1
00:00:00,210 --> 00:00:05,280
In this lecture, we are going to make a minor modification to our rules in Firebase.

2
00:00:05,550 --> 00:00:09,540
Currently, I'm in the rules section for the Firestorm database.

3
00:00:09,840 --> 00:00:14,430
Pause the video if you need to navigate to this page as it stands.

4
00:00:14,670 --> 00:00:17,400
Anyone is allowed to interact with the database.

5
00:00:17,730 --> 00:00:21,330
They can edit, add or delete data from our database.

6
00:00:21,870 --> 00:00:23,970
There are no restrictions in place.

7
00:00:24,240 --> 00:00:27,360
We should start curating our rules to be more secure.

8
00:00:27,630 --> 00:00:30,750
It's dangerous to allow anyone to have this much power.

9
00:00:31,050 --> 00:00:34,170
We're going to add some restrictions to the writing rules.

10
00:00:34,650 --> 00:00:40,860
Nested deeply inside the rules, the same condition is being used for reading and write permissions.

11
00:00:41,100 --> 00:00:43,950
We can create different conditions for each case.

12
00:00:44,220 --> 00:00:48,350
For Reading will allow anyone to view the data for writing.

13
00:00:48,360 --> 00:00:52,440
Will restrict permissions to authenticated users only.

14
00:00:52,770 --> 00:00:55,320
We're going to completely empty out the block.

15
00:00:57,780 --> 00:01:01,620
Next, add the following allow read, if true.

16
00:01:04,010 --> 00:01:04,910
Allow, right.

17
00:01:04,970 --> 00:01:07,650
If request walked off, you did.

18
00:01:08,180 --> 00:01:10,730
Exclamation point equals null.

19
00:01:13,580 --> 00:01:17,030
The first condition will allow anyone to read the database.

20
00:01:17,180 --> 00:01:20,780
We aren't going to store sensitive data such as passwords.

21
00:01:21,020 --> 00:01:23,330
It's all right if the data is accessible.

22
00:01:23,810 --> 00:01:30,530
As for the writing permission or using an object called request, we don't need to import this object.

23
00:01:30,830 --> 00:01:33,410
Firebase will define this object for you.

24
00:01:33,680 --> 00:01:38,390
We can use it to learn more about the user who's trying to access the database.

25
00:01:38,630 --> 00:01:44,990
If we have the authentication service turned on, Firebase will add their authentication status to this

26
00:01:44,990 --> 00:01:45,620
object.

27
00:01:46,160 --> 00:01:51,530
In the resource section of this lecture, I provide a link to the authentication object.

28
00:01:54,090 --> 00:02:01,140
According to the documentation, every authentication object will come with a UID and token in property.

29
00:02:01,500 --> 00:02:03,690
The one we're using is called UID.

30
00:02:04,260 --> 00:02:10,620
If the user is not authenticated, this property will be set to null back on the rules page.

31
00:02:10,740 --> 00:02:17,070
We're checking if the UID property is not equal to know if this condition returns true.

32
00:02:17,250 --> 00:02:19,950
The user will be able to write to the database.

33
00:02:20,220 --> 00:02:22,830
Otherwise, they'll be denied access.

34
00:02:23,340 --> 00:02:26,640
We're going to publish the rules before doing so.

35
00:02:26,730 --> 00:02:28,560
Make your rules match mine.

36
00:02:31,170 --> 00:02:37,500
We're finished with modifying the rules in the following lecture will begin authenticating the user

37
00:02:37,500 --> 00:02:38,910
into the application.