How should my rules be, so that a logged-in user has access, can read and write only in their requests ???
{
"orders": { "-LMqiTIhAr-VUMKpq8FD": { "name": "asdasdsa", "tel": "213" }, "-LMr1wgwinGyew0rVpWs": { "name": "sadasd", "tel": "123" } }, "users": { "-LMrEQ9Jb7KbkaqhHyMQ": { "cnpj": "123456", "email": "[email protected]" } } }
To apply the request (and user) access rule, you must add the Firebase Authentication user ID (UID) to the path that will be controlled.
Sample user UID: "rvCXWGhMkbYul6wS9gfxQSAXbmq1"
{
"pedidos":{
"rvCXWGhMkbYul6wS9gfxQSAXbmq1":{
"-LMqiTIhAr-VUMKpq8FD":{
"name":"asdasdsa",
"tel":"213"
},
"-LMr1wgwinGyew0rVpWs":{
"name":"sadasd",
"tel":"123"
}
}
},
"users":{
"rvCXWGhMkbYul6wS9gfxQSAXbmq1":{
"cnpj":"123456",
"email":"[email protected]"
}
}
}
Rule for writing and reading:
{
"rules": {
"pedidos": {
"$uid": {
".write": "$uid === auth.uid",
".read": "$uid === auth.uid",
}
},
"users": {
"$uid": {
".write": "$uid === auth.uid",
".read": "$uid === auth.uid",
}
}
}
}
Source: link