0

I want to build a chat app where chatroom admins can manage multiple rooms and the admin privileges are granted based on which groups they are in. Most of the domain data is in another db and I want to keep it there. When I created the token I did:

var token = tokenGenerator.createToken({ uid: "uniqueId1", groupIDs:[1,2,3] });

In the security rules I want to get something like if the auth object has groupID 2 or not. If yes then the admin can access the room. But I couldn't figure out how I can iterate though the groupIDs in the firebase security rules using auth.groupIDs.

I can probably go with var token = tokenGenerator.createToken({ uid: "uniqueId1", 1:true, 2:true, 5:true }); instead of array. But still because the object keys are dynamic I don't know how to access them in the security rules. Any suggestions?

Thanks!

theseadroid
  • 471
  • 5
  • 19
  • 1
    Instead of storing this data in the token, put it directly into the data, such as `/admins/$groupid/$uid/true`, and then use `"root.child('admins').child($groupid).child(auth.uid).exists()"`. To work with your current structure, try auth.groupIds[ $groupid ] === true. – Kato Oct 14 '15 at 22:33
  • Then each time the user leaves a group for example I have to update the firebase collection. It's easier to invalidate their token and regenerate than keep the data in sync in two places... – theseadroid Oct 15 '15 at 00:09
  • Solved by this: http://stackoverflow.com/questions/15952885/firebase-json-security-and-arrays/15953488#15953488 – theseadroid Oct 15 '15 at 01:08
  • I can't really understand how invalidating an auth token, logging the user out, creating a new auth token, and logging the user back in is simpler than `ref.remove()`, but I obviously don't understand your use case. Cheers. – Kato Oct 15 '15 at 20:11

0 Answers0