Firebase sharing data with other users
I want to create item lists using Firebase that can be created by a user and then he can specify other users to share the list with (so they can also modify its contents). I plan to do this by using the following structure:
So the user section specifies the lists that a user has. Then the node 'lists', all lists created have a unique id and for each list its members are specified:
In this example, Rick is the admin of the list and Tom just a member. Now I want the rules to, for example, only allow reading and writing under the 'items' node, if the user id is present under the 'members' node.
Now I have two questions: 1. Is this approach the correct on or should my entire data structure be different for this purpose? 2. If the structure is fine, how should I write the rules such that the above described behavior is obtained and how do I generate a unique id for each list?
At first glance this seems like a reasonable starting point. I'd just replace the "values that are the same as the key" with a simple true, to save a few bytes of storage/bandwidth. Aside from that it's hard to give more "hard" advice without knowing all use-cases.
You might also want to consider a recent change: security rules can now validate queries, which means that you could potentially do without the /users/$uid/lists index. I recommend that you try this and see if it works for your use-case.
To allow read access to a list only to members of that list, these rules could be a starting point:
{
"rules": {
"lists": {
"$listid": {
"items": {
".read": "
data.parent().child('members').child('admin').val() === auth.uid ||
data.parent().child('members').child(auth.uid).exists()
"
}
}
}
}
}
The first line of that .read rule grants read access to the admin. The second line then grants read access to all other users.
Finally: as always I recommend reading NoSQL data modeling and watching Firebase for SQL developers.
- Spring Rest Template Put method is void, why?
- How to install ursina on pydroid?
- FileNotFoundException: /storage/emulated/0/Android
- How to Align Items in a Vertical 2-Column Grid Row by the Tallest Item in Jetpack Compose?
- Play Store error message 'To view this content, install and set up a web browsing app'
- How to use aapt2, where is the documentation?
- Identity verification at Google Play for a government org
- Task app:compileDebugJavaWithJavac failed
- How to darken a given color (int)
- React Native: Failed to launch emulator - "The emulator quit before it finished opening"
- Spotify Android SDK authorization only works if Spotify app is active
- bottomSheetDialogFragment full screen
- Execution failed for task ':app:checkDebugDuplicateClasses'. due to Duplicate class com.mapbox.android.core.permissions.PermissionsListener
- TypeError: Cannot read property 'isConfigured' of undefined
- How to grant Android runtime & special permissions on GMD Android Test Device
- CMake add_subdirectory given source which is not an existing directory
- font size is not working when using from html
- How to make an animated splash screen for android app using kivy?
- How to choose only doc,docx files through intent?
- Android Kotlin ARCore GeoSpatial API Type Mismatch Error: Earth? but Earth is Expected
- Type 'State<List<User>?>' has no method 'getValue(Nothing?, KProperty<*>)' and thus it cannot serve as a delegate
- READ_EXTERNAL_STORAGE permission for Android
- Android Studio device list stuck on loading
- Issues with Dagger Hilt and KSP in Android Kotlin Project: Cannot Resolve Symbol ‘Inject’
- Error: (JetPack Compose) Type 'TypeVariable(T)' has no method 'getValue(Nothing?, KProperty<*>)
- How to load Flutter assets in Android
- What are the Material Design dark theme colors?
- Could not find androidx.compose.compiler:compiler:provider(?)
- Attempting to add Google Code Scanner to simple android app. Only example I've seen is ML Kit sample
- Only receive ServerAuthToken with Credential Manager?