Search code examples
androidkotlinfirebase-realtime-databasegoogle-cloud-firestoreandroid-sharing

Android Sharing data between one app - 2 users

I developed an app which is simple TO-DO list app. I create there my daily plan, my weekly plan and so on. TODO list is made offline. Now I would like to share my TODO list with different users of app. Like relationship MOM-KIDS (one to many) so mom can see what her kids are doing. So there is a question how to do this? I would like somehow to mark to who I would like to send my daily plan. Should I register in some cloud hosting? Probably there will be a problem with referencing to someones DB to insert other user data into someones DB (public rules are not acceptable). Allowing .read to true for "admin" (mom) users in my opinion is also bad solution cause other moms can not their kids plan. Should I send it through broadcasts or what's should be the solution in problems like this?

@Edit I changed into Firestore DB but still I'm not sure how to get permission for users stored in array of receiverIds.

enter image description here

I was trying adjust Firestore security rules : searching for a user's id in array in a document into my case but I was getting always an errors. Can somebody tell me what I am doing wrong here?

service cloud.firestore {
  match /databases/{database}/documents {
    match /user_activity/{ids} {
      allow read, write: if request.auth.uid in get(/databases/{database}/documents/user_activity/{ids}).data.receiverId
    }
  }
}

Greetings!

Solution

  • The best way would be using a database like Firebase Firestore database. It would be an easy and simple solution to implement.

    For the data access rules, you can use Firebase security rules to enforce what you need.

    For eg. in your case, the mom can read the data but not write to it which can easily be done.

    Here are links to help you:

    Firebase Firestore Introduction

    Firebase security rules.

    Firebase Firestore Codelab

    Update:

    Okay, so here is I quickly simulated, tried it and it worked absolutely fine!

    This is the structure:

    These are the rules:

    rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
     match /item/{items}{
       allow write : if true;
       allow read :  if request.auth.uid in resource.data.uid;
     }
   }
}

    NOTE: uid in resource.data.uid refers to the array uid in document.

    And here are the screenshots of the results:

    Here, the uid is the one entered in the array in database. Therefore, read allowed. enter image description here

    Here, the uid is not the one in the array in database. Therefore, read not allowed.