How does Firebase compares a variable (== vs ===) in Data Rules?

4
votes

Information that is given below is straight from Firebase website.

{
  "rules": {
    "users": {
      "$user": {
        ".read": "auth.uid === $user",
        ".write": "auth.uid === $user"
      }
    }
  }
}

When a client tries to access /users/barney, the $user default location will match with $user being equal to "barney". So the .read rule will check if auth.uid === 'barney'. As a result, reading /users/barney will succeed only if the client is authenticated with a uid of "barney".

Firebase is good at documenting, but I didn't find any deep discussion about using "==" or "===". As long as I know it works like how JavaScript does.

According to their documentation

if auth.uid === 'barney'. As a result, reading /users/barney will succeed only if the client is authenticated with a uid of "barney".

Sometimes I've seen 

"$user": {
        ".read": "auth.uid == $user",
        ".write": "auth.uid == $user"
 }

So my question is which one is the right way to do it? What is happening when we use "==" and "===" in rules?

2
javascriptfirebasecomparisonfirebase-authenticationfirebase-security
What about your question is different from the one you linked? As far as I can tell, the answers there answer your question. Given that here it claims the expressions are "JavaScript-like," and so barring documentation to the contrary, the same meaning of == and === presumably applies?T.J. Crowder
I want to know if Firebase treats "==" and "===" same!user2884707bond
Well, it says the syntax is "JavaScript-like." Unless they tell you something else, doesn't that tell you what == and === do?T.J. Crowder
I thought it does like Javascript, but I haven't been able to find about that. Even if they do "auth.uid === 'barney'" it would contradict their document. Because if they use "===" that means they are checking if th auth.uid is also string and not comparing the content of "auth.uid"!user2884707bond
@user2884707bond "Used to check if two variables in a rules expression have the same type and value"4bottiglie

2 Answers

6
votes

If you consult the Firebase Database Security Rules API documentation, you will see the following definitions for equals:

=== (equals)

...
Note:: == IS TREATED AS ===. If you use == in your security rules, it will be translated to === when the rules are run.

and for not equals:

!== (not equals)

...
Note: != IS TREATED AS !==. If you use != in your security rules, it will be translated to !== when the rules are run.

1
votes

I think Firebase treats all === as == (similarly all !== as !=).

My evidence is that the Bolt Compiler converts triple operators in your bolt file to double operators in the rules JSON output.