I have created an app, that allows users to create a simple photo collection. All the data is stored in the Firebase Cloud Firestore. The images are uploaded to Firebase Storage. The owner of a collection can invite any other user to access his collection and upload photos. The sharing of data in Firestore works fine. But now I have problems with writing the security rules for Storage. Does anyone know, how I have to write the rules, so that any user added to the collection can access the images as well? The files for each collection are stored in separate folders.
-
What have you tried so far? Is something with security rules not working the way you expect?– Doug StevensonCommented Jul 1, 2019 at 22:52
-
Yeah it is working, if I add the corresponding user ids to the meta data of each file. But how can I enable the user to upload new files? They do not have any meta data that could be validated against the security rules.– MojoCommented Jul 2, 2019 at 9:42
-
Are you saying that you want to use data in Firestore control access to data in Cloud Storage?– Doug StevensonCommented Jul 2, 2019 at 10:41
-
Yeah exactly, what I’m looking for is a way to allow read and write according to the data in Firestore. Is this possible? I thought about a Cloud Function, but I’m not sure if this is possible.– MojoCommented Jul 2, 2019 at 12:46
2 Answers
Firebase security rules currently do not bridge between products. You can't use data in Cloud Firestore in security rules for Cloud Storage. The only things you have access to in security rules for Cloud Storage are object metadata and Firebase Authentication custom claims per user. You will have to figure out a way to make changes to either one of those things to implement your permissions.
Alternatively, you can direct all access through Cloud Functions to decide if the user should be able to access the content, but bear in mind that Cloud Functions responses can only be 10MB maximum.
-
Thanks @dougstevenson, I think this is what I was looking for. How can I upload an image to Cloud Functions or add it to the Functions response? I'm sorry for all these questions, but I'm new to Cloud Function development.– MojoCommented Jul 4, 2019 at 20:06
You should look into creating a private group and authenticate the group with help of private token.
https://firebase.google.com/docs/storage/security/user-security#group_private
-
Many thanks for your quick reply. But is it possible to create multiple tokens for only one user? And can I create these tokens using a Cloud Function? I could not find anything about that in the documentation. Thanks?– MojoCommented Jul 2, 2019 at 5:29
-
you might have to create a token from different server and then use that token to authenticate with fire base. If you want a user to share multiple folder with multiple people, then you should start looking into google cloud storage. Fire base is not intended for this purpose.– yogaCommented Jul 2, 2019 at 13:26
-
1see the link to create the custom tokens: firebase.google.com/docs/auth/admin/create-custom-tokens . There are several other ways to do the same thing.– yogaCommented Jul 2, 2019 at 13:31