BLOG POST

December 17th, 2020

When I first started putting together this project, I set everything up on firebase to the default developer settings. These settings allowed me to quickly test the functionality of my Firestore and Firestorage. I loved this option because it allowed me to start creating immediately and worry about setting up permission rules at a later date. When it came time to deploy the the first iteration of my Blog-Ception site; I couldn't avoid it any longer, I had to learn how to write permission rules for Firebase. Up to this point I had never written any sort of formal permissions code to manage my database. This was going to be a huge undertaking for me. But I was up to the task.

Luckily, writing rules for Firebase is easier than writing content for a blog. Firebase has amazing documentation for every service and it has very clear sample examples of the syntax required for each level of security from development to deployment. But learning the syntax was only half the battle. The real challenge happened when I implemented what I thought would be the most secure database rules. HAHA. Unfortunately, that broke my website because the site wasn't able to access the publicly available data necessary to render major components of the site. So, alas, I had to revisit the rules and be more intentional about thinking about who will need access to what and when. Once I understood what my true goal was with these security rules, I was able to quickly edit them to meet my specific needs. #build, break, learn.