firebase-security-rules

My request is pretty simple in appearence : limiting the number of documents in a subcollection using Firestore Rules. I already know that it is possible to know the size of an array using .size() . So, you may ask why I am not using an array to store my items ? Well, I want a "normal" user to not be able to update my parent document field but to be able to add a document to my subcollection. I already tried to do this : match /slots/{slot} { allow read: if true; allow write: if getRole() == 'ADMIN'; match /participants/{participant} { allow read: if true; allow create: if get(/databases/$

I have a static app hosted on Firebase hosting whose backend is also on Firebase(communicating using firebase JS api). I want to add a simple auth page to all pages of this website so that only users I want can access this site. Is this possible? Looked at the docs but didn't find anything that helps me in this regard. You can do this using Firebase Functions, and an Express call. Put all of your static files into a folder named functions/admin and put this function into functions/index.js : exports.admin = functions.https.onRequest((req, res) => { const url = req.originalUrl ? req.originalUrl

I am working on a project and I followed few tutorials in order to learn and build the app. But all of them, they change the Firebase read and write rules to true which is not safe. for example they change { "rules": { ".read": false, ".write": false } } to { "rules": { ".read": true, ".write": true } } This gives access to anyone to read and write the server data which is not safe in any way. And hence I turned this to false and now I am unable to register the user to Firebase it is giving an error saying 'Permission Denied. So what would I have to do in order to get the permission now.

I am trying to get access to my firebase data to run a little test. I have setup an app in the firebase console and set the access rules to: // Allow read/write access to all users under any conditions // Warning: **NEVER** use this rule set in production; it allows // anyone to overwrite your entire database. service cloud.firestore { match /databases/{database}/documents { match /{document=**} { allow read, write: if true; } } } Nevertheless I am always getting the following error: angular.js:14328 Error: permission_denied at /messages: Client doesn't have permission to access the desired

How can I check if there are only strings in request.resource.data.myArray ? Loops and recursive calls are not allowed. This is not possible today, unless you know the size of the array, and you write an expression to check the element at each index. However, what you're asking is a reasonable thing to want to do, and you should file a feature request for it. Bear in mind, though, that it's a long way off from happening. The only way this would eventually work is if the rules language had a lambda type where you could pass a predicate function into a method that ensures it only returns true

Currently, I have implemented a project folder structure similar to the below Project folder structure I have added the Phone authentication in my code. Now with the help of Firebase rules, I would like to restrict my users to access the child (Phone number 1) based on authenticated phone number. For instance, if I log-in with phone number "9999999999" then I would like to restrict the user to access only the child of "9999999999" in Firebase rules. Could you suggest me here to improve the security here. You can access the phone number from the users auth object so using this you can do the