Firebase Security Rules for Storage

Question

I have just started using Firebase and I am able to read/write/edit/delete to the database. In my app I only show data to the user if he/she has access to it.

I do that by creating a user node and another node (call it services) and reference the services in that users child node.

I have never used Firebase's security rules before, and I now want to starting using Firebase Storage for images.

I am following a tutorial and my console said,

Permission denied. Could not access bucket.. Please enable Firebase Storage for your bucket by visiting the Storage tab in the Firebase Console and ensure that you have sufficient permission to properly provision resources

Upon googling and searching on SO on how to set up these security rules I am not sure what is the right answer. Some answers suggest I write methods in my code to grant permission, but the documentation suggests that I need to do it on Firebase's end.

This is one of the examples

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/<your-firebase-storage-bucket>/o {
    // Files look like: "user/<UID>/path/to/file.txt"
    match /user/{userId}/{allPaths=**} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

I cannot make sense of peoples answers

Like this one from a few months ago

    {
  "rules": {
    "UsersDB": {
      "$uid": {
        ".read": "auth.uid == $uid",
        ".write": "auth.uid == $uid"
      }
    }
  }
}

Can somebody please explain for the current Firebase (and for iOS Swift..if it matters) how to just make it so user 1 can only read/write his/her data/photos

ThierryC · Accepted Answer · 2017-02-20T10:52:45.293

14

You need a corresponding File Path structure:

For example when you upload the file store them like this:

(root…) /user/uidxxx/myfile.jpg

Where "uidxxx " is the Unique User ID defined in your authentication database.

Then on the console/storage / Rules tab you can write the rule:

// Grants a user access to a node matching their user ID
service firebase.storage {
  match /b/<your-firebase-storage-bucket>/o {
    // Files look like: "user/<UID>/path/to/file.txt"
    match /user/{userId}/{allPaths=**} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

{userId} is a wildcard that will be replaced by the corresponding "uidxxx"

edited Feb 20 '17 at 10:52

answered Feb 20 '17 at 09:07

ThierryC

1,794
3
19
34

OK, so my question then I guess is ...storage and database are separate then?...so do I need to recreate my structure for the storage – RubberDucky4444 Feb 20 '17 at 09:12
yes you can define the file structure as you want, but the trick is to match the File path with the database and security info (like the userId, or some folder name for i.e) – ThierryC Feb 20 '17 at 09:17
but how would one use the user email as the path? – John Miller Oct 01 '21 at 15:44

score -4 · Answer 2 · answered Nov 21 '19 at 11:36

-4

service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read, write;
    }`enter code here`
  }
}

This is Correct Ans for Firebase Storage

answered Nov 21 '19 at 11:36

safal bhatia

195
1
5

Firebase Security Rules for Storage

2 Answers2

Linked