Security Rules

firebase security rules has it’s own language coz this part work with every request to enable as fast experience as possible, security rules similar to express router.

// express
app.get('/users/rush', (req, res) {
    // code
	// if (some_expression) return allow()
})

app.get('/users/:id', (req, res) {
    const { id } = req.params
    // code
})

// `firestore.rules` (should added to `firebase.json`)
// match should be on document level not collection level
match /users/rush {
    // code
    // (allow|deny) permission: if some_expression
}

match /users/{uid} {
    // code
}

permissions can be

`read`: in read we can specify permissions precisely:

get: only allow get on this document
list: allow listing on the collection level

`write`:

create: first time creation document
update
delete

firebase deploy --only firebase:rules # deploy security rules only

Security Rules

Firebase Storage