Firebase rules to prevent delete

Question

I have a firebase structure of something along this line -

root {
 groups {
    gid: {  //group ID
       authid: ... //group creator's uid
       members: { //uid of members
          ...
       }
       posts: {
          ...  //posts ID
       }
    }
  }
}

I want these features -

1. Any user can create new group. This means I need to give write access to '/groups/' to everyone authorized. But they should not set null to the whole node. So, I can do this ".write":"(!data.exists() && auth.uid != null) || (data.exists() && newData.exists()"

2. A single group can be deleted by only the author. This means I need to give the permission to set null to the individual group nodes to the authors. This is the part where I'm stuck. Because, shallower rules override deeper rules. So, if I just write

   "groups": { "$gid": { ".write":"!newData.exists() && data.child('authid').val() === auth.uid" } }

   this will be plain ignored.

3. I don't want anyone, even the author to set null to the individual nodes inside a group. Which means the author can delete a whole group, but not, say, the members node

Answer 1

Right now you're requiring that there is no data after the write operation.

What you want is that either no data

".write": "
    (data.exists() && !newData.exists() && data.child('authid').val() === auth.uid)
 || (data.exists() && newData.exists() && data.child('members').child(auth.uid).exists())
 || (!data.exists() && newData.child('authid').val() === auth.uid)
"

Line:

1. Allow deleting by the owner.
2. Allow updating by any member (this assumes the owner is also a member).
3. Allow creating by anyone, as long as they make themselves the owner).