CODEWITHSUNDEEP
firebasefirebase-realtime-databasefirebase-authentication
user82395214
user82395214

Reputation: 929

How to specify rules to allow anyone to read a certain key/value pair

I am trying to let any user see only the name and email parameter. 

    "users": {
        "kanyesUID": {
            "name": "Kanye West",
            "email": "[email protected]",
            "sensitive_info": "a"
        },
        "taylorsUID": {
            "name": "Taylor Swift",
            "email": "[email protected]",
            "sensitive_info": "a"
        },
        "seacrestsUID": {
            "name": "Ryan Seacrest",
            "email": "[email protected]",
            "isAdmin": true
        }
     }

For the following code, I should get this output:

        "kanyesUID": {
            "name": "Kanye West",
            "email": "[email protected]"
        },
        "taylorsUID": {
            "name": "Taylor Swift",
            "email": "[email protected]"
        },
        "seacrestsUID": {
            "name": "Ryan Seacrest",
            "email": "[email protected]"
        }

firebase.database().ref('/users/').once('value').then(function(snapshot) {
    print_snapshot_json(snapshot);
});

What would the rules need to be to allow this to happen?

Upvotes: 0

Views: 16

Answers (1)

Doug Stevenson
Doug Stevenson

Reputation: 317372

You can't do this with security rules. You're attempting to use security rules as a filter to determine which fields will appear in search results, but that's not supported. A query must be able to read all the data that would be returned by the query. What you can do instead is split the public and private fields of each user into separate top-level nodes, so they can be queried for and protected separately.

For more details, please read the documentation, specifically the section titled "rules are not filters".

Upvotes: 1

Related Questions