Firebasecloud~5 mins

Custom functions in rules in Firebase - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Firebase security rules control who can read or write data. Custom functions let you reuse logic inside these rules to keep them simple and clear.

When you want to check if a user owns a document before allowing access.

When you need to verify if a user has a specific role stored in their profile.

When you want to reuse the same validation logic across multiple parts of your database.

When you want to keep your security rules organized and avoid repeating code.

When you want to make your rules easier to update by changing logic in one place.

Config File - firestore.rules

firestore.rules

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    function isOwner() {
      return request.auth != null && request.auth.uid == resource.data.ownerId;
    }

    match /posts/{postId} {
      allow read: if true;
      allow write: if isOwner();
    }
  }
}

This file defines Firestore security rules.

rules_version sets the version of the rules syntax.

service cloud.firestore targets Firestore database.

function isOwner() is a custom function that checks if the user is logged in and owns the document by comparing user ID.

match /posts/{postId} applies rules to all documents in the posts collection.

allow read: if true; lets anyone read posts.

allow write: if isOwner(); lets only the owner write to their post.

Commands

Deploys the Firestore security rules with the custom function to Firebase so they take effect.

Terminal

firebase deploy --only firestore:rules

Expected OutputExpected

=== Deploying to 'your-project-id'... ✔ Deploy complete! Project Console: https://console.firebase.google.com/project/your-project-id/overview ✔ Firestore Rules deployed successfully

→

--only firestore:rules - Deploy only Firestore security rules without affecting other Firebase services

Starts the local Firestore emulator to test security rules including custom functions without affecting live data.

Terminal

firebase emulators:start --only firestore

Expected OutputExpected

i emulators: Starting emulators: firestore ✔ firestore emulator started at http://localhost:8080 ✔ All emulators started, it is now safe to connect.

→

--only firestore - Start only the Firestore emulator

Runs tests on the Firestore security rules file to verify custom functions work as expected.

Terminal

firebase firestore:rules:test --rules=firestore.rules

Expected OutputExpected

Running Firestore rules tests... All tests passed successfully.

Key Concept

If you remember nothing else from this pattern, remember: custom functions let you write reusable checks inside Firebase security rules to keep them simple and consistent.

Common Mistakes

Writing the same logic multiple times instead of using a custom function.

This makes rules long, hard to read, and error-prone when updating.

Define a custom function once and call it wherever needed in your rules.

Using request.auth.uid without checking if request.auth is null.

If the user is not logged in, this causes errors and denies access incorrectly.

Always check request.auth != null before accessing request.auth.uid.

Deploying rules without testing them locally first.

Mistakes in rules can block all access or open data unintentionally.

Use the Firebase emulator to test rules and custom functions before deploying.

Summary

Create custom functions inside Firestore rules to reuse logic like ownership checks.

Deploy rules using 'firebase deploy --only firestore:rules' to apply changes.

Test rules locally with Firebase emulators to avoid mistakes in live data.