Is it possible to set storage rules using firestore of Firebase?

6
votes

So I'm trying to set rules into storage, but I need to access to firestore to set it right.

Here is my example:

Into my firestore database I have a users collection which have a collection named items. The path look like this: /users/items/{itemId}

I want that a user can read and write a file into storage with this path: /items/{id}/file.png only if the {id} of the item already exist into the items collection of firestore database. Is there a way to set correctly rules into storage using firestore ?

I tried this:

service firebase.storage {
  match /b/{bucket}/o {
    match /items/{item}/{allPaths=**} {
        allow read, write: if exists(/databases/{database}/documents/users/$(request.auth.uid)/items/$(item));
    }
  }
}

But this doesn't work :/

Thanks for your help!

1
firebasegoogle-cloud-firestorefirebase-security

1 Answers

8
votes

There is no way for security rules of one Firebase product to refer to another Firebase product. The performance implications would be too big.

If such inter-product consistency is a requirement for you, you might want to consider doing the writes from Cloud Functions. While that doesn't suddenly allow cross-product security rules, it does mean that you an ensure it is your code doing the writes and the code is running in a more reliable environment then the average user's phone or PC.