TechQA.

Firebase user write/read rules based on data objects

2.2k views Asked by At

I'm using firebase and my users are set up like this:

{
    "firebase-account-123": {
        "users": {
            "simplelogin:1": {
                "properties"{ "name": "john doe", "email": "[email protected]" }
                "children": {
                    "simplelogin:2":{ "name": "user 2", "email": "[email protected]" },
                }
            },
            "simplelogin:2": {
                "properties"{ "name": "user 2", "email": "[email protected]", "disabled": false }
            }
        }
}

I have "children" which account managers should have access to. I'm new to this and I'm trying to solve some permissions problems I'm having.

My rules currently only allowing the users to read/write their own data.

".read": "auth.uid == $userid", ".write": "auth.uid == $userid"

Does anyone know how I could make it so they also have the ability to write/read data (maybe just in the properties object) for users that are listed in their "children" object?

javascript firebase firebase-security firebasesimplelogin
Original Q&A
2

There are 2 answers

2
Rob DiMarco On BEST ANSWER

If you want to allow the user-ids listed under the children bucket to read and write data as well, try using the hasChild() method in your security rules.

For example, using the same data structure that you outlined above:

{
  "rules": {
    ".read": false,
    ".write": false,
    "users": {
      "$userid": {
        ".read": "auth.uid == $userid",
        ".write": "auth.uid == $userid",
        "properties": {
          ".read": "root.child('users').child(auth.uid).child('children').hasChild($userid)"
        }
      }
    }
  }
}
2
Frank van Puffelen On

Something like this should do the trick:

".read": "auth.uid == $userid || root.child('users/'+auth.uid+'/children/'+$userid).exists()"

So this grants access to a node when:

  • it is the currently logged on user's own node
  • the currently logged on user has a child node with the node's id

I would recommend cleaning up your data structure a bit to remove the duplicate data in the children:

{
    "firebase-account-123": {
        "users": {
            "simplelogin:1": {
                "properties"{ "name": "john doe", "email": "[email protected]" }
                "children": {
                    "simplelogin:2": true
                }
            },
            "simplelogin:2": {
                "properties"{ "name": "user 2", "email": "[email protected]", "disabled": false }
            }
        }
}

Related Questions in JAVASCRIPT

Related Questions in FIREBASE

Related Questions in FIREBASE-SECURITY

Related Questions in FIREBASESIMPLELOGIN

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions