Matching documents in Cloud Firestore (Part 1)

Matching documents in Cloud Firestore (Part 1) - Firecasts

Рет қаралды 17,798

Күн бұрын

Пікірлер: 26

@gauravmalltarlok5354 5 жыл бұрын

You guys should be awarded a Nobel Prize in Technology. I know that it doesn't exist but it should be created just for you.

@shalabyer 3 жыл бұрын

the best as always Doug :)

@dr.craigcurphey4829 5 жыл бұрын

How can I query on a partial match in a field in a document?

@deanjackson833 5 жыл бұрын

If you organize your functions in folders like: users/addUser.js, users/renameUser.js, orders/addOrder.js, orders/search.js, can the URLs be made to include the folder name like: mybaseurl/users/addUser, mybaseurl/orders/search ?

@adarsh_hatwar 5 жыл бұрын

very easy to follow and crisp explanation. I wanted to ask this: If one of the rules allows access and the other rule denies it, the end result is allow access. What was the reason to go with this design? Shouldn't it be deny access as after all they are security rules?

@dougstevenson3769 5 жыл бұрын

What you're describing has been the design since the original security rules for Firebase Realtime Database. Rules have to be efficient. So, it's very efficient to quickly allow access if a rule allows it, rather than check all the rules to see if one of them denies it. Also, how do you determine which rule has precedence - the allow or the deny? It's easier to reason about rules if they only ever allow access rather than deny it.

@adarsh_hatwar 5 жыл бұрын

@@dougstevenson3769 Well efficiency seems like a rather strong argument than precedence etc as every read/write request is evaluated against these rules. having a simulator helps identify any security issues prior to deployment too which helps. Thanks Doug :)

@andyfusniak 5 жыл бұрын

Sparky is used as an example of a uid in the first part of the video for the collection. In the middle, there is an example of request.auth.uid == uid so that only the currently authenticated user can write their own document. Later in the video, there is another example with the uid == "sparky". I always thought the uid for a Firebase Auth user is independent of the Firestore system and that you aren't able to pick and choose your own uids. Does the switch from sparky, to auth, to sparky imply that collection("users").doc("sparky") can match a Firebase Auth with a uid=sparky (i.e. we can pick our own uids for Firebase Auth) or that the middle examples has nothing to do with sparky and the uid in the collection match the auto generated uids of the Firebase Auth system?

@dougstevenson3769 5 жыл бұрын

There's no support for picking a uid. It's just a sample string for fun, and shorter size to fit on the screen.

@conormcelvaney 5 жыл бұрын

Thanks Doug!

@dougstevenson3769 5 жыл бұрын

You're welcome, stay tuned!

@julianbenegas512 5 жыл бұрын

Awesome guys!!

@thechrisgate 5 жыл бұрын

Any tips and tricks will be welcome in the Security Rules series! Cheers!

@dougstevenson3769 5 жыл бұрын

Stay tuned, as there will be plenty more tips and tricks on how to do common thing with security rules that might not be obvious at first. We just have to start with the basics first. :-)

@rezashah22 5 жыл бұрын

Very nice explanation as usually. I am wondering if you have org level security implementation or guide lines. For example, all users of a Company can access all document belong to that company.

@dougstevenson3769 5 жыл бұрын

That sounds like a use for Firebase Authentication custom claims, which will be a topic in the future. I'll encourage you to research that now in case that helps you sooner rather than later.

@rezashah22 5 жыл бұрын

@@dougstevenson3769 Thanks Doug. I will take a look into Firebase Authentication custom claims.

@TomerHY 5 жыл бұрын

this very helpful which i new that info when i was writing my app rules

@DEV_XO 5 жыл бұрын

Amazing mate, thanks a lot! :)

@denvernaicker8250 5 жыл бұрын

thank you for the video it would be nice to see this in code in an example template for an application i believe this is a ruleset by default all access to all users are given and we can change later on i feel its easier to dev with all access, i just need pragmatic examples of how to work around scenarios with read write to tables for certain users thank you this will help a lot i am just not sure how to integrate into a current massive project

@dougstevenson3769 5 жыл бұрын

I typically try to match rules with code, but I understand that it's difficult to integrate rules into an existing complex product. That's another reason why I recommended using rules as soon as possible. There is no easy way around it, but hopefully this entire series will give you some ideas about how to use security rules effectively in your project. Every project is different, and the real trick is to translate your project's requirements into effective security rules.

@denvernaicker8250 5 жыл бұрын

Doug Stevenson thank you Doug for the response I appreciate it