My Firebase security rules look as follows:
"users": {
"$uid": {
// grants write access to the owner of this user account whose uid must exactly match the key ($uid)
".write": "auth !== null && auth.uid === $uid",
// grants read access to any user who is logged in with an email and password
".read": "auth !== null && auth.provider === 'password'"
}
},
In addition, I have a custom userId
, which I store in users/$uid
. So as an example my users/$uid
look as follows:
users
/$uid
/email: [email protected]
/userId: "foobargayid123456"
I use this userId in other nodes, for example the node profile_pictures
to set the dependencies:
profile_pictures
/userId
/thumbnail: "datablabla"
Question
How can I set the security rules in firebase for the node profile_pictures such that only user with id: users/$uid/userId
can .write
the node profile_pictures/userId
I think this is what you're looking for.