Firebase Storage Post rules apply to Delete rules

Question

This are my rules, applied to an img dir:

match /img {
  match /{fileId} {
    allow read, 
          write: if request.resource.contentType.matches('image/jpeg')
                 || request.resource.contentType.matches('image/png')
                 || request.resource.contentType.matches('image/gif')
                 && request.resource.size < 2 * 1024 * 1024
    }
  }
}

The problem is that those rules are also being applied to delete() as it is a write method too, so it always returns a permission error. I couldn't find anything in the documentation regarding this. How can I defer from POST/PUT rules and DELETE rules?

cerealex cerealex · Accepted Answer · 2016-08-12T18:48:48

Found the solution by myself. By letting the rule to apply when there is no resource sent at all (delete), it also gets write permission. The rest of the create/update code is sent to an OR expression.

match /img {
    match /{fileId} {
        allow read, 
        write: if request.resource == null || 
            (request.resource.contentType.matches('image/jpeg')
            || request.resource.contentType.matches('image/png')
            || request.resource.contentType.matches('image/gif')
            && request.resource.size < 2 * 1024 * 1024)
    }
}

Firebase Storage Post rules apply to Delete rules

2 Answers