Firebase StackBlogger, , , , , , , ,

How to write Firebase Realtime Database Rules using Bolt

Bolt is a great way to write Firebase Realtime Database complex Rules and deploy. Writing rules using bolt is much easier than writing rules directly in Realtime Database. But please note that, you can write rules using Bolt for Firebase Realtime Database, not Firestore.

Make Paths:

You can write Node Paths something like this:
1.  path /node1 {}
2. path /node1/{variable1} {}
3. path /node1/{variable1}/test2 {}
4. path /node1/{variable1}/test2/{variable2} {}
etc…

Contents inside paths:

There are two permissions: Read, Write; should be written inside blocks.

Here are some examples:

Allow Read & Write to Anonymous

path /node1 {
    read() { true }
    write() { true }
}

Allow Read & Write to only Logged In Users

path /node1 {
    read() { auth != null }
    write() { auth != null }
}

Allow Read & Write based on User Role

If you have Users node inside your Realtime Database and have role field inside that node then you can write a custom rule to check that role value and then allow or disallow.

I have also covered how you can create a custom function and call that.

path /node1 {
    read() { allowReadToAdmins() }
    write() { allowWriteToSuperadmins() }
}

allowReadToAdmins() {
    root.users[auth.uid].role == "admin"
}

allowWriteToSuperadmins() {
    root.users[auth.uid].role == "superadmin"
}

Validate your Data before Update

This rule works when you want to prevent user to update an Email which is already used by someone.

path /users/{userId} {
    validate() { validateUserBeforeUpdate() }
    read() { auth != null }
    write() { auth != null }
}

validateUserBeforeUpdate(userId, event) {
    root.users[userId].email != event.email
}

Allow User to update only their Profile Data

path /users/{userId} {
    read() { restrictSignedIn() && allowUserToReadWriteOnlyTheirData() }
    write() { restrictSignedIn() && allowUserToReadWriteOnlyTheirData() }
}

restrictSignedIn() {
    auth != null
}

allowUserToReadWriteOnlyTheirData(userId) {
    userId == auth.uid;
}

There are many other rules though we can use to restrict data for users.

Conclusion

That’s it. We learnt about how to write firebase realtime database rules using Bolt. Here you can check on how to deploy them to Firebase.

Leave a Reply

Your email address will not be published. Required fields are marked *