0
0
Firebasecloud~20 mins

Resource and request objects in Firebase - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Firebase Resource Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
What is the output of this Firebase Firestore security rule evaluation?
Given the following Firestore security rule snippet, what will be the result of a read request if the document's field ownerId matches the request.auth.uid?
Firebase
service cloud.firestore {
  match /databases/{database}/documents {
    match /users/{userId} {
      allow read: if resource.data.ownerId == request.auth.uid;
    }
  }
}
AThe read request is allowed only if the userId path variable matches request.auth.uid.
BThe read request is always allowed regardless of the authenticated user.
CThe read request is denied because resource.data is not accessible in read rules.
DThe read request is allowed only if the authenticated user's ID matches the document's ownerId.
Attempts:
2 left
💡 Hint
Remember that resource.data refers to the existing document data and request.auth.uid is the authenticated user's ID.
🧠 Conceptual
intermediate
1:30remaining
Which Firebase request object property contains the data sent by the client in a write operation?
In Firebase security rules, when a client tries to write data, which property of the request object holds the new data the client wants to write?
Arequest.resource.data
Brequest.data
Crequest.auth.token
Drequest.writeData
Attempts:
2 left
💡 Hint
Think about the difference between resource and request.resource.
Architecture
advanced
2:30remaining
Which Firebase security rule correctly restricts document deletion to the document owner only?
You want to allow only the owner of a document to delete it. The document has a field ownerId. Which rule correctly enforces this?
Aallow delete: if request.auth.uid == resource.data.ownerId;
Ballow delete: if request.resource.data.ownerId == request.auth.uid;
Callow delete: if request.auth.uid != resource.data.ownerId;
Dallow delete: if request.auth.token.owner == resource.data.ownerId;
Attempts:
2 left
💡 Hint
Remember that resource.data is the current document data before deletion.
security
advanced
2:00remaining
What error occurs if you try to access resource.data in a create request where the document does not exist yet?
In a Firestore security rule for a create operation, what happens if you try to read resource.data?
AIt returns the data being created from <code>request.resource.data</code>.
BIt causes a runtime error because <code>resource.data</code> is undefined on create.
CIt returns null because the document does not exist yet.
DIt returns an empty map {}.
Attempts:
2 left
💡 Hint
Think about the difference between existing data and new data during create.
Best Practice
expert
3:00remaining
Which Firebase security rule snippet best prevents unauthorized updates to a user's email field?
You want to allow users to update their documents but prevent them from changing the email field. Which rule snippet enforces this correctly?
Aallow update: if request.auth.uid == resource.data.ownerId && request.resource.data.email == request.auth.token.email;
Ballow update: if request.resource.data.email == resource.data.email;
Callow update: if request.resource.data.email != resource.data.email;
Dallow update: if request.auth.uid == resource.data.ownerId;
Attempts:
2 left
💡 Hint
Compare the new email field with the existing one to detect changes.