DoK
Reputation: 871
Member based security
I have the following data structure and I like to grant write access on project1...projectN only to users listed in members list of the specific project. For authentication I am using the Simplelogin mechanism.
Data structure
|---projects
| |---project1
| | |---members
| | |---simpleloginXXX : true
| | |---simpleloginXYZ : true
| |---project2
| | |---members
| | |---simpleloginEFG : true
| | |---simpleloginXYZ : true
Could someone show me how to define this rule? Or do I have to reorganize the structure of the data?
Thanks.
Upvotes: 0
Views: 267
Answers (1)
Frank van Puffelen
Reputation: 598847
Something like this will only allow a user to write to a project if they're a member of that project:
{
"projects": {
"$project": {
".read": true, /* anyone can read */
".write": "root.child('projects/'+$project+'/members/'+auth.uid).exists()"
}
}
}
Update: allowing all users to see a list of all projects
As you already discovered: if you want to list all projects for all users, you'll need to put .read outside of $project:
{
"projects": {
".read": true,
"$project": {
".read": true, /* anyone can read */
".write": "root.child('projects/'+$project+'/members/'+auth.uid).exists()"
}
}
}
Update: allowing only members to read a project
These rules will allow users to only see projects that they're a member of.
{
"projects": {
"$project": {
".read": "root.child('projects/'+$project+'/members/'+auth.uid).exists()",
".write": "root.child('projects/'+$project+'/members/'+auth.uid).exists()"
}
}
}
Upvotes: 2
Related Questions
- how do I implement role based access control in firebase
- Firebase Database Security
- Security rules in Firebase
- Firebase security per user
- Firebase + Auth0 security model
- Auth Rules in Firebase
- Firebase data structure & security
- Firebase security - user and admin permission
- Firebase Security Rules
- Account specific firebase