How setting up firebase storage rules for specific users

Question

Im trying to set some storage rules for make only the UID users I specify can access to all paths of my storage.

Im tried this:

service firebase.storage {
  match /b/{bucket}/o {
    match /user/{userId}/{allPaths=**} {
      allow read, write: if request.auth.uid == userId;
    }
  }
}

with that rules setted up , I cant access to my storage, Im trying with "rules testing area".

My question is, how to add the specifics UserId I want to grant access to my storage?.

Does this answer your question? [Firestore write security rule for specific user using auth names](https://stackoverflow.com/questions/52241725/firestore-write-security-rule-for-specific-user-using-auth-names) — EraftYps, Jun 14 '20 at 03:27
Does the rule work the way you expect or not? The wildcard looks OK to me. I suggest editing the question to explain what doesn't work, based on the client code you've written that pairs with the rules. — Doug Stevenson, Jun 14 '20 at 04:00
@DougStevenson Hello Doug, I edited my question, I Setted up my rules as above. but when I try it in "testing area" not works. But I think dont works because I dont have specified nowhere what userId can access to my storage, thats is my problem, I dont know how specify the userId. — Elfasito, Jun 14 '20 at 14:46
@user667634 Im new with firebase, I ask to you, firestorage and firestore dont are diferent things?, anyways I readed that thread, I understanded I need to create a file what it containg a list of UID, and next I have to set that list direction in my rules?. — Elfasito, Jun 14 '20 at 14:54

score 2 · Answer 1 · answered Jun 14 '20 at 15:23

Thanks People, I resolved my problem. I created a group and specify whats Uid what to have access. this is my solution for now:

rules_version = '2';
function usersPermitidos() {
   return request.auth !=null && request.auth.uid in [
        "uiduser",
        "uiduser"
    ];
}

service firebase.storage {
  match /b/{bucket}/o {
    match /{allPaths=**} {
      allow read: if usersPermitidos();
    }
  }
}

I take the solution from here: Create group access to firebase storage without using custom authorization

How setting up firebase storage rules for specific users

1 Answers1