1

So I have this db structure:

enter image description here

Under profile I want email & provider-name to be readable only for admin and Username readable for every logged in user. How I can achieve that?

Here is my rules:

{
   "rules": 
   {
     "users":
     {
       "$uid":
       {
         // grants write access to the owner of this user account whose uid     must exactly match the key ($uid)
        ".write": "auth !== null && auth.uid === $uid",
        "profile":
        {
          // grants read access only for registered users
          ".read": "auth !== null",
          "email":
          {
            // This doesn't work with firebase as I was reading doc.                      
            ".read": false
          }
        }
       }
     } 
   }
}
Dragod83
  • 2,127
  • 3
  • 17
  • 20
  • 1
    Firebase will only return a node when you have rights to read all data in that node. So you'll have to model your data so that you store the public and private data in separate top-level nodes. (https://www.firebase.com/docs/security/guide/securing-data.html#section-filter) – Frank van Puffelen Sep 26 '15 at 15:53
  • Could you please show me a simple example? – Dragod83 Sep 26 '15 at 16:15

1 Answers1

1

So after a bit of research and reading about denormalize structure I guess this way will work. The fact is that I'm tempted to nest, but probably is a bad idea on firebase.

{
       "rules": 
       {
         "users":
         {
           "$uid":
           {
             // grants write access to the owner of this user account whose uid must exactly match the key ($uid)
            ".write": "auth !== null && auth.uid == $uid",
            "public-profile":
            {
              // grants read access only for registered users
              ".read": "auth !== null"
            }
           }
         },
         "private-profile": 
         {
           "$uid":
           {
               ".read":  "root.child('users').child(auth.uid).child('role').child('admin').val() === 'true' && root.child('users').child('1').child('role').child('admin').val() === 'true'",
               ".write": "root.child('users').child(auth.uid).child('role').child('admin').val() === 'true' && root.child('users').child('1').child('role').child('admin').val() === 'true'"
           }
         }
       }
    }
Dragod83
  • 2,127
  • 3
  • 17
  • 20