At the moment i try to build a chat in flutter with google firebase. Now i would like my database more secure. That means only users (room_3) in chat can read and write data data.
Is it possible to check a path contains a user value and if the user value is contains allow read a other path?
Here my database structer:
/chat/product_id/product_id_12345/chat_room_id/room_1/message_1/message2...
My idea is i add in 'room_1' the user id. Then i check the user is contains in 'room_1'. If the user is contains i allow read and write data the complete path (message_1/message_2...).
If you have any questions fell free to ask me. Many thx.
CodePudding user response:
In the security rules for the messages
subcollection you can read the parent document and check whether the current user is in the user_id
field with:
...
match /messages/{message} {
allow read:
if request.auth != null &&
request.auth.uid in
get(/databases/$(database)/documents/chat_room/$(chat_room_id)).data.user_id
}