How to block reading specific field in child in the firebase

Question

I have User which has a username, UID, email so I want the email field and UID cant reached because some users don't want to spam their email by reading its email child and in my app register to search Users is not required How can work with this problem?

I thought to make a tree that no one can read/write except the Firebase but it doesn't exist in the Firebase

EDIT

{
  "bdjsjd" : {
    "email" : "something1@gmail.com",
    "name" : "bdbsndnd",
    "username" : "bdjsjd"
  },
  "developer" : {
    "email" : "something2@gmail.com",
    "name" : "dev_mohammed",
    "username" : "developer"
  }
}

when I want to read this by key(the key is user's username)it will return the email as well but I want to return everything except the email field if the user doesn't want to get the email by anyone else him but can I do this?

Answer 1

Firebase will always returns complete nodes. So you can allow reading of each user's email and name nodes, and not of username. But if you allow reading of the user node (one level higher), there is no way to then exclude the username from the results.

To allow securing such a structure, you'll need to put the usernames in a different top-level node from the other details. Something like:

"profiles": {
  "bdjsjd" : {
    "email" : "something1@gmail.com",
    "name" : "bdbsndnd"
  },
  "developer" : {
    "email" : "something2@gmail.com",
    "name" : "dev_mohammed"
  }
},
"user_names": {
  "bdjsjd": "bdjsjd",
  "developer" : "developer"
}

Now you can give different permissions on /profiles and on /user_names.

Also see:

• How to create public/private user profile with Firebase security rules?
• Firebase: How to structure public/private user data
• Make a public profile and a private profile in angular 4+
• Create hidden user node using firebase realtime
• How to create public/private user profile with Firebase?