1

I'm very new to firebase and I have been attempting to create rules that allow access to all the data aside from the "private_info" object. I have tried numerous ways to avoid it from just cascading over and making everything readable or not however, I have not been successful in stopping read access to that (if its even possible).

Data Structure: 

{
    "usersRef": {
       "Not_UID_Other_Random_Key": {
          "item_info": {
             "contactEmail": "Test",
             "contactPhone": "Test",
             "itemDate": "2018-10-15",
             "itemDescription": "Test",
             "itemName": "Test",
             "location": "{\"lat\":38.980166804362646,\"lng\":-76.94037550926208}"
          },
          "private_info": {
             "email": "hi@gmail.com",
             "userId": "randomkey"
          }
       }
    }
 }

Rules:

I have been reading and restructuring my data and I understand that it would be best to store items by UID and not by some random key generated by Push. These are the rules i have been playing with: 

 {
    "rules": {
       "item_info": {
          ".read": true,
          ".write": "auth !== null",
          "private_info": {
             ".read": false
          }
       }
    }
 }
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Cricket
  • 11
  • 2
  • You'll typically want to separate the public and private information into separate top-level nodes. E.g. `item_info/$key/...` and `/private_info/$key/...`. See https://stackoverflow.com/questions/38648669/firebase-how-to-structure-public-private-user-data, https://stackoverflow.com/questions/38921824/how-to-create-public-private-user-profile-with-firebase-security-rules, https://stackoverflow.com/questions/38921824/how-to-create-public-private-user-profile-with-firebase-security-rules – Frank van Puffelen Oct 15 '18 at 20:49

0 Answers0