Skip to main content

How to easily set Firebase Rules for your app

How to easily set Firebase Rules for your app

When building apps or websites, you might want to add a database where information is stored online so that users can easily access if from multiple locations.

Google's Firebase platform allows you to do just that. It comes with a number of useful functions such as enabling user authentication, providing online storage, databases and even cloud messaging. 

You can read this email to find out more on how you can connect your mobile app to firebase.

Once you've set up your app and connected it to Firebase, you will need to control who or which of your users have access to specific parts of your database. This article will help you set rules and also highlight common mistakes which you should avoid.


To set your Firebase rules, navigate to your Firebase Database Console and click the tabs section. This is shown in the images below:


Navigate to Firebase Realtime Database
Navigate to the Firebase Realtime Database section.



Navigate to Rules and select Edit rules




By default you will find the following rule:

{ "rules": {
         ".read": "true",
         ".write": "true"
          }
}

What this means is that everyone can read and write to your database, hence the value for both .read and .write is true. 

If your database has multiple folders in it, this rule covers and includes all those folders.


Note that each opening curly bracket { has a corresponding closing curly bracket }.

Common Firebase rules


No one can write to the database

{ "rules": {
         ".read": "false",
         ".write": "false"
          }
}

Changing the value of read and write to false means that no one can read and write to your database. This means that your database is closed.

Only Authenticated users can read and write to your database

{ "rules": {
         ".read": "auth != null",
         ".write": "auth != null"
          }
}

When we want only users who have signed up to access the database, we use the auth != null rule. 

Only verified users can access the database

{ "rules": {
         ".read": "auth.token.email_verified === true",
         ".write": "auth.token.email_verified === true"
          }
}

This only allows only those users who have signed up and also verified their emails to read and write to your database.

User can only access their own data


{ "rules": {
       "users": {
            "$uid": {
                   ".read": "$uid === auth.uid",
                   ".write": "$uid === auth.uid"
                    }
               }
          }
}

In this scenario we have a folder named users and inside this folder we save data using the user's ID ($uid) as their reference key.

This option allows users to access data only if the reference key($uid) at that point is equal to their user ID.

Setting rules for multiple folders

If your project has numerous folders, Firebase allows you to set rules for each of these folders. Inside each folder, you will simply need to create a new set of rules and separate each rule set with a comma.

The following example shows how to do this.

{ "rules": {
       "users": {
            "$uid": {
                   ".read": "auth.token.email_verified === true",
                   ".write": "$uid === auth.uid"
                       }
              },
        "posts": {
                   ".read": "auth != null",
                   ".write": "auth.token.email_verified === true"
                       }
      }
}

In the above example we have two folders:
1. users (has a subfolders which are referenced using the user IDs)
2. posts

The rules allow verified users to view user data, but only the user can change their own data.
Authenticated users can view all posts but only verified users can write and upload posts.

Common Firebase Ref Guide

The following are some common rules that you will see a lot when working with firebase. Here is what they mean:

auth != null  - only authenticated users
auth.token.email_verified - only verified users
$uid === auth.uid - the user ID at that location must be equal to the user's auth ID


I hope you found this article very useful.
Labels:

Comments

Flashtizzy said…
Can the firebase free plan be used to run a dating app?
10 July 2023 at 03:54
Post a Comment

Popular posts from this blog

Hip hop and RnB songs to apologize to your partner

Love is a beautiful thing, but it often goes wrong. This often leads to pain, suffering and sorrow.  Being imperfect beings, hearts tend to get broken all the time regardless how hard we may try to avoid it.  The heartbreak is often inadvertent but at times we find ourselves in the wrong. An oversight, a word unsaid or even a lapse in our judgement can cause our loved ones harm. This doesn't always have to be the end though. Oftentimes, relationships can be mended by simply uttering three simple words: "I AM SORRY". This article is a collection of some of my favourite 'I'm sorry' songs. I hope you'll enjoy these apology songs, but more importantly, I hope you will get a few quotables and some wisdom nuggets from them.  The best apology however, is to change behaviour (got that from a Jay Z interview) so as you apologize, please remember that it was your actions that hurt them. The best apology is one which involves you not repeating those same mistakes aga...
Post a Comment
Read more

How to easily create background notifications in Sketchware(original)

How to easily create background notifications in Sketchware(original) One of the keys to building a successful app is to find mechanisms that will keep your users engaged. You can do this by using background notifications. This tutorial will show you how to do that in Sketchware. We will cover: 1. How to create notifications in Sketchware 2. How to show these notifications even when the app is closed.
7 comments
Read more

Php date: How to get the first and last day of the week

In this tutorial, I'll show you how to get the first and last day of the week in php. By default, in PHP the week runs from Monday to Sunday. However we'll cover two methods to get the first and last day for both those who consider Sunday or Monday as their first day of the week. We will be using 2 functions to achieve this: date() strtotime() We will use a combination of these two functions and store the result in a variable.  How to get the first day of the week If you want to get Sunday, use this method: $firstday = date('l Y-m-d', strtotime("sunday -1 week")); echo $firstday; If you want to get the date for Monday, this current week, use this method: $monday = date('l Y-m-d', strtotime("monday -1 week ")); echo $monday; How to get the last day of the week The following code will give you Saturday as the last day of the current week. $lastday = date('l Y-m-d', strtotime("saturday 0 week")); echo $last...
Post a Comment
Read more