I want to write a rule that will allow the user to read if and only if the nested child has the userId same as the auth uID
My database structure is as follows
"Chats":{
"-KDKndo4sg47f7s9":{
"-KDlmsn4hj4h4jk2n":{
"fromId" : "uid1234n5g3h34g5g5h33j33g4g43h3h3"
"text" : "Hi, Can you please help me on this?"
"toId" : "uid234553sdfj3n4hjjh3jk3h3jk4k4nm3m3"
}
}
}
In this database structure, the -KDKndo4sg47f7s9
is groupId/group key and -KDlmsn4hj4h4jk2n
is messageId/message key.
Here is my rule
"Chats":{
"$groupId":{
".read": "data.child('$messageId').child('fromId').val() === auth.uid" ,
".write":"newData.child('$messageId').child('fromId').val() === auth.uid"
}
}
I tested read access to the rule by using the location
/Chats/-KDKndo4sg47f7s9
and userId “uid1234n5g3h34g5g5h33j33g4g43h3h3”
The read and write are always denied. But if I'm writing the rule by passing the key directly as below
"Chats":{
"$dealId":{
".read": "data.child(‘-KDlmsn4hj4h4jk2n’).child('fromId').val() === auth.uid" ,
".write":"newData.child(‘-KDlmsn4hj4h4jk2n').child('fromId').val() === auth.uid",
}
}
Both read and write are allowed. In short, I don't want to allow one user to read another user's messages. Please help me on this. Thanks in advance.