CODEWITHSUNDEEP
firebasefirebase-realtime-databasefirebase-authentication
user755
user755

Reputation: 2661

data structuring in Firebase

I have my data like, a teacher and few students with payment options.

I want to structure below data.

  1. Authenticated teacher with read/write access to students profiles.
  2. r/w access to Authenticated student profile.
  3. invoice readable by student however, write access to teacher.

looking for inputs/help in structuring the above dB with security rules in firebase.

Update Use below sample DB to test against Bradley answer.

 {
"invoices" : {
"stid1" : {
  "studentID" : "9EtsXHveIyaEkkLLk5hpo6vCtVx1"
}
},
"students" : {
"3d2HnQUxAbgaOqWBEqfDuhkhkj63" : {
  "name" : "s2"
},
"9EtsXHveIyaEkkLLk5hpo6vCtVx1" : {
  "name" : "s1"
}
},
 "teachers" : {
  "aiBunX1rZceD2lRslEmCrFHS2XF3" : {
  "name" : "s1"
  }
 }
}

Upvotes: 2

Views: 79

Answers (1)

Bradley Mackey
Bradley Mackey

Reputation: 7668

The following database rules:

{

"rules": {
    // teachers profiles stored under this node
    // teachers can read and write under their own node
    "teachers": {
        "$teacherID": {
            ".read": "auth != null && auth.uid == $teacherID",
            ".write": "auth != null && auth.uid == $teacherID"
        }
    },
    // teachers can r/w student profiles, and the students can also r/w their own profile
    "students": {
        "$studentID": {
            ".read": "auth != null && (root.child('teachers').child(auth.uid).exists() || auth.uid == $studentID)",
            ".write": "auth != null && (root.child('teachers').child(auth.uid).exists() || auth.uid == $studentID)"
        }
    },
    "invoices": {
        "$invoiceID": {
            // assuming each invoice has the student ID located at /$invoiceID/studentID
            // students can read, teachers can r/w
            ".read" : "auth != null && (root.child('invoices').child($invoiceID).child('studentID').val() == auth.uid || root.child('teachers').child(auth.uid).exists())",
            ".write": "auth != null && root.child('teachers').child(auth.uid).exists()"

        }
    }
}

}

Works on the following database:

{ 

"teachers" : { 
    "aiBunX1rZceD2lRslEmCrFHS2XF3" : { 
        "name" : "s1" 
    } 
},

"students" : { 
    "3d2HnQUxAbgaOqWBEqfDuhkhkj63" : { 
        "name" : "s2" 
    }, 
    "9EtsXHveIyaEkkLLk5hpo6vCtVx1" : { 
        "name" : "s1" 
    } 
}, 

"invoice" : { 
    "stid1" : { 
        "9EtsXHveIyaEkkLLk5hpo6vCtVx1" : { 
            "ispaid" : false 
        }, 
        "studentID" : "9EtsXHveIyaEkkLLk5hpo6vCtVx1" 
    } 
} 

}

Upvotes: 1

Related Questions