🎁 Role-Based Authorization

Role-based access control and security rules

Sample Firestore rules for Role-based Authorization where the user document determines the access level.

file_type_firebase rules.json 
match /posts/{document} {

    function getRoles() {
        return get(/databases/$(database)/documents/users/$(request.auth.uid)).data.roles;
    }

    allow read;
    allow update: if getRoles().hasAny(['admin', 'editor']) == true;
    allow write: if getRoles().hasAny(['admin']) == true;
}

Questions? Let's chat

Open Discord