0

So I am trying to give premission to read data from the parent but I am not sure what I am doing wrong, probably some syntax but I tryed a lot of combinations and I cant figure out why, what is the proper way to do it? Thanks in advance!

tryed a lot of combinations with "}" but Its always says my syntax is wrong

  "rules": {
"ca": {    
  "$date": {
       "$game": { 
                  ///if($game.hasChild(auth.uid))
           "$uid":{
              ".read": "$uid === auth.uid",
          ".write": "$uid === auth.uid"
          }
        }
      }
    }
}

if the user is from $game so is allowed to read data from there as well as read is own data.. Thanks!

Spec
  • 35
  • 1
  • 2
  • 5

1 Answers1

0

Firebase security rules do not by themselves filter data.

If you want to retrieve only data that has a certain child, you'll need to query on the value of the child. E.g. ref.orderByChild("first_letter").startAt("A").endAt("Z"). Once you have such a query, you may be able to enforce it with query based security rules.

But your structure hints at a scenario that isn't well modeled. Your current data model makes it easy to find the users for a game, it does however not make it easy to find the games for a user. To make that equally easy, you'll need to add a secondary data structure where you store the game (IDs or data) for each user.

So something like:

"user_games": {
  "$uid": {
    "$gameid": true
  }
}

Also see:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807