Firebase Storage, what are the right rules for user-based download / uninstall?

Question

Firebase Storage, what are the right rules for user-based download / uninstall?

I want to create custom security for Firebase / Storage. The below allow recording works well if I upload only images. But this prevents the deletion of the photo. How can I create the right security rule for this case?

service firebase.storage { match /b/<bucket>/o { match /{allPaths=**} { allow read: if request.auth != null; } match /users/{uid}/{filename} { allow write: if isCurrentUser(uid); allow write: if isImage() && isCurrentUser(uid) && lessThanNMegabytes(n) && request.resource !=null && filename.size() < 50; } } } function isCurrentUser(uid) { return request.auth.uid == uid; } function lessThanNMegabytes(n) { return request.resource.size < n * 1024 * 1024; } function isImage() { return request.resource.contentType.matches("image/.*"); }

+6

firebase firebase-storage firebase-security

tobeiosdev Jul 02 '16 at 7:52

source share

1 answer

Devid farinelli · Accepted Answer · 2016-07-02T10:35:39+0000

I would use this to check if you are creating / updating a file or deleting it

 match /users/{uid}/{filename} { allow write: if isCurrentUser(uid); allow write: if resource == null || ( isImage() && lessThanNMegabytes(n) && request.resource !=null && filename.size() < 50 ); }

Firebase Storage, what are the right rules for user-based download / uninstall?

More articles: