-
-
Save vishalforcode/48a5e67ddac90dbdd22a6a4b099cc072 to your computer and use it in GitHub Desktop.
Role-based security in Firebase
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This example shows how you can used your data structure as a basis for | |
| your Firebase security rules to implement role-based security. We store | |
| each user by their Twitter uid, and use the following simplistic approach | |
| for user roles: | |
| 0 - GUEST | |
| 10 - USER | |
| 20 - MODERATOR | |
| 99 - ADMINISTRATOR | |
| */ | |
| { | |
| "users": { | |
| "twitter:12345": { | |
| "full-name": "Sara Robinson", | |
| "username": "SRobTweets", | |
| "role-value": 10 | |
| }, | |
| "twitter:56789": { | |
| "full-name": "Michael 'Kato' Wulf", | |
| "username": "katowulf", | |
| "role-value": 20 | |
| } | |
| .... | |
| }, | |
| "rooms": { | |
| "public-room-1": { | |
| "users": { | |
| "twitter:56789": 20, | |
| "twitter:12345": 10 | |
| } | |
| }, | |
| "admin-only-room": { | |
| "users": { | |
| "twitter:56789": 20 | |
| } | |
| }, | |
| }, | |
| "messages": { | |
| -JVwTPcWMIt0J6Gbtrqh: { | |
| "room-id": "public-room-1", | |
| "user": "twitter:12345", | |
| "text": "Hello everyone!" | |
| }, | |
| -JVwU5tLQRPbzXo4s_a1: { | |
| "room-id": "admin-only-room", | |
| "user": "twitter:56789", | |
| "text": "This is a top secret message." | |
| } | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* This shows how you can authenticate users and store user data in Firebase | |
| using Firebase Simple Login with Twitter. The corresponding security rules | |
| are in the security.json file */ | |
| // Define Firebase references | |
| var ref = new Firebase("<your-firebase>.firebaseio.com/"); | |
| var usersRef = ref.child("users"); | |
| var currentUser = null; //we'll use this to see if a user is currently logged in | |
| // Call an 'auth' function when a user clicks a login button (this example uses twitter) | |
| $('#login').on("click", function () { | |
| auth.login('twitter'); | |
| }); | |
| // Authenticate users and store each user in Firebase by their Twitter UID | |
| var auth = new FirebaseSimpleLogin(ref, function (error, user) { | |
| if (error) { | |
| console.log(error); | |
| } else if (user) { | |
| usersRef.child(user.uid).set({pic: user.thirdPartyUserData.profile_image_url, username: user.username}); | |
| currentUser = user; | |
| } else { | |
| //user is logged out | |
| } | |
| }); | |
| // When a user adds a message, add the message data to Firebase | |
| $('#message-submit').on('click', function () { | |
| if (currentUser != null) { | |
| var message = $('#msgInput').val(); | |
| //Send the message to Firebase | |
| messagesRef.push({user: currentUser.uid, username: currentUser.username, message: message}); | |
| } else { | |
| alert('You must login with Twitter to post!'); | |
| } | |
| }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "rules": { | |
| ".read": true, | |
| "messages": { | |
| "$message": { | |
| //can add a message if they are a MEMBER | |
| ".write": "(!data.exists() && newData.exists() && root.child($room + '/users/' + auth.uid).val() >= 10)" | |
| } | |
| }, | |
| "users": { | |
| "$user": { | |
| //can add a message if authenticated | |
| ".write": "auth.uid === $user" | |
| } | |
| }, | |
| "rooms": { | |
| "$room": { | |
| "users": { | |
| // can write to the users list only if ADMINISTRATOR | |
| "$user": { | |
| "write":"newData.parent().child(auth.uid).val() === 99" | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment