I am trying to get a rule set working to allow users to see there own data...

My current rule set is:

{
  "rules": {
    ".read": "root.child('users').child(auth.uid).child('admin').val() === true",
    ".write": "root.child('users').child(auth.uid).child('admin').val() === true",
    "users": {
      ".indexOn": ["active"],
      "$user_id": {
        ".read": "$user_id === auth.uid",
        ".write": "$user_id === auth.uid"
      }
    },
    "active_alerts": {
      ".indexOn": "alert_id"
    },
    "trips": {
      ".indexOn": "archive",
      "$trip_id": {
            ".read": "data.child('who_called').child('key').val() === root.child('users').child(auth.uid).child('customer').child('key').val()",
        "notes": {
          "$note_id": {
            ".read": "data.child('display').val() === true"
          }
        }
      }
    }
  }
}

The user path has data that looks like this:

{
  "active" : true,
  "admin" : false,
  "customer" : {
    "key" : "-Ldsu71CgIJxh1DVTTCP",
    "name" : "Demo Customer"
  },
  "email" : "[email protected]",
  "last_login" : "2019-05-02T18:34:26.466Z",
  "name" : "Demo",
  "primary_phone" : "4197460180",
  "typeahead" : "demo"
}

and the matching item in /trips:

{
  "airline" : {
    "key" : "195",
    "name" : "AAL"
  },
  "archive" : false,
  "arrival_airport" : {
    "code" : "PHL",
    "icao" : "KPHL",
    "key" : "108",
    "name" : "Philadelphia",
    "timezone" : "America/New_York"
  },
  "bill_to" : {
    "key" : "-LdqFpqAOm-dOl9xBtp2",
    "name" : "AGT Global Logistics "
  },
  "consignee" : {
    "key" : "-LdqHNMzPrP9epp_W-DS",
    "name" : "Exelon Peach Bottom"
  },
  "customer_reference" : "124914",
  "departure_airport" : {
    "code" : "MKE",
    "icao" : "KMKE",
    "key" : "90",
    "name" : "Milwaukee",
    "timezone" : "America/Chicago"
  },
  "last_update" : "2019-05-02T18:02:57.274Z",
  "level" : {
    "key" : "-LWlODaCFUcejExn41Rr",
    "name" : "Next Flight Out"
  },
  "milestones" : [ {
    "airport" : {
      "code" : "MKE",
      "icao" : "KMKE",
      "key" : "90",
      "name" : "Milwaukee",
      "timezone" : "America/Chicago"
    },
    "flight_time" : "2019-05-02T12:33:00.000Z",
    "status" : {
      "key" : "4",
      "name" : "completed"
    },
    "type" : {
      "key" : "0",
      "name" : "Picked up"
    }
  }, {
    "airport" : {
      "code" : "MKE",
      "icao" : "KMKE",
      "key" : "90",
      "name" : "Milwaukee",
      "timezone" : "America/Chicago"
    },
    "flight_time" : "2019-05-02T13:51:00.000Z",
    "status" : {
      "key" : "4",
      "name" : "completed"
    },
    "type" : {
      "key" : "1",
      "name" : "Dropped to departure airport"
    }
  }, {
    "airline" : {
      "key" : "195",
      "name" : "AAL"
    },
    "airport" : {
      "code" : "MKE",
      "icao" : "KMKE",
      "key" : "90",
      "name" : "Milwaukee",
      "timezone" : "America/Chicago"
    },
    "alert_id" : 29624287,
    "flight_number" : "4883",
    "flight_time" : "2019-05-02T16:28:03.000Z",
    "ident" : "PDT4883-1556601968-airline-0144",
    "img_url" : "....",
    "note" : "arrival ~ PDT4883 arrived at PHL from MKE",
    "status" : {
      "key" : "4",
      "name" : "completed"
    },
    "type" : {
      "key" : "2",
      "name" : "Departed Airport"
    }
  }, {
    "airline" : {
      "key" : "195",
      "name" : "AAL"
    },
    "airport" : {
      "code" : "PHL",
      "icao" : "KPHL",
      "key" : "108",
      "name" : "Philadelphia",
      "timezone" : "America/New_York"
    },
    "alert_id" : 29624287,
    "flight_number" : "4883",
    "flight_time" : "2019-05-02T18:02:00.000Z",
    "note" : "arrival ~ PDT4883 arrived at PHL from MKE",
    "status" : {
      "key" : "4",
      "name" : "completed"
    },
    "type" : {
      "key" : "4",
      "name" : "Arrived Airport"
    }
  }, {
    "airport" : {
      "code" : "PHL",
      "icao" : "KPHL",
      "key" : "108",
      "name" : "Philadelphia",
      "timezone" : "America/New_York"
    },
    "flight_time" : "2019-05-02T20:00:00.000Z",
    "status" : {
      "key" : 0,
      "name" : "planned"
    },
    "type" : {
      "key" : "6",
      "name" : "Out for delivery"
    }
  }, {
    "airport" : {
      "code" : "PHL",
      "icao" : "KPHL",
      "key" : "108",
      "name" : "Philadelphia",
      "timezone" : "America/New_York"
    },
    "flight_time" : "2019-05-02T21:30:00.000Z",
    "status" : {
      "key" : 0,
      "name" : "planned"
    },
    "type" : {
      "key" : "7",
      "name" : "Delivered"
    }
  } ],
  "pieces" : [ {
    "description" : "Valves",
    "height" : "11",
    "length" : "27",
    "qty" : "1",
    "units" : {
      "key" : "2",
      "name" : "IN"
    },
    "weight" : "50",
    "weight_units" : {
      "key" : "3",
      "name" : "LBS"
    },
    "width" : "19"
  } ],
  "protect_time" : "2019-05-02T21:30:00.000Z",
  "ready_time" : "2019-05-02T13:00:00.000Z",
  "shipper" : {
    "key" : "-LdqG3I48m662R7ABa5i",
    "name" : "FAIRBANKS MORSE - MKE"
  },
  "trip_id" : "LFC-155676269",
  "trip_notes" : [ {
    "date_time" : "2019-05-02T10:29:43.892Z",
    "display" : true,
    "note" : "delay ~ Philadelphia Intl (PHL) is experiencing all inbound flights being held at their origin due to low clouds"
  }, {
    "date_time" : "2019-05-02T13:05:52.708Z",
    "display" : true,
    "note" : "filed ~ PDT4883 (E145) filed to depart MKE @ Thu (02 May) 16:24 GMT for PHL @ ETA 18:09 GMT (02 May)  (UECKR5 SAMPL ADIME GERBS J146 CXR EWC JST BOJID2)"
  }, {
    "date_time" : "2019-05-02T14:51:00.000Z",
    "display" : true,
    "note" : "Shipment has been manifested onto flight AA4883 - TC"
  }, {
    "date_time" : "2019-05-02T16:28:31.325Z",
    "display" : true,
    "note" : "departure ~ PDT4883 (E145) departed MKE @ 16:28 GMT for PHL ETA 18:13 GMT"
  }, {
    "date_time" : "2019-05-02T18:02:57.274Z",
    "display" : true,
    "note" : "arrival ~ PDT4883 arrived at PHL from MKE"
  } ],
  "who_called" : {
    "key" : "-Ldsu71CgIJxh1DVTTCP",
    "name" : "Demo Customer"
  }
}

as you can see, the customer.key and who_called key match, but the user is still not able to see the data. Not sure what I am doing wrong here in the whole rule set. Your help is appreciated!

1 Answers

1
hazelcodes On Best Solutions

To allow users see trips added by them use the query-based rules like this;

"trips": {
  ".indexOn": "archive",
  ".read": "auth.uid != null && query.orderByChild == 'who_called/key' &&
        query.equalTo == root.child('users/' + auth.uid + '/customer/key').val()",
  "$trip_id": {
        ".read": "data.child('who_called').child('key').val() === root.child('users').child(auth.uid).child('customer').child('key').val()",
    "notes": {
      "$note_id": {
        ".read": "data.child('display').val() === true"
      }
    }
  }
}

Only restriction with this is you cannot access the user's trips without using the query specified in the rule. That means you can't access the trips like this;

firebase.database().ref('users/USERID/customer/-Ldsu71CgIJxh1DVTTCP)

It has to be done like

firebase.database().ref('trips').orderByChild('who_called/key')
.equalTo('-Ldsu71CgIJxh1DVTTCP')

I've tried it and it works. Hope it helps