0

How can I get a field value from the firestore database, in my cloud storage rules?

I have the following path to an image in my cloud storage bucket:

/users/userId123/myimg.png

now when someone tries to access thst, I want to read the following firestore database field:

/users/userId123/public

If public is true, anyone should be able to see this image. If not, only the user should be able to see it.

Always, only the user should be able to write to the file.

Renaud Tarnec
  • 79,263
  • 10
  • 95
  • 121
Inxto
  • 1
  • @FrankvanPuffelen Hi Frank, if I may I think the duplicate is not exactly similar to the OP's case. He does not want to control the access based on a characteristic of the user who tries to read it (e.g. a user role) but based on a characteristic of the image (i.e. if it is public or not, which is defined in a Firestore collection). So IMHO Custom Claims will not help here. – Renaud Tarnec Sep 02 '20 at 18:58
  • "I want to read the following firestore database field" vs `get(/databases/mydbname/documents/guilds/$(guildID)).data.users[(request.auth.uid)] in ["Admin", "Member"]` are both requests to access Firestore data from Storage rules, which (as you said below, and as I answered in the link) isn't possible. You're free to vote to reopen, but I feel that this is enough of the same use-case and solution/workaround to be a duplicate. For example: your answer below could also be applied to the question I linked, and would be a valid answer there too. No problem if I get outvoted though. – Frank van Puffelen Sep 02 '20 at 20:16

1 Answers1

1

This is currently not possible. You cannot have cross-services security rules.

One possible way would be to add a metadata value to the image, which indicates if it is public or not and that you use in the Security Rules, see here.

Or, maybe, you could have the public images under a public folder?

Renaud Tarnec
  • 79,263
  • 10
  • 95
  • 121
  • Ok, that's a bit disappointing, but thanks for your help. I will mark this as answer when stack overflow allows me too. – Inxto Sep 02 '20 at 10:02
  • And yes, I think that metadata would be the right way to go now. – Inxto Sep 02 '20 at 10:03