Skip to content

Firestore and Storage Rules

Jump to bottom
Filip Lauc edited this page Jan 3, 2020 · 2 revisions

Although most Firestore rules you will be able to control through the module setup, some might need specific adjustments in firestore.rules. For example, if a collection needs to be readable publicly in addition to the wildcard collection selector:

    match /modules/{module=**} {
      allow read: if request.auth.uid != null;
      allow write: if request.auth.token.role == 'admin';
    }

You might add:

    match /my-collection/{item} {
      allow read: if true;
      allow write: if access(database, 'users', 'write')
    }

This states that my-collection can be read by anyone and wrote to by users that have write access for this collection configured in the dashboard.

Read more about firestore rules here: https://firebase.google.com/docs/firestore/security/get-started

storage.rules need to be configured before you can start uploading files, initially they are set up to allow reads but prevent writes altogether.

Read more about storage rules here: https://firebase.google.com/docs/storage/security/start

Clone this wiki locally