0
0
Firebasecloud~10 mins

Custom functions in rules in Firebase - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Custom functions in rules
Start: Request comes in
Evaluate custom function
Function returns true or false
If true -> Allow access
If false -> Deny access
End
When a request comes, the rule calls a custom function that returns true or false to decide access.
Execution Sample
Firebase
function isOwner() {
  return request.auth.uid == resource.data.ownerId;
}

allow read: if isOwner();
This rule uses a custom function to check if the user owns the data before allowing read.
Process Table
StepActionFunction CalledFunction ResultRule Decision
1Request receivedisOwner()EvaluatingPending
2Check if request.auth.uid equals resource.data.ownerIdisOwner()trueAllow read
3Access grantedNoneN/AAllow read
4EndNoneN/ARequest complete
💡 Function returned true, so access is allowed.
Status Tracker
VariableStartAfter Step 2Final
request.auth.uiduser123user123user123
resource.data.ownerIduser123user123user123
isOwner() resultN/Atruetrue
Key Moments - 2 Insights
Why does the function isOwner() return true or false?
Because it compares the user ID from the request with the owner ID in the data, returning true if they match (see execution_table step 2).
What happens if the function returns false?
The rule denies access immediately, stopping the request (not shown in this trace but would be the opposite of step 2).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the function result at step 2?
Afalse
Btrue
Cundefined
Derror
💡 Hint
Check the 'Function Result' column in execution_table row for step 2.
At which step is the access decision made?
AStep 2
BStep 3
CStep 1
DStep 4
💡 Hint
Look at the 'Rule Decision' column to see when access is allowed.
If request.auth.uid was different from resource.data.ownerId, how would the function result change?
AIt would still be true
BIt would cause an error
CIt would be false
DIt would be undefined
💡 Hint
Refer to variable_tracker and execution_table step 2 logic.
Concept Snapshot
Custom functions in Firebase rules let you reuse logic.
They return true or false to allow or deny access.
Called inside rules like allow read: if isOwner();
Helps keep rules clean and easy to manage.
Function runs each request to check conditions.
Full Transcript
When a request comes to Firebase, the security rules can call custom functions to decide if access is allowed. For example, a function named isOwner checks if the user ID making the request matches the owner ID of the data. If they match, the function returns true, and the rule allows the read. If not, access is denied. This process happens step-by-step: the request arrives, the function runs, returns true or false, and then the rule either grants or denies access. Using custom functions helps keep rules organized and easier to read.