3

I'm the Android app developer, and I'm using Firebase Realtime Database. I want to make an app that when users who want to use my app can save something like the text in their repository. But when I save the text in my app, other users who download my app can see my unique saved text. Firebase Realtime Database rules like this. But they didn't work. Please tell me how to use private node in Realtime Database.

{
  "rules": {
    "messages": {
      "$user" : {
        ".read" : "$user === auth.uid",
        ".write" : "$user === auth.uid"
      }
    }

  }
}

enter image description here

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
H.JiMan
  • 269
  • 1
  • 2
  • 10

2 Answers2

0

You also need to check if the auth rules are null. If yes, then not allow anyone to access the information. Also, you need to use a wildcard, instead of a static $uid value. So, put this inside the messages node. So, as you want people to write in the messages node, but only those who are owners to see the message, this is the code for it:

{
  "rules": {
    "messages": {
       "${uid}": {
         ".read": "auth.uid != null",
         ".write": "auth.uid != null && auth.uid == uid"
       }  
    }
  }
}
Gaurav Mall
  • 2,372
  • 1
  • 17
  • 33
0

I think the rules below do the trick. The codes snippet:auth.uid == $uid makes sure that only the owner of the node has writing rights while auth != null makes sure that only users logged in to your app can read from it.

{
  "rules": {
    "messages": {
      "$uid" : {
        ".read" : "auth != null",
        ".write" : "auth.uid == $uid"
      }
    }
  }
}

Another StackOverflow Question may also be useful for you if the situation becomes a little more complex.

Gaurav Mall
  • 2,372
  • 1
  • 17
  • 33
BramH
  • 221
  • 5
  • 24