Securing your data

By default data stored in firebase will be both readable and writable by everyone who visits your website.

You an lock it down so that visitors can only write their data into your firebase, and only you can read it back out again by setting up the following security rules (by going to the "Rules" tab of the "Real-Time Database" in the firebase console):

{
  "rules": {
    "users": {
      ".read": "root.child('users').child(auth.uid).child('isAdmin').val() == true",
      "$uid": {
        ".write": "$uid === auth.uid && newData.child('isAdmin').val() == data.child('isAdmin').val()"
      }
    },
    "events": {
      "$path": {
        ".read": "root.child('users').child(auth.uid).child('isAdmin').val() == true",
        "$eventId": { 
          ".write": "!data.exists() && newData.exists()"
        }
      }
    },
    "views": {
      "$path": {
        ".read": "root.child('users').child(auth.uid).child('isAdmin').val() == true",
        "$viewId": { 
          ".write": "!data.exists() && newData.exists()"
        }
      }
    }
  }
}

This relies on you setting an isAdmin property on your user so you can read all the data back out. You can do this on the Data of the Realtime Database and finding your user id and adding and isAdmin field and setting it to true

Set Yourself as an Admin

results matching ""

    No results matching ""