React devs might find this archived course helpful to reference, but this course has been updated! We now recommend you take the Firebase Fundamentals course.
Transcript from the "Verifying Security Rules" Lesson
[00:00:00]
>> Steve Kinney: Let's modify that add post for a second. And what we'll do, we're gonna change this in a little bit, but we'll say uid, displayName and email. And photoURL, we're not using all those, but Say auth,
>> Steve Kinney: .currentUser. All right, so that's that same user that when we logged in, we logged into the console that had all that other stuff on it.
[00:00:36] We have access to that user off the auth object if they are logged in. So in the event that they're not trying to de-structure that object, it's gonna blow up, so I'll just start with an empty object.
>> Steve Kinney: And now basically, let's actually do this.
>> Steve Kinney: So now this will be the current user when we go ahead and make a few, unless I've made some terrible mistake.
[00:01:04] So let's sign in.
>> Steve Kinney: Cool, I'll make one more.
>> Steve Kinney: All right, we'll look back at the database, do a quick refresh. We should see our two documents. There they are, and now you can see there is my uid and the actual correct user information. So I can go ahead, I'm gonna delete this one.
[00:01:54] It's gone, then I sign out, shouldn't be able to read anything while signed out. Cool, that didn't work. And I'm gonna sign in again, different Google account.
>> Steve Kinney: Still can't delete it, right? The snapshots does try to do the optimistic update, so you see it vanish for a second.
[00:02:18] And then when it doesn't work out, it puts it right back where it was. But it never actually leaves the database, which is the important part. Now, if we were better front end engineers we wouldn't show a delete button in the event [LAUGH]. So that flash is not necessarily as big of a deal, cuz we wouldn't let them see the button, and stuff like that.
[00:02:38] But it does give us a way to at least protect the integrity of our data. Right, cuz trying to do everything client side is not a secure way to go about it. All they have to do is open up the developer tools and they have all your hacks, right?
[00:02:53] So this gives you a way to insure your data.