I am developing an iOS messaging application where a user can send the same message to several people. The message is stored in the firebase repository. I only want to include the users who sent the message in order to read it from the repository. I already implement this rule structure in my firebase database.
To implement this for storage, I add a list of uids to the customMetadata file of the message file, including the fromUid key for the person who composed the message. In my iOS app, I do the following:
var metadataValues = [String:String]() for friendUid in friendsSelected.keys { metadataValues.updateValue(friendUid, forKey: friendUid) // how do I access these values in my security rules } metadataValues.updateValue(senderUid, forKey: "fromUid") // how do I access this in security rules let messageMetadata = FIRStorageMetadata() messageMetadata.customMetadata = metadataValues
It was my attempt for the rules for reading and writing rules for node messages in Firebase Storage, but this does not work, and the documentation does not help.
match /messages/{messageId} { allow read: if request.auth.uid == resource.metadata.request.auth.uid; // I want all friend uids to be able to read file allow write: if request.auth.uid == resource.metadata.fromUid; // only the person who create the message can access it }
My attempt does not work. How to access customMetadata variable using fromUid keys and uids friends "request.auth.uid" in my security rules?
As a side element, I assume that there is no limit to the number of keys that I add to customMetadata?
source share