How can access realtime database in storage security rules in firebase to verify if the user is in a group for special privilages?

Question

I have a list of existing users in firebase.

I have storage files that should only go to users that are in a group "hasFullAccess" to access all the storage files.

Since we can't add on to the user object, I've added each of the users to the database to give them the extra metadata.

database:

{ 
   users: { 
    $uid: { hasFullAccess: boolean}
   } 
}

Now in the storage rules I want to allow users that have full access to be able to access the full content.

service firebase.storage {
  match /b/{bucket}/o {        
    match /files-demo/{allDirPaths=*} {
      allow read: if true
    }

    match /files-complete/{allDirPaths=*} {
      allow read: if request.auth != null && // (users have full access?)
    }
  }
}

If it's possible how can I reference my database in firebase storage rules?

Doug Stevenson Doug Stevenson · Accepted Answer · 2018-05-14T05:23:07

You can't reference values from Realtime Database (or Firestore) from within Cloud Storage rules. Currently, each of these rule systems is completely independent of each other.

What you can do, however, is write Cloud Functions code that responds to changes in each one of these products that can also access the other products in order to check that values are consistent. A full exploration of this topic, and how to use Cloud Functions effectively this way, is outside the scope of a Stack Overflow answer.

How can access realtime database in storage security rules in firebase to verify if the user is in a group for special privilages?

1 Answers