The javascript project I'm working on provides a way for users to purchase a "virtual" item, which allows them to access to the information about it. For example, purchasing a recipe.
The way I've structured my database is the following;
Database:
Reference:
Item:
Item Information
Users:
Purchases:
Item
When the customer purchases something, a function runs that copies the order data into the "Users" string, as a purchase. From here, I need a way for the user to be granted access to the "Item" object in the reference section to see the "Item Information", to see the information about what was just purchased.
Is there something similar to a list of authorised users in the security rules that can be dynamically changed to achieve this?
CodePudding user response:
There is nothing built into Firebase Authentication of Firebase Realtime Database (or its security rules) for this, but you can likely build it on top.
If you want to grant the user access to each item that they purchased, you'd have rules that look something like this:
{
"rules": {
"Items": {
"$itemId": {
".read": "root.child('Users').child(auth.uid).child('Purchases').child($itemId).exists()"
}
}
}
}
So the .read
rule here checks if the item the user is trying to read also exists under the list or Purchases
for that user in the database.