I want to know which user pushed the task on the firebase queue in my worker code. I can push the userId in the task, but that is not secure, any other user can push other user's userId. Is there a way I can access the user who pushed the task in the queue.
It's fairly easy to secure your database so that users can only push tasks that contain their own UID.
For example, say you have this JSON structure:
tasks
task1
creator: "uidOfPankaj"
description: "Whatever other fields your task needs"
task2
creator: "uidOfPuf"
description: "Fields for Frank's task"
You can ensure that a user can only push tasks with their own UID under the creator property with these rules:
{
"rules": {
"tasks": {
"$taskId": {
".write": "newData.hasChildren(['creator', 'description'])",
"creator": {
".write": "newData.val() == auth.uid",
}
}
}
}
}
I recommend you read the documentation on Firebase security rules and pay special attention to the section on user based security.