3.2 Database Security Rules

From the Firestore Database, Click on the Rules tab and copy and paste the following code below:

Firestore Security Rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
  
  	match /users/{userId} {
    	allow read: if true;
      allow write: if isUserSignedIn() && request.auth.uid == userId;
    }
    
    match /contents/{id} {
    	allow read : if true;
      allow create: if isUserSignedIn() && isAdmin();
      allow update: if isUserSignedIn() || isAdmin();
      allow delete : if isUserSignedIn() && isAdmin();
    }
    
    match /categories/{document=**} {
    	allow read : if true;
      allow write: if isUserSignedIn() && isAdmin();
    }
    
    match /item_count/{document=**} {
    	allow read: if true;
      allow create, update: if isUserSignedIn() || isAdmin();
    }
  
  	function isUserSignedIn (){
    	return request.auth != null;
    }
    
    function isAdmin (){
    	return "admin" in get(/databases/$(database)/documents/users/$(request.auth.uid)).data.role;
    }
    
  }
}

Click on Publish button to publish the security rules. That's it.

Previous3.1 Firestore Database Setup Next3.3 Database Index Setup

Last updated 1 year ago