Search code examples
firebasefirebase-realtime-databasefirebase-security

Firebase - Database : How to restrict access to sub-levels of other trees according to users

I am a bit stuck on my project.

I have a list of users which include the events allowed. I have a list of events with users allowed.

I want to allow a user to get only the list of their events in "users". And of course, I want the json sent to only include the the content of their events.

See the Database

enter image description here

See the Rules

enter image description here

Thank you for your help

Solution

  • If I understand correctly, you want to allow a user access (read/write ?) to a specific part of the your database/events.

    According to the Firebase Secure Your Data docs, you can specify who gets what. If you want the current user to be able to see the data in an event, I think this rule should work :

      {
   "rules": {
        "events": {// allows read to /events
          "$eventID": {
            ".read": "data.child('users').child(auth.uid).exists()",
            ".write": false
          }
        }
     }
   }

    If you want the user to be able to edit the information as well, copy the rule from .read to .write.

    As for sending the JSON of this event specifically, you need to do it with a db query to that specific node in the DB.