How do I define the security rules where only logged in user can read and write all of the collections and subcollection?
I have these collections of category, products, and orders. And then under the products I have a subcollection of history. Also in my app, there is only 1 type of user which I add here directly in the Firebase console. How can I define the security rules where only logged in user can read and write on these collections and subcollections?
For the logging in, I am using Firebase Authentication:
const handleSubmit = async (e) => {
e.preventDefault();
const auth = getAuth();
console.log(email, password, "1");
setIsLoading(true);
signInWithEmailAndPassword(auth, email, password)
.then((userCredential) => {
// Signed in
const user = userCredential.user;
setIsLoading(false);
navigate("/Homepage");
// ...
})
.catch((error) => {
const errorCode = error.code;
const errorMessage = error.message;
setIsLoading(false);
alert(errorMessage);
});
};
How can I define the security rules where only logged in user can read and write on these collections and subcollections?
The following rule is using a wildcard and should allow any user that is authenticated to read and write to any document in Firestore:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read, write: if request.auth != null;
}
}
}
If you want to lock it down at some point, because you introduce a collection that not all users should have access to, you can make it explicit:
service cloud.firestore {
match /databases/{database}/documents {
match /category/{id} {
allow read, write: if request.auth != null;
}
match /products/{id} {
allow read, write: if request.auth != null;
}
match /logs/{id} {
allow read, write: if false;
}
}
}
For further information, start here in the docs and use the Playground in Firebase Console to test your rules before deploying them.
- osmdata_sf returns failed to perform HTTP request curl::curl_fetch_memory() error in R?
- Sub-subtitle in a graph made with `ggplot2`
- How can I execute a statement and ignore warnings with tryCatch?
- Enumerate events where n consecutive values are not NA
- Serialize/deserialize a column with R and DuckDB
- Replicate matrix
- Putting multiple plots on the same page in R?
- NA values in a non-editable date column in a datatable in a shiny app change to "Invalid Date" when clicked on
- How to enable/disable checkboxInput when certain panel is selected
- Writing robust R code: namespaces, masking and using the `::` operator
- Replacing with conditional value in dplyr case_when()
- How to assign pre-determined RGB values to polygons
- python/pandas equivalent to dplyr 1.0.0 summarize(across())
- Calculating moving average
- Estimating non-monotonic bi-exponential curve fit
- column type issue when converting csv to parquet using duckdb in R
- "Target position can only be set for new windows" in chromote in R
- Determine level of nesting in R?
- Week start on Mondays
- Center output from dm_draw
- plot a network based on given values
- Adding a X axis title to faceted ggballoonplot
- Calculate mean of matrices having different dimensions
- check if two columns have a one-to-one relationship in R
- How to extract Std.Dev from VarCorr glmmTMB
- How do you print to stderr in R?
- How to plot China map with South China Sea in base R
- Get column and row position of nth element in a matrix
- Is there any authoritative documentation on R release nicknames?
- R Glassdoor Web Scraping