#StackBounty: #firebase #google-cloud-firestore #firebase-security #firebase-security-rules Achieving granular data validation in fires…

Bounty: 100

Lets assume I have a character document in my database i.e. /characters/{characterID}

Shape of this document can be as follows:

{
  username: "Username",
  race: "ORC or ELF",
  gender: "FEMALE or MALE",
  gold: 1000,
  equipement: {
    helmet: "null or string",
    boots: "null or string"
  } 
}

I want to allow following use case:

  1. user can create character for him / her self by providing valid username, race, gender once they create character these fields should not be editable
  2. rest of the fields are updatable by user either all at once, one per time or any mix of fields. (once they are updated a firebase function is triggered to validate this, but in terms of rules we want to make sure users send valid values)

I figured out step number 1 via using following rule, validCreateCharacterData verifies username, race and gender.

service cloud.firestore {
  match /databases/{database}/documents {

    // Characters
    match /characters/{characterID} {
      allow create: if isOwner(characterID)
                    && validCreateCharacterData();
    }
  }
}

But I am having hard time figuring out how to validate rest of the data updates as they can be null or various mixes of fields. I wanted to make granular rules, but approach bellow doesn’t work :/

service cloud.firestore {
  match /databases/{database}/documents {

    // Characters
    match /characters/{characterID} {
      allow create: if isOwner(characterID)
                    && validCreateCharacterData();

      match /gold {
         allow update: if request.resource.data.gold is number
      }
    }
  }
}


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.