Real-time Firebase database rules (everyone can read, but only edit the owner)

Question

Real-time Firebase database rules (everyone can read, but only edit the owner)

So far I have used this rule configuration

{
  "rules": {
    "items": {
      ".read" : true,
      "$uid": {
        ".read" : true,
        ".write": "auth != null && auth.uid == $uid"
      }
    }
  }
}

check and other directories omitted. / details / user1 / Item1 / items / user 2 / item1

Everyone can read catalog items and all user items (without personal items)

What I need?

flat array of elements

"items" : {
     "item1": {},
     "item2": {}
}

named userId as

"item1" : {
    "uid": "userId"
}

Only a user item can edit / delete it, but everyone can see it.

I was thinking about double items in different directories like

"public_items": {
         "item1": {},
         "item2": {}
}


"items": {
   "userId": {
      "item1": {},
      "item2": {},
   }
}

But this is not a good idea.

. , , , . , . https://firebase.google.com/docs/database/security/securing-data#read_and_write_rules_cascade

, ?

+4

nosql firebase firebase-database

toasty 25 . '16 15:22

1

adolfosrs · Accepted Answer · 2016-06-25T17:31:20+0000

/items/itemId/uid.

{
  "rules": {
    "items": {
        ".read" : true,
        "$itemId": {
            ".write": "(!data.exists() && newData.child('uid').val() == auth.uid ) || (data.child('uid').val() == auth.uid && newData.child('uid').val() == auth.uid)"
        }
    }
  }
}

- . , items. , (/itemId/uid), /. , .

Real-time Firebase database rules (everyone can read, but only edit the owner)

More articles: