Definition of RealTimeDatabase Rules

0

How should my rules be, so that a logged-in user has access, can read and write only in their requests ???

{

"orders": {     "-LMqiTIhAr-VUMKpq8FD": {       "name": "asdasdsa",       "tel": "213"     },     "-LMr1wgwinGyew0rVpWs": {       "name": "sadasd",       "tel": "123"     }   },   "users": {     "-LMrEQ9Jb7KbkaqhHyMQ": {       "cnpj": "123456",       "email": "[email protected]"     }   } }

    
asked by anonymous 20.09.2018 / 16:23

1 answer

0

To apply the request (and user) access rule, you must add the Firebase Authentication user ID (UID) to the path that will be controlled.

Sample user UID: "rvCXWGhMkbYul6wS9gfxQSAXbmq1"

{  
   "pedidos":{  
      "rvCXWGhMkbYul6wS9gfxQSAXbmq1":{  
         "-LMqiTIhAr-VUMKpq8FD":{  
            "name":"asdasdsa",
            "tel":"213"
         },
         "-LMr1wgwinGyew0rVpWs":{  
            "name":"sadasd",
            "tel":"123"
         }
      }
   },
   "users":{  
      "rvCXWGhMkbYul6wS9gfxQSAXbmq1":{  
         "cnpj":"123456",
         "email":"[email protected]"
      }
   }
}   

Rule for writing and reading:

{
  "rules": {
    "pedidos": {
      "$uid": {
        ".write": "$uid === auth.uid",
        ".read": "$uid === auth.uid",
      }
    },
    "users": {
      "$uid": {
        ".write": "$uid === auth.uid",
        ".read": "$uid === auth.uid",
      }
    }
  }
}

Source: link

    
20.09.2018 / 20:53