I have setup a basic security rules of firebase realtime database for this question. Before I jump to the problem, I have created a Flutter mobile app with GetX and also I have installed http: ^0.13.4 plugin for querying.
Here is how I set the security rules
{
"rules":{
".read" : "auth.uid !== null && auth.token.email_verified == true",
".write" : "auth.uid !== null"
}
}
So basically, I want users to be able to read the data if they are authenticated and email verified.
And for write rule, only if the user is authenticated and the custom claims of isAdmin is set to true. For isAdmin, I don’t know to set it in the security rules.
Is it something like this?
"auth.uid !== null && root.child('isAdmin').val() == true"
Anyways, my problem is how to query using http plugin on client side?
Here is a sample of GET query
Uri url = Uri.parse('URL HERE with /.json file');
getIPTIdAndName() async {
iptList.value = [];
await http.get(url, headers: {"Authorization": FirebaseAuth.instance.currentUser!.uid}).then(
(value) {
var response = json.decode(value.body) as List<dynamic>;
for (var i = 0; i < response.length; i++) {
iptList.add({
"iptIndex": i,
"iptId": response[i]['id'],
"iptName": response[i]['name']
});
}
iptList.refresh();
},
);
}
How to query if the security rules is set?