Challenge - 5 Problems

🎖️

Firebase Auth Rules Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ service_behavior

intermediate

2:00remaining

Firebase rule behavior with authenticated users

Consider this Firebase Realtime Database rule snippet:

{
  "rules": {
    "messages": {
      "$messageId": {
        ".read": "auth != null",
        ".write": "auth != null && auth.uid == data.child('owner').val()"
      }
    }
  }
}

What happens when a logged-in user tries to write a message where the 'owner' field is not equal to their user ID?

AThe write is denied because the user is not the owner of the existing message.

BThe write is allowed because the user is authenticated.

CThe write is denied because the user is not authenticated.

DThe write is allowed only if the message does not exist yet.

Attempts:

2 left

🧠 Conceptual

intermediate

1:30remaining

Understanding Firebase auth variable in rules

In Firebase Realtime Database security rules, what does the auth variable represent?

AThe list of all users currently connected to the database.

BThe database reference path of the current read or write operation.

CThe server timestamp when the request is processed.

DThe authentication token of the current user making the request, or null if unauthenticated.

Attempts:

2 left

❓ security

advanced

2:30remaining

Preventing unauthorized data deletion in Firebase

Given this Firebase rule:

{
  "rules": {
    "users": {
      "$uid": {
        ".write": "auth != null && auth.uid == $uid"
      }
    }
  }
}

Which of the following actions is not allowed by this rule?

AA user creating their own profile data.

BA user deleting their own profile data.

CA user updating another user's profile data.

DA user updating their own profile data.

Attempts:

2 left

❓ Configuration

advanced

2:30remaining

Configuring Firebase rules for public read and authenticated write

You want to allow anyone to read data under /posts but only authenticated users to write. Which rule configuration achieves this?

{
  "rules": {
    "posts": {
      ".read": "auth != null",
      ".write": "true"
    }
  }
}

{
  "rules": {
    "posts": {
      ".read": "true",
      ".write": "auth != null"
    }
  }
}

{
  "rules": {
    "posts": {
      ".read": "auth == null",
      ".write": "auth != null"
    }
  }
}

{
  "rules": {
    "posts": {
      ".read": "false",
      ".write": "auth != null"
    }
  }
}

Attempts:

2 left

❓ Architecture

expert

3:00remaining

Designing Firebase rules for multi-role access control

You have a Firebase Realtime Database with a /projects node. Each project has an ownerId and a list of collaborators (user IDs). You want to allow:

Owners to read and write their projects.
Collaborators to read but not write.
Others no access.

Which rule snippet correctly implements this?

{
  "rules": {
    "projects": {
      "$projectId": {
        ".read": "auth != null &amp;&amp; (auth.uid == data.child('ownerId').val() || data.child('collaborators').hasChild(auth.uid))",
        ".write": "auth != null &amp;&amp; auth.uid == data.child('ownerId').val()"
      }
    }
  }
}

{
  "rules": {
    "projects": {
      "$projectId": {
        ".read": "auth != null &amp;&amp; auth.uid == data.child('ownerId').val()",
        ".write": "auth != null &amp;&amp; (auth.uid == data.child('ownerId').val() || data.child('collaborators').hasChild(auth.uid))"
      }
    }
  }
}

{
  "rules": {
    "projects": {
      "$projectId": {
        ".read": "true",
        ".write": "auth != null &amp;&amp; auth.uid == data.child('ownerId').val()"
      }
    }
  }
}

{
  "rules": {
    "projects": {
      "$projectId": {
        ".read": "auth != null",
        ".write": "auth != null &amp;&amp; auth.uid == data.child('ownerId').val()"
      }
    }
  }
}

Attempts:

2 left