1
00:00:04,770 --> 00:00:10,290
Welcome back class everyone Johnny be here with slopes dot com and in this lesson we are going to finally

2
00:00:10,320 --> 00:00:11,930
add some security rules.

3
00:00:12,030 --> 00:00:18,990
So if you recall from the previous course when we created our project if you look in our rules we have

4
00:00:18,990 --> 00:00:23,670
ourselves a little warning here and says anyone with your database reference will be able to read or

5
00:00:23,670 --> 00:00:25,100
write to your database.

6
00:00:25,170 --> 00:00:26,480
So you just get up and running.

7
00:00:26,490 --> 00:00:32,640
We accepted this but now that we are you know kind of approaching completion of our project we want

8
00:00:32,640 --> 00:00:37,710
to make sure that we lock it down and make it so the only people that we want to be able to read and

9
00:00:37,710 --> 00:00:39,290
write can get.

10
00:00:39,510 --> 00:00:45,390
So just to start out with let's go ahead and take a look at the current rules as are and kind of get

11
00:00:45,390 --> 00:00:48,260
a feel for what these rules do.

12
00:00:48,510 --> 00:00:50,260
So it's written a little bit.

13
00:00:50,490 --> 00:00:54,540
Kind of like javascript and ends at the top level.

14
00:00:54,540 --> 00:01:00,880
We have this service cloud that firestorm don't need to worry about that next line is and match and

15
00:01:00,900 --> 00:01:06,280
databases database inside the curly brace and then slashed documents.

16
00:01:06,330 --> 00:01:12,520
And so this is the top level database path in every file or database.

17
00:01:12,530 --> 00:01:18,180
You'll have this we don't actually see this if we take a look in our database.

18
00:01:18,240 --> 00:01:22,300
We don't see that but it is if it existed it would be like over here.

19
00:01:22,320 --> 00:01:24,260
So you would have that path.

20
00:01:24,300 --> 00:01:28,090
And then our thoughts collection and then our documents so on.

21
00:01:28,380 --> 00:01:28,900
OK.

22
00:01:29,160 --> 00:01:32,360
So you also don't need to worry about this too much.

23
00:01:32,430 --> 00:01:37,170
The next to the line is what makes it so that anyone can read or write.

24
00:01:37,200 --> 00:01:38,950
We have a match here.

25
00:01:39,030 --> 00:01:45,030
And what this match does is the way that the security rules work is by setting rules on specific collections

26
00:01:45,060 --> 00:01:46,490
or documents.

27
00:01:46,800 --> 00:01:52,920
And this match is saying what that specific collection or document is.

28
00:01:53,100 --> 00:01:58,460
And so what we have here is it's basically saying that any document.

29
00:01:58,620 --> 00:02:08,940
That's what the curly braces and the equal with the asterisks mean is that any document can allow reading

30
00:02:08,940 --> 00:02:09,770
and writing.

31
00:02:09,870 --> 00:02:17,330
OK so another we kind of understand how it is right now when it's allowing anyone to read and write.

32
00:02:17,370 --> 00:02:20,330
Let's go ahead and start to restrict it a little bit.

33
00:02:20,490 --> 00:02:27,510
So just thinking about our app I think that it makes sense for anyone who has logged in who is authenticated

34
00:02:27,810 --> 00:02:33,130
to be able to read and write to our thoughts collection as well as to our comments.

35
00:02:33,150 --> 00:02:33,670
Right.

36
00:02:33,900 --> 00:02:37,730
So let's go ahead and figure out how to write that out.

37
00:02:38,100 --> 00:02:47,130
So I'm just going to delete this and I'm going to say match slash thoughts.

38
00:02:47,160 --> 00:02:47,500
OK.

39
00:02:47,520 --> 00:02:48,590
So that's saying.

40
00:02:48,660 --> 00:02:54,480
So that's getting our thoughts collection and then I'm going to use the curly brace and I'm going to

41
00:02:54,480 --> 00:02:55,490
say I thought.

42
00:02:55,950 --> 00:02:57,570
And then curly brace.

43
00:02:57,760 --> 00:03:05,160
So what this is doing is saying any request that is inside of the thoughts collection and any of the

44
00:03:05,340 --> 00:03:08,850
documents and let's write our rule.

45
00:03:09,010 --> 00:03:16,980
So we're going to say allow read and write and then we do a colon and then we have our condition OK.

46
00:03:17,190 --> 00:03:21,940
So we're in allow read and write IF And so what is our condition.

47
00:03:21,960 --> 00:03:27,260
We want to restrict it to those that are often dictated lugged in.

48
00:03:27,360 --> 00:03:34,920
And so with each request that is received to the database we have access to that request and we can

49
00:03:34,920 --> 00:03:41,490
say request dot and then we have two properties that we can look at we can look at the resource of the

50
00:03:41,490 --> 00:03:48,340
document that is being sent up or the authentications who can say request that off is not equal to.

51
00:03:48,360 --> 00:03:48,820
No.

52
00:03:48,950 --> 00:03:49,540
OK.

53
00:03:49,950 --> 00:03:56,820
So it just goes through the skin we're saying if it matches thoughts collection and any of the thoughts

54
00:03:57,540 --> 00:04:05,550
then we are going to allow read and write if the request authorization is not equal to null.

55
00:04:05,550 --> 00:04:12,210
So if this is a valid authentication then go ahead and allow read and write to any of the thought documents

56
00:04:12,270 --> 00:04:13,940
in the thoughts collection.

57
00:04:14,150 --> 00:04:14,760
OK.

58
00:04:15,060 --> 00:04:19,220
And you can specify individual documents.

59
00:04:19,260 --> 00:04:27,030
So for instance if we checked in data and we grab one of these IDs here and we went to our rules we

60
00:04:27,030 --> 00:04:31,850
could no effort to save them.

61
00:04:31,920 --> 00:04:34,330
Whenever you change is you have to publish it.

62
00:04:34,360 --> 00:04:37,460
And so I'm just going to put that back because it was real quick.

63
00:04:37,470 --> 00:04:51,640
So this was a match slash thoughts slash thought and then allow read right.

64
00:04:52,470 --> 00:05:01,690
If the request that off does not equal no.

65
00:05:01,840 --> 00:05:04,870
And then to say what we have to publish.

66
00:05:05,380 --> 00:05:08,870
And you'll see here that the published changes can take up to 10 minutes to propagate.

67
00:05:09,100 --> 00:05:14,930
So I'm going to try not to press that too often in my experience it's more like one or two minutes.

68
00:05:15,130 --> 00:05:18,120
To be able to see those changes in your actual app.

69
00:05:18,170 --> 00:05:26,230
But anyways so we were saying that if we wanted to we could specify rules for individual documents as

70
00:05:26,230 --> 00:05:26,440
well.

71
00:05:26,440 --> 00:05:32,120
So here instead of curly brace thought I'm going to paste that ID.

72
00:05:32,290 --> 00:05:38,100
So if we did this then we would be setting rules for just that one single document.

73
00:05:38,620 --> 00:05:39,790
But that's not what we want to do.

74
00:05:39,790 --> 00:05:47,080
We want to set it for all of the documents inside of the thoughts collection and this word thought this

75
00:05:47,080 --> 00:05:52,500
is just a placeholder could be anything it could be I term it could be object you know.

76
00:05:52,630 --> 00:05:58,080
But since we're you know kind of looking in the thoughts collection thought makes sense.

77
00:05:58,540 --> 00:06:05,320
So inside of our collection we can read and write to any thought if we are authenticated and logged

78
00:06:05,320 --> 00:06:06,870
in.

79
00:06:06,890 --> 00:06:09,910
So now how about the comments collection.

80
00:06:10,070 --> 00:06:11,060
Well we can do that too.

81
00:06:11,060 --> 00:06:23,990
We can say match slash fots slash any of the thoughts and then we go a level deeper than we go to comments

82
00:06:24,770 --> 00:06:35,390
and then slash and then curly brace to do you know the wildcard any comment and then we say the same

83
00:06:35,390 --> 00:06:42,710
thing allow read and write if the request got off does not equal.

84
00:06:42,920 --> 00:06:48,590
Now another thing that we could do instead of having this having instead of writing out the entire path

85
00:06:48,590 --> 00:06:50,340
here what we could do.

86
00:06:50,450 --> 00:06:59,450
I'm going to comment this and here under our match thought thought we could write another one we could

87
00:06:59,450 --> 00:07:01,790
stay here and match.

88
00:07:01,850 --> 00:07:05,160
And then this would continue from right here.

89
00:07:05,390 --> 00:07:19,780
So then we could say comments and then cruelly braes comment and then I'll read and write if requested

90
00:07:19,780 --> 00:07:21,250
off does not equal no.

91
00:07:21,410 --> 00:07:25,200
And so this is equivalent to what we had before.

92
00:07:25,220 --> 00:07:31,520
Instead this is what this is doing is it's just sort of continuing on from right here and these rules

93
00:07:31,580 --> 00:07:38,020
will only apply to this and these rules will only apply to this game.

94
00:07:38,210 --> 00:07:43,040
And it's important to know that the rules by default they don't cascade.

95
00:07:43,070 --> 00:07:52,760
So if we had just done this allowing read and write to the thoughts documents then that doesn't automatically

96
00:07:52,760 --> 00:07:59,140
mean that anyone who's offline could comment or it could read and write the comments OK.

97
00:07:59,570 --> 00:08:06,650
There is a way to do that and that's using that wild card that we saw earlier which was the equal and

98
00:08:06,650 --> 00:08:08,330
the asterisks.

99
00:08:08,360 --> 00:08:17,690
So if we did that then we are saying any of the documents in the thoughts collection and any of their

100
00:08:17,690 --> 00:08:24,620
sub collections can be read read and written to just if you are law often.

101
00:08:24,860 --> 00:08:31,580
So I'm actually going to end with it like this because that is the behavior that we want we want anyone

102
00:08:31,580 --> 00:08:37,430
who is off then to be able to read and write to any of the documents in the collection or any of their

103
00:08:37,430 --> 00:08:38,600
sub collections.

104
00:08:38,740 --> 00:08:39,250
OK.

105
00:08:39,560 --> 00:08:45,990
And all actually go ahead and delete this as well.

106
00:08:46,130 --> 00:08:50,750
And so another thing that we could think about is the users collection.

107
00:08:50,750 --> 00:08:53,470
We haven't done too much with it in this course.

108
00:08:53,510 --> 00:08:54,620
We created it.

109
00:08:54,830 --> 00:09:01,640
So we're going to publish this so that we can take a look at our data we have here our users collection.

110
00:09:01,690 --> 00:09:07,850
Now if you're a user you don't want other people to be able to write to your data or maybe even read

111
00:09:07,850 --> 00:09:08,400
it.

112
00:09:08,420 --> 00:09:15,980
And so what I'm thinking is we only make it read and write if the person that is requesting the request

113
00:09:16,160 --> 00:09:19,490
is the same person that is in him.

114
00:09:19,910 --> 00:09:22,270
So to do that we jump into our rules.

115
00:09:23,090 --> 00:09:28,520
And hear what we're going to do is we're going to say match and we're going to take a look in the users

116
00:09:28,910 --> 00:09:36,110
collection and we're going to say user ID.

117
00:09:36,500 --> 00:09:48,940
And we're going to say allow read and write if the request dropped off dot ID.

118
00:09:48,980 --> 00:09:52,460
So now we're taking a look at the at the request that's coming in.

119
00:09:52,460 --> 00:10:04,100
And if the person that is off in is equal to the user ID then they can read and write right to it.

120
00:10:04,100 --> 00:10:04,310
All right.

121
00:10:04,310 --> 00:10:09,630
So it's kind of a little bit difficult to wrap your head around at first but there are some there's

122
00:10:09,650 --> 00:10:11,480
some great documentation.

123
00:10:11,480 --> 00:10:23,150
If you just search fire store security rules then right here you can read through and there's a whole

124
00:10:23,150 --> 00:10:26,570
lot of information here.

125
00:10:26,700 --> 00:10:33,730
Basically I've just shown you kind of the the most common rules that you'll use which is to allow reading

126
00:10:33,730 --> 00:10:40,780
and write to your collections based on whether or not you are often and whether or not you are the specific

127
00:10:40,780 --> 00:10:42,990
user that is making the request.

128
00:10:43,240 --> 00:10:47,350
As we have it right now though we're going to run into a problem because right now we're only allowing

129
00:10:47,350 --> 00:10:52,650
reading right if the request got off that ID is equal to the user ID.

130
00:10:52,810 --> 00:10:55,660
Well what about the case where we're trying to create a new user.

131
00:10:55,810 --> 00:10:57,590
And this isn't going to work.

132
00:10:57,760 --> 00:11:03,020
So what we need to do is we need to make it so that anyone in the app can create a new user.

133
00:11:03,190 --> 00:11:09,900
And so we can do that by saying allow create and then anyone can create a new user.

134
00:11:09,960 --> 00:11:14,310
I want to publish that and then we'll jump back into X code and see how that's working.

135
00:11:14,840 --> 00:11:19,870
Right so I'm going to run this and we'll see if it's been enough time it might not.

136
00:11:20,020 --> 00:11:22,550
If it hasn't been I want to show you what it looks like.

137
00:11:23,080 --> 00:11:27,850
All right so looks like we can read our thoughts collection Let's go ahead and try and add one real

138
00:11:27,850 --> 00:11:28,660
quick.

139
00:11:33,620 --> 00:11:39,080
When I post this it looks like we can post so we can write to Arafat's collection.

140
00:11:39,140 --> 00:11:41,620
Let's go and check out a comment.

141
00:11:41,810 --> 00:11:45,790
And so we can see our comments so we can read to it.

142
00:11:45,890 --> 00:11:49,330
And let's go ahead and write to it.

143
00:11:49,460 --> 00:11:50,380
Writing

144
00:11:52,790 --> 00:11:55,610
and sure enough we can write to it as well.

145
00:11:55,610 --> 00:11:56,050
All right.

146
00:11:56,090 --> 00:12:01,370
So that pretty much wraps it up for this target topic course in this course.

147
00:12:01,370 --> 00:12:07,670
We have covered a lot we have learned about how to authenticate users using the firebase authentication

148
00:12:07,690 --> 00:12:10,810
SDK specifically using email and password.

149
00:12:10,890 --> 00:12:19,730
Then we added a new feature for being able to write comments on posts and there we learned about transactions

150
00:12:19,730 --> 00:12:25,220
and being able to do multiple reads and writes out one time and then finally we finished up learning

151
00:12:25,220 --> 00:12:32,510
about security rules and how to lock down specific paths and collections and or documents based on whether

152
00:12:32,510 --> 00:12:36,830
or not you're off in or whether you are a specific user.

153
00:12:36,830 --> 00:12:42,890
And there's a lot more that you can do you can get pretty complicated with your security rules.

154
00:12:42,920 --> 00:12:48,350
So look into that some more do some research and I hope you guys enjoyed this course and I'll see you

155
00:12:48,350 --> 00:12:48,750
around.