TransWikia.com

How do I set firebase database rules to not allow delete or update of children?

Stack Overflow Asked by hotpopper80 on December 22, 2021

I have the following Firebase database rules, but this only allows data to be written once. Nothing after that.

Edit. I want to make sure no data ever gets deleted, also.

{
 "rules": {
   "$uid": {  //userIDTom
     ".read": "true",
     ".write": "!data.exists()"
     }
   }
 }

I want to be able to write a child only if that child does not exist.

Example,

          "userIDTom" : {
        "testKey1" : "test1",
        "testKey2" : "test2",
        "testkey3" : "test3"
      }
    }
  }

All the above will be written into "UserIDTom"

But in the next example,

    "userIDTom" : {
            "testKey4" : "test4",
            "testKey2" : "update",
            "testkey5" : "test5"
          }
        }
      }

In the above example, only testKey4 and testKey5 will be written. testKey2 will be skipped because
it already exists. Note it should still be skipped even if it’s value is different. In other words, only allow writing of new keys.

End result should be:

          "userIDTom" : {
        "testKey1" : "test1",
        "testKey2" : "test2",
        "testkey3" : "test3",
        "testKey4" : "test4",
        "testkey5" : "test5"
      }
    }
  }
}

}

firebasefirebase realtime databasefirebase securityjavascriptnode.js

2 Answers

In the above example, only testKey4 and testKey5 will be written. testKey2 will be skipped because it already exists

What you're describing here is not how Firebase security rules work, they don't filter data: not when reading, nor when writing. When you perform a write operation, that entire operation is either accepted or rejected.

So if userIDTom already exists in your examples, then any write to/under it will be rejected. If userIDTom doesn't exist yet, the write will be allowed.

If you want to reject a write if any of the child nodes it writes to already exists, put the .write rule one level lower:

{
  "rules": {
    "$uid": {  //userIDTom
      ".read": "true",
      "$property": {
        ".write": "!data.exists()"
      }
    }
  }
}

Answered by Frank van Puffelen on December 22, 2021

Existing Data vs. New Data

To illustrate, this rule would allow us to create new records or delete existing ones, but not to make changes to existing non-null data:

data variable is used to refer to the data before a write operation takes place. Conversely, the newData variable contains the new data that will exist if the write operation is successful

// we can write as long as old data or new data does not exist
// in other words, if this is a delete or a create, but not an update
".write": "!data.exists() || !newData.exists()"

Learn all about Firebase Rules, And writing too

Answered by Ericgit on December 22, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP