0
0
Firebasecloud~20 mins

Custom functions in rules in Firebase - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Firebase Custom Functions Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding custom function usage in Firebase rules

Consider the following Firebase security rule snippet using a custom function:

function isOwner() { return request.auth.uid == resource.data.ownerId; }

What does the isOwner() function check?

AIt checks if the user making the request is the owner of the data.
BIt verifies if the user is an admin of the Firebase project.
CIt checks if the data is publicly readable.
DIt validates if the request is coming from a mobile device.
Attempts:
2 left
💡 Hint

Look at what request.auth.uid and resource.data.ownerId represent.

Configuration
intermediate
2:00remaining
Evaluating custom function behavior in Firebase rules

Given this Firebase rule custom function:

function canEdit() { return isOwner() && request.time < resource.data.expiry; }

Which of the following is true about canEdit()?

AIt allows editing only if the user is not the owner and the current time is before expiry.
BIt allows editing only if the user is the owner and the current time is before expiry.
CIt allows editing if the user is the owner or the current time is after expiry.
DIt allows editing regardless of ownership or time.
Attempts:
2 left
💡 Hint

Focus on the logical AND operator && in the function.

Architecture
advanced
2:00remaining
Impact of custom functions on Firebase rule performance

Which of the following statements best describes how custom functions affect Firebase security rule evaluation?

ACustom functions can improve readability but may increase evaluation time if complex or called multiple times.
BCustom functions always reduce evaluation time by caching results automatically.
CCustom functions are ignored during rule evaluation and have no impact on performance.
DCustom functions prevent any other rules from running after they execute.
Attempts:
2 left
💡 Hint

Think about how repeated calls to functions affect processing.

security
advanced
2:00remaining
Security risks of improper custom function use in Firebase rules

What is a potential security risk when a custom function in Firebase rules uses request.resource.data without validation?

AThe function will cause syntax errors and prevent deployment.
BThe function will always reject all requests, causing denial of service.
CAttackers could manipulate the request data to bypass security checks.
DFirebase automatically sanitizes <code>request.resource.data</code>, so no risk exists.
Attempts:
2 left
💡 Hint

Consider what request.resource.data represents and who controls it.

service_behavior
expert
2:00remaining
Determining the output of a Firebase rule with nested custom functions

Given these Firebase security rules:

function isAdmin() { return request.auth.token.admin == true; }
function canDelete() { return isAdmin() || isOwner(); }
function isOwner() { return request.auth.uid == resource.data.ownerId; }

allow delete: if canDelete();

If a user with request.auth.uid = 'user123' and request.auth.token.admin = false tries to delete a document with resource.data.ownerId = 'user123', what will be the result?

AThe delete request is denied because the user is not an admin.
BThe delete request is denied because the user is neither owner nor admin.
CThe delete request is allowed because the user is an admin.
DThe delete request is allowed because the user is the owner.
Attempts:
2 left
💡 Hint

Check the logic of canDelete() and the user's attributes.