Firebase Realtime Database Rules Based On Specific Data

0
votes

Is it possible to set up data access rules for a Realtime Database property based on a specific piece of data that the user is requesting?

For example, I'm an authenticated user (using Firebase Authentication), and I'm querying a certain property from the database, like this:

firebase.ref('myLists').orderByChild('listId').equalTo('someString').on('value', (snapshot) => {
  // ...
})

In what ways can I use that 'someString' value in Database Rules?

For .write, we have access to data and newData, but I don't think there is something similar for .read?

1
javascriptfirebase-realtime-databasefirebase-security

1 Answers

1
votes

You can allow this query, and only this query, by checking:

".read": "query.orderByValue === 'listId' && query.equalTo === 'someString'"

Of course this will still only return nodes that have a listId property with a someString value.

Also see the Firebase documentation on securely querying data.