('authUID').val() === auth.uid"
}
}
I am not sure why are you not using Firebase Authentication user UID instead of custom UID but ok :)
If you have mapping somewhere in your database between Firebase Authentication UID and your custom UID (e.g. you have saved Firebase Auth UID for user 1234 in mapping/1234/authUID), then you can write the database rule like this:
"users": {
"$customUserUid": {
".write": "root.child('mapping').child($customUserUid).child('authUID').val() === auth.uid"
}
}
answered Nov 28 '18 at 14:00
Revolution88Revolution88
650511
650511
This seems like just the hint I need, many thanks! :) EDIT: The reason behind the custom UIDs is unfortunately out of my hands
– foamy
Nov 28 '18 at 14:06
add a comment |
This seems like just the hint I need, many thanks! :) EDIT: The reason behind the custom UIDs is unfortunately out of my hands
– foamy
Nov 28 '18 at 14:06
This seems like just the hint I need, many thanks! :) EDIT: The reason behind the custom UIDs is unfortunately out of my hands
– foamy
Nov 28 '18 at 14:06
This seems like just the hint I need, many thanks! :) EDIT: The reason behind the custom UIDs is unfortunately out of my hands
– foamy
Nov 28 '18 at 14:06
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53520386%2ffirebase-rules-with-custom-ids-on-nodes%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
Have you read the documentation? There is a page on per-user security rules. It describes everything you need to know. firebase.google.com/docs/database/security/user-security
– Doug Stevenson
Nov 28 '18 at 13:38
The thing is, it doesn't seem to work when I've created the nodes with "custom" ids rather than let firebase create them dynamically?
– foamy
Nov 28 '18 at 13:48
2
Edit the question to show the rules that don't work the way you expect, along with the code that accesses your database. You'll need to make it clear to us what exactly does not work.
– Doug Stevenson
Nov 28 '18 at 13:59