I have the following data structure:
/users/$userId/profile/...
/users/$userId/job/...
/users/$userId/personal/...
Suppose that I want to read some data about users' job and profile and show it as a list. There are 2 (related) problems here:
1. How can I set the .read security rule. If I say:
"users": {
".read": "auth != null",
...
}
then the rule cascades. Why can't I replicate the same rule three times under the three different paths? because, then I get an error while joining the paths together. Consider this:
var ref = fbutil.ref();
var refSearch = new Firebase.util.NormalizedCollection(
[ref.child('users'), 'usrId']
).select('usrId.job', 'usrId.profile').ref();
var result = refSearch.orderByChild("profile/name");
return $firebaseArray(result);
If I have three different rules under the three paths, the above would fail, because it cannot read the usrId itself.
2. I'm not sure if using NormalizedCollection is the best solution here. Is there any other way to join the 2 paths? This could help solve the first problem as well.
So, how can I join the 2 path (/users/$userId/profile/ and /users/$userId/job/) without making the '/users/$userId' path readable?
If you need to have a separation between public and private data, make that part of your structure:
{
"rules": {
"users": {
"$user_id": {
private: {
".read": "$user_id === auth.uid"
}
public: {
".read": "true",
"job": {},
"profile": {}
}
}
}
}
}