JavaScript Multiple admins in Firebase - is it possible?


I'm trying to create a client-side only application using Firebase as a database service and I'm experiencing some difficulties defining a security rules that will allow multiple 'admin' users access to some data.

My data schema looks like this:

{
  admins: {
    simpleLogin:1 : true,
    facebook:1234 : true
  },
  myData: {
    simpleLogin:1 : {
      .....
    },
    google:1234 : {
      .....
    },
    facebook:1234 : {
      .....
    }
  }
}

I'm trying to allow a logged in user to write to its place inside 'data' object (I'm writing with ref.child('myData').child(auth.uid).set(...) and to prevent a user to access other users data. In addition, a user that its uid is defined in 'admins' data should be able to read/ write to all 'myData' object.

My security JSON is defined like this:

{
 "rules": {    
   "admins": {      
     ".write": false,
     ".read": true
   },
   "myData": {      
      "$user_id": {
         ".read": "$user_id === auth.uid ||  
              root.child('admins').hasChild(auth.uid)",
         ".write": "$user_id === auth.uid || 
              root.child('admins').hasChild(auth.uid)"
       }
   }
 }
  • I'm adding users to 'admins' manually using a local node service that I'm running each time I would like to make a user an admin.

Of course this is not working, since 'myData' has no explicit definition of read/write permissions - so when I'm trying to read ref.child('myData').once('value', function() {..}) with a user that its uid is in 'admins' - I'm not able to do so.

I'm trying to run the following query and gets with a user that its uid is in 'admins and gets permission denied

ref.child('myData').once('value', function(snapshot)     
  {console.log(snapshot.val())}, function() {console.log(arguments)}))

Is it even possible to do what I'm trying to do?

Answer:1

There's nothing stopping you from adding rules directly to myData. This gives admins direct access to myData (and all nodes within it). If the user isn't an admin, they can only access their own node.

"myData": {
   ".read": "root.child('admins').hasChild(auth.uid)",
   ".write": "root.child('admins').hasChild(auth.uid)",
   "$user_id": {
      ".read": "$user_id === auth.uid",
      ".write": "$user_id === auth.uid"
    }
}

Regarding Firebase's cascading security rules: The key part to understand is

The child rules can only grant additional privileges to what parent nodes have already declared.

Basically, if you're an admin, then you're granted read and write at the myData level (and it's children) and nothing can revoke that. If you're not an admin, you could still gain access at a lower level, as in the above example.

Answer:2

While using Bootstrap 2.3, Bootbox and viewing the result in Google Chrome on Ubuntu you get a less than appealing border around the button because it is auto-focused. I havent found any api hooks to ...

While using Bootstrap 2.3, Bootbox and viewing the result in Google Chrome on Ubuntu you get a less than appealing border around the button because it is auto-focused. I havent found any api hooks to ...

  1. bootbox remove autofocus

I have about 30-40 images that I'm currently attempting to reload. However, I still get this "flicker" when I hover over a image. The images disappear for a couple of milliseconds and then comes back. ...

I have about 30-40 images that I'm currently attempting to reload. However, I still get this "flicker" when I hover over a image. The images disappear for a couple of milliseconds and then comes back. ...

Ionic AngularJS Cordova app running on Android I have a service which inits some event listeners. Some work whereas two are causing the app to crash with the logcat error Uncaught Function ...

Ionic AngularJS Cordova app running on Android I have a service which inits some event listeners. Some work whereas two are causing the app to crash with the logcat error Uncaught Function ...

  1. cordova android version
  2. cordova android target not installed
  3. cordova android studio
  4. cordova android latest version
  5. cordova android app bundle
  6. cordova android 10
  7. cordova android npm
  8. cordova android permissions
  9. cordova android github
  10. cordova android icon
  11. cordova android back button
  12. cordova android splash screen
  13. cordova android target
  14. cordova android webview
  15. cordova android manifest
  16. cordova android minsdkversion
  17. cordova android auto
  18. cordova android 9
  19. cordova android plugin
  20. cordova android adaptive icons

I want to use leaflet marker (for latLng) and a slider (for radius) for my search form. The mongodb part will be like location: { $geoWithin: { $centerSphere: [[lon, lat], radius] } } But ...

I want to use leaflet marker (for latLng) and a slider (for radius) for my search form. The mongodb part will be like location: { $geoWithin: { $centerSphere: [[lon, lat], radius] } } But ...