0

I have database json structure as:

{
  "notifications" : {
    "approved" : {
      "notification_1" : {..},
      "notification_2" : {..},
      "notification_4" : {..},
      "notification_6" : {..}
    },
    "pending" : {
      "notification_3" : {..},
      "notification_5" : {..},
      "notification_7" : {..},
      "notification_8" : {..}
    }
  },
  "users" : {
    "some_user" : {
      "sent_notifications" : {
      "notification_1" : "notification_1",
      "notification_2" : "notification_2",
      "notification_4" : "notification_4",
      "notification_6" : "notification_6"

    }
  }
}

Security rules are as:

{
  "rules": {
    "notifications": {
      "approved": {
        ".read" : true,
        ".write" : "auth.uid === 'admin'"
      },
      "pending": {
        ".write" : "auth != null && (newData.child('by_user').val() === auth.uid || auth.uid === 'admin')",
            "$id" : {
            ".read" : "data.child('by_user').val() == auth.uid || auth.uid == 'admin'"
          }
      }
    },
    "users" : {
      "$user_id":{
        ".read" : "auth.uid === $user_id",
        ".write": "auth.uid === $user_id"
      }
    }
  }
}

Here, 'sent_notifications' stores notification id's which were added by user. On client side(Android), I wish to get list of those objects from notifications/approved, and notifications/pending, whose keys are in 'sent_notifications'. When a user sends a notification, that notification data goes in 'pending' and the key of that notification is stored in 'sent_notification'. After moderation admin would then move the data from pending to approved node. With any method I find myself doing a lot of queries on server to get all the nodes one by one. I need a better way to do this.

I am a newbie to firebase database. This may not be the best way to implement the database structure. I needed notifications/approved to be visible to general public and notifications/pending/$id to be visible only to user who is sending notification. This is the reference for above structure. If there is better way to implement it, please help me with that as well.

KENdi
  • 7,576
  • 2
  • 16
  • 31
Rohit
  • 475
  • 4
  • 18

1 Answers1

1

One option would be as follows:

  1. Have the master list of all notifications (all users, pending and approved) under /notifications/ and grant read access only to the individual notifications (/notifications/$id) so that you must know the ID in order to read the notification.

  2. Have an /approved_notifications/ list that just contains the notification IDs of approved notifications (just use the ID as the key and set the value to true or similar).

  3. Have a /users/$user_id/sent_notifications/ list that again just contains the notification IDs of approved notifications.

  4. If necessary have a /pending_notifications/ list as well, that again just contains IDs of notifications.

Basically you have one master list of notifications and then several "light" lists that "point" into that master list. Since the master list requires you to know the ID in order to read an individual post, users can't just read the list directly (you could also redundantly store a pending / approved flag inside the notification and have further security rules based on that if you wanted).

Michael Lehenbauer
  • 16,229
  • 1
  • 57
  • 59
  • Assuming first I get a list of all the notification id's that needs to be fetched, is there a function in android sdk with which i can get data from all the paths in one request i.e. /notification/id1, /notification/id2 and so on, when permission is given on individual ids? – Rohit Jun 29 '17 at 17:04
  • 1
    There is not, but the SDK and backend are optimized to handle lots of individual event listeners efficiently, so calling addEventListener() for each one should be fairly cheap. – Michael Lehenbauer Jun 29 '17 at 21:38