How to set Firebase rules to allow only listed userid in a db (or a key or node or subset of a db) to r/w in another key/subset of the same database?
This link only mentioned of w/r of the same node/key/subset of a db.
What I want to set is for example the following db :
'SomeDB' : {
'ListOfUsers': {
'key1' : { 'key': 'key1', 'name' : 'name1' },
'key2' : { 'key' : 'key2', 'name':'name2'},
and so on...
},
{'SomethingForWR': 'Some Database'}
The rules should be read and write is only allowed for 'SomethingForWR' (which is part of 'SomeDB') if the 'auth.uid' is equal to one or one of the keys in 'ListOfUsers' (which is also part of 'SomeDB')
CodePudding user response:
If you want to check if a key exists in ListOfUsers
you can do so with:
root.child('ListOfUsers').child('keyYouWantToCheck').exists()
With that knowledge, your rule to allow a user access to SomethingForWR
if their UID exists in ListOfUsers
could be something like this:
{
"rules": {
...
"SomethingForWR": {
".read": "root.child('ListOfUsers').child(auth.uid).exists()"
}
}
}