Data Store Security Filter

• https://firebase.google.com/docs/storage/security/user-security

// Anyone to read a public image if the file is less than 100kB
// Anyone can upload a public file ending in '.txt'
match /public/{imageId} {
  allow read: if resource.size < 100 * 1024;
  allow write: if imageId.matches(".*\\.txt");
}

match /public/{eventUUID}/{imageId}
allow read: if eventUUID in "auth props or something"
allow write: if eventUUID in "auth props or something"

• View Security Filter
  • "Event Data UUID in Auth Props"

Firestore Security Filter

This is Written in the database rules tab

• Create Security Filter

  • https://firebase.google.com/docs/auth/admin/custom-claims
  • Must be back end privledged

• Query Security Filter

  • Event UUID "in" (thats a keyword. in.) auth props
  • https://firebase.google.com/docs/rules/rules-language

Auth Admin Props

• Need events to be stored in a list.

admin.auth().setCustomUserClaims(uid, {admin: true}).then(() => {
  // The new custom claims will propagate to the user's ID token the
  // next time a new one is issued.
});

instead of admin true obj

{
events: lists,
}

Firebase Functions

• Need a seperate role privledge for backend user.

Useful Links

• Controlling Data Access Using Firebase Auth Custom Claims https://medium.com/google-developers/controlling-data-access-using-firebase-auth-custom-claims-88b3c2c9352a