Data Structure for Secured Nodes?

Question

Simple quoting tool. Want to show prices/pricing to 'dealers' only. Is this structure below appropriate?

If I put a more specific rule on the builds\$key\price node (to restrict price access) then it seems that non-dealers trying to read .once on builds\-Ke_yHGa-c-acXF5_J9B would fail.

So, must I build out a separate prices root node? I think so...?

and then

{
  "...some path...": {
     ".read": "root.child("dealers/" + auth.uid).val() === true"
  }
}

Thanks in advance.

{
  "builds" : {
    "-Ke_yHGa-c-acXF5_J9B" : {
      "created" : 1488843260381,
      "last modified" : false,
      "model" : "1VR",
      "price" : "1999.00",
      "status" : "saved",
      "title" : "test build",
      "uid" : "q5b9AJgWATdbNF5y2JZctitx1Qx2"
    }
  },
  "dealers" : {
    "DsZ1wSUOmsceMKqCKLZwhpg1vjA3" : true,
    "R9s2qY6p87cas750wJz5wAB3sfJ3" : false,
    "q5b9AJgWATdbNF5y2JZctitx1Qx2" : true
  },
  "users" : {
    "DsZ1wSUOmsceMKqCKLZwhpg1vjC2" : {
      "displayName" : "Eric Doe",
      "photoUrl" : "http://abs.twimg.com/sticky/default_profile_images/default_profile_3_normal.png",
      "provider" : "twitter.com"
    },
    "R9s2qY6p87cas750wJz5wAB3sfk5" : {
      "displayName" : "Ron Royston",
      "email" : "rrrrrrrr@gmail.com",
      "provider" : "password"
    },
    "q5b9AJgWATdbNF5y2JZctitx1Qx2" : {
      "displayName" : "Ron Royston",
      "photoUrl" : "http://pbs.twimg.com/profile_images/809222728456675365/C-rlXjaN_normal.jpg",
      "provider" : "twitter.com"
    }
  }
}

Answer 1

Firebase security rules allow access to complete nodes. Once you grant access to a node, you cannot take that access away at a lower level. So you cannot have rules that allow a user access to all properties, except for the price.

If the price needs different security rules than the other parts of that node, you will indeed need to pull the prices out of that node/branch.

For a similar scenario, see my answer here: How to create public/private user profile with Firebase security rules?