my app have an admin panel, and i would like to set firebase rules so that only admin are allowed to put new products or items in certain firebase.Child
i want the only users from the child("Admins") would be allowed to write into other categories like Work, private, video, so how to make a child from a reference like Admins only be able to access other children ?
this is my current firebase-RealTime Rules.
{
"rules": {
"Admins": {
".read": true,
".write": false
},
"Users": {
".read": true,
".write": true,
".validate": "newData.hasChildren(['name', 'phoneNumber', 'uid'])",
"name": {".validate": true},
"phoneNumber": {".validate": true},
"uid": {".validate": true},
"$other": {".validate": false}
},
"PrivateWork": {
".read": "auth.uid != null",
".write": false
},
"Likes": {
".read": "auth.uid != null",
".write": "auth.uid != null"
},
"Work": {
".read": "auth.uid != null",
".write": false
},
"videos": {
".read": "auth.uid != null",
".write": false
}
}
}
CodePudding user response:
To allow admins global write access, you can add a single top-level rule like this:
{
"rules": {
".write": "root.child('Admins').child(auth.uid).exists()",
"Admins": {
...
Since permission cascades downwards, this will also grant them access on all child nodes.