2

I'm using Firebase Simple Login with email/password authentication. I'm storing a variable called 'username' in /id/username so that each of the users have a unique name. However, the users can edit the value at that location and put an existing username. Is there a way to forbid users to change their username to an existing one? i.e. if /anyid/username/JOHN exists do not allow the change. Is there a rule that could be written for that?

Thank you in advance.

Gino
  • 21
  • 1
  • 2

1 Answers1

4

Yes there is! You can simply have a .write rules that requires that no data currently exists at that location. For example:

{
  "rules" : {
    "$id" : {
      "username" : {
        ".write":"!data.exists()"
      }
    }
  }
}
Andrew Lee
  • 10,127
  • 3
  • 46
  • 40
  • hey, thanks for the reply! however, wouldn't somebody be able to create an account WITHOUT assigning a username by doing via the JS console: var chatRef = new Firebase('https://whatever.firebaseio.com'); var authClient = new FirebaseAuthClient(chatRef, function(error, user) { (..) }); and then assigning himself any username they want, even though somebody else with another id already has it? – Gino Apr 09 '13 at 19:57
  • You could have additional rules that verify that the auth values are the same as whats being written to the user info. There's an example of some more complex rules here: https://github.com/firebase/firefeed You should also watch our screencast that guides you through how security rules work: https://www.firebase.com/docs/security-quickstart.html – Andrew Lee Apr 10 '13 at 04:47
  • why did you use a write operation instead of a validate operation? thanks for the help! – Crashalot Nov 01 '17 at 07:16