I have Firebase data structured in a little something like this:
+ tasks
+ task_id
+ title
+ user
+ ...
+ users
+ ...
From the external interface (using AngularJS and AngularFire (plus the built-in SimpleLogin)) - when a user registered as a user creates a task, a user uid (for example, simplelogin: 2) is placed in the user part of the task, created.
When a user logs in, they can only view their tasks using:
$firebase( ref.orderByChild('user').equalTo(User.uid) );
The next step is to protect the data that I'm afraid of. I tried:
"tasks": {
".indexOn": ["user", "order"],
".write": "auth != null",
".read": "auth != null && data.child('user').val() == auth.uid",
"$task": {
"title": {
".validate": "newData.isString() && newData.val().length <= 1000"
},
"completed": {
},
"time_added": {
".validate": "newData.val() <= now"
},
"order": {
},
"user": {
".validate": "newData.val() != null && newData.val() == auth.uid"
},
"$other": {
".validate": false
}
}
}
and:
"tasks": {
"$task": {
".indexOn": ["user", "order"],
".write": "auth != null",
".read": "auth != null && data.child('user').val() == auth.uid",
"title": {
".validate": "newData.isString() && newData.val().length <= 1000"
},
"completed": {
},
"time_added": {
".validate": "newData.val() <= now"
},
"order": {
},
"user": {
".validate": "newData.val() != null && newData.val() == auth.uid"
},
"$other": {
".validate": false
}
}
}
However, I get:
Error: permission_denied: the client does not have permission to access the required data.
Where am I going wrong?