Firebase Storage Rules customMetadata not working

2
votes

I made some rules to access shared files only for a group of people in Firebase Storage.

The way I do this is to put all the uid's in the customMetadata as keys

[uid: Value]

When I evaluate if the user can read and write the data, I do this:

service firebase.storage {
  match /b/{bucket}/o {
     match /{accountId}/{allPaths=**} {
        allow write: if request.auth.uid in request.resource.metadata.keys() && request.auth != null;
        allow read: if request.auth.uid in request.metadata.keys();
  }
 }
}

I can write successfully, but I just can't read the data.

I have tried all kind of ways:

request.metadata[request.auth.uid] == 'theValue'
request.resource.metadata[request.auth.uid] == 'theValue
request.auth.uid in request.metadata
request.auth.uid in request.resource.metadata.keys()

Nothing works.

1
firebasefirebase-storagefirebase-security
Can you try allow read: if request.auth.uid in resource.metadata.keys(); ?Rosário Pereira Fernandes
Omg you are right. It works now... I was so sure that I had tried that also 😒 But thanks!WYS
Great! I'll post it as an answer :)Rosário Pereira Fernandes

1 Answers

2
votes

You should use:

allow read: if request.auth.uid in resource.metadata.keys();

I see that you've tried request.resource many times. This variable is only accessible when writing to Firebase Storage. When reading you must use resource directly.