Firebase Auth Tutorial #10 - UI & Firestore Security Rules

The "rules" tab of Database in Firebase always scares me. But you gave me the courage to fight against it. Thank you so much!

Cho

Yes! I've been waiting patiently for this lol. Keep up the great work. I've learned so much from all your series! 🤓

bobdpa

this stuff is good! absolute legend, thank you for putting this together it's helping me so much with what I need to do

nohammahon

Oooh! as awesome as ever! now i can't wait for the next video.

michongoma

I am not scared or intimidated by Firebase anymore. All thanks to you Shaun. Good job on this series, world-class quality content my friend. Greetings from South Africa

SimPwear

The video is amazing, but I found a loophole in one place,
Instead of checking the length of the data array, we should pass the user object directly to the setupGuides function, because it can happen that you are logged in but you dont have any data in your database. And your code will show "Login to view guides" in these cases also. By checking the user object for null, you can eliminate the issue, because user is null only when you aren't logged in, no relation to what's stores in the database.

pratyushbhatt

Dude sorry, as I keep dreaming more series from this "ninja pipeline of educational content".
Do you have any plan to create a "cloud function" series!? Things like compressing uploaded images and videos.

Long live the net ninja.

Greetings from Tanzania 🇹🇿

raymondmichael

Great video, I want to add to it that you should implement a simple `allow delete: if false;` or any condition you might want to use for that. If you leave the rules as they are here, anyone would have access to a delete request and delete your database.

Alhamdulillah dapat video seperti ini. thanks ninja.. awwww..

ridwanridiawan

You can take the firestore security rule to another level by doing:

*allow read, write: if request.auth != null && request.auth.uid == userId;*

This won't just give read and write access if the request auth id is not null, but rather it will check if that reqeuest auth id is equal to the userId.

Antnix

This is some awesome video serie. You deserve all your 439k + 1 subscribers.

alimertc

Loving the course so far! in your firebase series do you by chance show how to narrow this down even more? like having levels of membership or types? or would this just happen by breaking them out within the DB?

chrisconnelly

Quick question. What if I make a request with some uid I make up. It is not null, so I should get the data. Or does firebase somehow checks first if the uid is in auth list of uids?

BHFJohnny

how did you covered keep user signed in after reload?

LuckyStilet

Thank you, Senpai, for the wonderful tutorial. Just a tip to my co-Kohais out there, the best way to learn is to do this:

1. Watch the entire video and listen very carefully all through out. Try to remember everything.
2. Recreate the lesson in your local environment with the video playing in the background. Code as you listen. If you forget, look at the video.

This way you immerse in step 1 and you execute in step 2. Any issues encountered along the way will be a learning opportunity. Pretty effective, I must say.

ilustrado

Ninja, Do you know if I can read and fetch from user's Gmail account when they sign in with Google? I know Auth0 allows this but wasn't sure about Firebase Auth.

boshiij

at 10:30 do we have to hit publish in order for firebase to remember the new rules you wrote?

yadude

does it provide security that any session api provides?

imkronos_me

how did we get the "bookId" because it is a "books" collection?
So if it were a "authors" collection then this will be "authorId"?

shadmanmartinpiyal

so what is the plan here when we are setting up different routes? How do I set them on on 'onAuthStateChange'. In this tutorial guides are almost "hardcoded" into auth stage. Am I missing something?

arturmrozinski