How firestore's security rules works in flutterflow - How I set them up

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi I thought I just make a quick video about the suggestion I got in the comments about the security rules for Firebase in or how you set up that in flood flow so yeah let's get started with how you can do that so on your screen you see I'm currently logged into my testing project for that I've been kind of using to show how to implement some features in in my YouTube channel and I thought I just use this project to demonstrate how I usually think about setting up the security in flut flow for the Firebase project um so there is a documentation that you can find on flut flow iio Dat Back and yeah you can see this long URL here I will drop this in the description so you can see and here you get somewhat good description from flutter flow themselves on how all of these kind of permission rules works and how yeah what they get access to but I we just thought I make a quick video about how they work and just explain why and when I use them so back in the flutter flow here you can see that I've got a user collection a child collection to that user collection and a kind of a public collection called invite codes that I went over in the last video so for the user I usually have both um or at least create I have to everyone because before um I user log in trap there are no users logged in so you will need to give kind of everyone where you know a non-authenticated user access to creating a user because for example if I set authenticated users here and when a user tries to log in and the account tries to create an account they could be that the app doesn't have time to authenticate in that new user before you create that user and then it will just create kind of authentication or an authenticated account without the actual document and so I usually just leave this for every one so yeah so there's no trouble when creating an account for read um it this depends on kind of what app you're building for for example my AI app awesome AI I set this to only users collection and users collection is basically so only this specific user or the user that's currently kind of active in that can only read the data inside of it so for example if I would have have to have an app as the AI app I would only want the current user to be able to see their training data and AI name interactions and CRM Integrations and all that good stuff but for example if you build a social and network or something where you want to kind of share posts that all people should be able to see then you would um set that specific kind of under collection for post to be read by everyone since you want other people to be able to read with other people's posts so user collection is basically something you set when you want um the current user it doesn't have to be logged in but just a current user collection to only be able to read it then we also have authenticated users and authenticated users I usually use that when I if there's some data I only want to be able to display when a user is logged into the app so users collection that allows users to can of or the app to read data from a user that's not logged in for example if you want to show some user specific data outside of the logged in app and in kind of yeah in offline mode or whatever and then you can use users collection or inside of that if you want to and authenticated users are basically the same as user collection but the user need to be authenticated and also authenticate users allow and other users to read other users data and so so I usually set it to users collection for more sensitive data and and by by the way before when I mentioned that post and when I said that to everyone you could have set that to authenticated users as well and so authenticated user is just so unauthenticated user can read this data no matter what User it's in and users collection is that specific user and no one yeah I don't need really to explain that one no one can read or you know and write or delete whatever you're setting for that data and then we also have this tagged user if I'm going to be totally honest I don't actually use this m tagged user type that often or I don't think I ever used it when I think no I've actually never used it so this basically is so you can tag specific users that you want to be able to read the data and for this you actually need to set up kind of a a custom field inside of the document and and that you want the tagged users to be able to read so if you go into the documentation I can actually show you how it looks so you can see here that we got kind of H we got a user with an IDE of course and inside the document that they want to read we need to create a field it doesn't need to be called created by but it could be called yes whatever you want and then in there you need to reference the user that you want or the tagged user that you want to be able to read this document and then you can just specify this um field inside of the tag users so if we go into flut flow and I set for example here to tag users I can see here I can kind of Select and uh oh wait let's just do this for event instead so event tag users so you can see here that I can actually use any of the fields for the event type and if I were to create a new column for the event collection or documents that was called Maybe tagged user and in here I could actually use the reference or ID for the user documents I want to be able to read that specific event so that's basically how um authenticated user user collection and tag users work so let's now go over quickly on how I can of think about using these so for user everyone create as mentioned before read I only want I want actually authenticate users because in my event app I have kind of this feed where a user can see all other users published events so I want to that user can read every other users's kind of display name and stuff like that because those are kind of associated with a publish H right and only the users collection because I don't want other people to be able to change another user so users collection so basically the current user can only make changes to itself H delete uh let's just set that no one because I don't want people to delete their accounts that's just something that um flutter flow/ Firebase will do with a clown function with when their account is are deleted for events and then uh authenticated users so that's just basically how I want it because I want authenticated users only to create an event I don't want like users outside that to be able to create an event so authenticated users a read is also authenticated users as before with the read for users right will be so changing or creating or changing will be users or wait no no no no because I added a feature so people can actually join events and then we need to change the events from another user that's not owning that specific event so then I will just use authenticated users for that as well and delete and then we can just use users collection so the user that owns that event invite code H create no one because I don't know like I don't want users to be able to create codes for themselves read everyone should be able to read it because um since we want to shake the invite code before they're logged into the app we actually need to make so sure so the app can actually read our invite code before we logged in so we actually need this to be everyone because and if you're creating this invite code feature and you'll set this to yeah any of these and you won't actually be able to kind of the invite code feature won't able to work because app won't be able to read your invite codes before the users log in so you set this read to everyone a write no one add delete uh everyone as well because we want to delete the invite code after they used it so yeah that's basically how I think of setting up these H security rules and how they work if you want to learn more just read their documentation here and yeah they got a lot more explanation going on here but I thought I was the yeah mention it overall so you got an over but that's basically it hope you have a great day and see you later I guess bye
Info
Channel: Leo McMillion
Views: 805
Rating: undefined out of 5
Keywords:
Id: KdePw3YLKDg
Channel Id: undefined
Length: 9min 11sec (551 seconds)
Published: Tue Jan 02 2024
Related Videos
FIREBASE VS SUPABASE - [FLUTTERFLOW]
Ambitious Alim
4.5K
How to create your own chatGPT in Flutterflow (updated version)
Leo McMillion
1.6K
Security Rules deep dive
Firebase
16K
How to get Text from Audio in Flutterflow - Using AI
Leo McMillion
593
Advanced Cyber Threats - How To Protect Against Ransomware as a Service
CRES Technology
257
How2Build -Roles, Groups and Permissions in FlutterFlow
flexperts
10K
Security Rules! 🔑 | Get to know Cloud Firestore #6
Firebase
260K
Firebase Security Rules Tutorial: Protecting Your App's Data | Firebase Bootcamp #17
Swiftful Thinking
4.2K
Deploy to Apple App Store | FlutterFlow University
FlutterFlow
11K
How to Validate Password and Confirm Password Fields Match in FlutterFlow
Code Ambassadors
439
Setup invite codes for your flutterflow app - So only selected people can signup
Leo McMillion
999
I HACKED FlutterFlow To Support ANY Backend!
James NoCode
7.5K
How to write Firestore security rules for a production ready app
Leo McMillion
115
Firebase Setup | FlutterFlow University
FlutterFlow
15K
FlutterFlow for Beginners #9 - Document Reference
Learn No-Code
5.6K
How to use Gemini Ai with Flutterflow | @FlutterFlow
Muhammad Junaid
1K
How to plan & structure your backend system when creating a new feature
Leo McMillion
459
Best Backend for FlutterFlow - Complete Beginner Friendly BuildShip and FlutterFlow tutorial
BuildShip + Rowy
11K
@FlutterFlow How to Upload a Photo/Video to App
Theebatt NoCode
14K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.