firebase rules for Realtime Database

0
votes

i have a db:

-users

--UserUid#1
---name:alex
---isUser:true
---isModer:false

--UserUid#2
---name:valder
---isUser:false
---isModer:true
---users
----UserUid#1:true

when user (isUser:true) register in the app he filling another user uid (which have a property isModer:true) and add self uid to his profile (UserUid#2 -> users -> UserUid#1:true).

I have trouble with security rules. As i understand any others who have my db name can edit db. So i found in docs an example

"rules": {
    "some_path": {
      "$uid": {
        ".read": true,
        // or ".read": "auth.uid != null" for only authenticated users
        ".write": "auth.uid == $uid"
      }
    }
  }

But i have a trouble: how to do that if user indicates in registration a some uid just him can edit this uid

1
firebasefirebase-realtime-databasefirebase-security

1 Answers

0
votes

I`m not sure if i understand your problem correctly:

If you need to ad your new user's uid to Moder user's account in your db, then maybe the easier will be to use firebase functions, you can set function to listen at db path, and when new wuser will appear get data from him and write his uid in "UserUid#2 -> users -> UserUid#1:true".

Some official video from firebase: https://www.youtube.com/watch?v=Bdm7QNwSHOg

From database you can write and read with admins priority so you don`t need to handle this in ruleset.

If you really need to do this with ruleset, then maybe easier will be to rebase your json a bit, writing rules for nested data is harder.

You can read about this here: https://firebase.google.com/docs/database/android/structure-data