In Firebase I have a users
"node", which looks like:
users: {
someUid: {
username: 'someUsername'
activeConversations: {},
profile_picture: ''
... lots of other children
},
...
},
anotherNode: {
},
... hundreds of other nodes
My rules right now:
{
"rules": {
".read": true,
".write": true,
"users": {
".indexOn": [
"username"
]
},
"friendRequests": {
".indexOn": [
"timeSent"
]
}
}
}
What I want to do is restrict child's access in the users
"node" only to the client who owns the child. So for instance, the someUid
child should only be writeable by the client with uid someUid
. Other "node" like anotherNode
can be writeable / readable by any logged-in client.
Also, any logged-in client should be able to write on profile_picture
and activeConversations
in the users
doc.
How can I achieve that without having to put a read/write rule on every single node?
Thank you