How To use Firebase Auth with Firestore in flutter
- If you have a
writerule, that rules allows create, update and delete operations. - If you have multiple rules for the same operation, they are OR'ed together.
This means that your allow read, write: if request.auth != null allows any authenticated user to create, update and delete any document in the database.
If you only want to allow any authenticated user to create or update a document, but only want the user with that specific UID to delete documents, you have to explicitly name those operations:
allow read, create, update: if request.auth != null;
allow delete: if request.auth.uid == 'psqxVzX6BvYCuWbajhcEK1QGZOo1';
For full info, see the documentation on granular operations.
farouk osama
Updated on December 24, 2022Comments
-
farouk osama over 1 year
I have a flutter application based on cloud_firestore and firebase_auth, I Add user (blue button) by Authentication firebase, and kept the ID in the code so that this user is the administrator, regular users can create an account by application (email and password), What I want is to make sure the administrator is the only one can delete data from the database, while the rest of the users are only allowed to read and write, so I did this:
I changed roles in my Cloud Firestore project to this:
rules_version = '2'; service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if request.auth != null; allow delete : if request.auth.uid == 'psqxVzX6BvYCuWbajhcEK1QGZOo1'; } } }Is this true or not, and how can Firebase be sensitive to uid?
Maybe my question is how to send the uid with the
firestorerequest.Thank you in advance
-
CoderUni over 3 yearsThere is no need to send the id to Firestore as part of the request. It is automatically handled by the Firestore plugin. You could check that out by making a new account and try to delete a document -
farouk osama over 3 yearsI created a new user, were able to delete Document, and this is opposed the rolls
-
CoderUni over 3 yearsThats because your rule is wrong. Sorry, I didn't notice how you wrote your rule but you allowed to read and write if the request is null. By default, write means create, update, and delete. You can test if your rule works in their sandbox
-
farouk osama over 3 yearsI appreciate your effort, thank you, but there is (create, update), I am new to Firebase
-
Frank van Puffelen over 3 yearsPlease replace the picture of your rules with the actual rules as text. In general: don't post pictures of text.
-
-
farouk osama over 3 yearsThank you, I have tried to delete the document from a user account but failed
