Reputation: 2429
Firebase Database query: test for existence of a given value without being able to list all values
Suppose I have a Firebase Database that looks like this.
root
devices
00EB4A1
0008634
devices_unowned
00056F3
000A689
A single device is only ever listed under devices or devices_unowned, never both. I need a secure way to allow an unowned device to become owned, without exposing the list of unowned devices.
A user of my mobile app may stumble upon a device that is currently unowned. I need them to be able to execute a query such as "root/devices_unowned/000A689 exists, yes or no?" but NOT to be able to execute one such as "list all the devices at /root/devices_unowned".
Is this possible?
Upvotes: 1
Views: 56
Answers (1)
Reputation: 599551
Seems very feasible to me:
{
"rules": {
"devices": {
"$deviceid": {
".read": true
}
},
"devices_unowned": {
"$deviceid": {
".read": true
}
}
}
}
With these rules every user can read each specific device, but no user (except those with administrative permissions) can read a list of all devices.
Upvotes: 1
Related Questions
- Check if value exists in firebase DB
- Checking if a particular value exists in the Firebase database
- Check for existence of value in firebase realtime database?
- How to check whether an entry with a value exists in Firebase with asynchronous query handling
- How to check if a certain value is there in a Firebase database
- How do I check if a value exists in a Firebase DB based on another value
- Android Firebase database, check if values exist
- Searching firebase if a value exists or not
- Firebase query for existence of keys
- Check if value exists in Firebase?