1

I'm trying to learn Firebase Rules so I can set up a web app where users can create groups. Only the users that created the groups (or have access to them) should be able to see them if they are set up to be Private.

I've been banging my head against the wall reading the available tutorials but I can't seem to find anything that even supports what I'm attempting.

Maybe I'm looking at it the wrong way, or even may need a different kind of Data Structure to achieve this.

Anyway, my data structure is as follows:

Data Structure

And the rules I'm attempting to use to achieve it:

Firebase Rules

I'm using Simple Login to SignUp and Authenticate new/existing users.

Could I please get some help on this ? Thanks.

EDIT

I've changed my data structure a bit, and managed to restrict READ to a certain user when trying to READ a certain group.

However, I'm still not getting the desired result. Using Angular, when I get the groups object referencing root/groups from firebase, I don't get any matches, and it returns empty.

I expected the following:

  • Getting the RlyNew group when logged in as user@user.com;
  • Getting no groups when logged in as admin@admin.com

Is this even possible ?

jsfrocha
  • 1,812
  • 2
  • 21
  • 32
  • As the linked post explains, security rules cannot be used to filter or query data. If any part of the data is inaccessible, then it's all inaccessible. Maintain an index of groups each user belongs to and query those individually instead of iterating them. – Kato Jul 01 '14 at 17:52
  • Hi and thanks for the answer, could you please submit an answer detailing the suggested data structure and ruling to enforce it, so I can accept it for future reference ? Thanks again. – jsfrocha Jul 01 '14 at 18:49

0 Answers0