Firebase: allow all users to create but only owners to edit while allowing users to "join" rooms

Question

In my app I have public groups that can be created by anyone but only edited (edit group metadata) by the creator/owner. Also a group can be joined by any authenticated user (and left by users who already joined).

I have the following test data:

"public_groups" : {
    "group1" : {
      "metadata" : {
        "name" : "swag2017",
        "numUsers" : 2,
        "owner" : "user1",
        "price" : 500
      },
      "users" : {
        "user1" : "",
        "user2" : ""
      }
    }
  }

I have the following set of rules:

"public_groups": {
    ".read": "auth !== null",
    //Either group id is new or writer is the owner of the group
    "$groupId": {
      ".write": "auth !== null && (!data.exists() || data.child('metadata').child('owner').val() === auth.uid)",
      "metadata": {
        ".validate": "data.child('owner').val() == auth.uid"
      },
      "users": {
        "$userId": {
          ".validate": "auth !== null && (!data.exists() || $userId == auth.uid)"
        }
      }
    }
},

Everything works properly, except for new users are not allowed to join the group (since it's editable only by owners).

It's blocked by the rule

".write": "auth !== null && (!data.exists() || data.child('metadata').child('owner').val() === auth.uid)"

Is it possible to leave all the restrictions while allowing new users to join the group? Or should I restructure my data?

Answer 1

Probably restructure. IMO you should pull your group membership records out of your public_groups nodes and make a top level group_membership node with a child node for each group that contains memberships for that group.