I've been tried to made a rules in Firebase Realtime Database. So, i wants to allow .write
if newData
only has these two child which data1
and data1
.
{
"rules": {
".read" : false,
"$user": {
".read": true,
".write": "newData.hasChildren(['data1', 'data2']) && !newData.hasChild('other')"
}
}
}
It succeed not allowed the newData
that doesn't have neither of ['data1', 'data2']
. But the problem is, it will also allowed every data that have both of ['data1', 'data2']
and more other child. In this part of rules as you can see !newData.hasChild('other')
I've tried to select any other child as other
without $
mark, turns out it didn't worked
Your rule only rejects the write of there is a child named other
, which is not the use-case you're looking to implement.
To allow writing data1
and data2
only, you need to define rules one level deeper:
{
"rules": {
".read" : false,
"$user": {
".read": true,
".write": "newData.hasChildren(['data1', 'data2'])",
"data1": { ".validate": true },
"data2": { ".validate": true },
"$other": { ".validate": false }
}
}
}
So now the data1
and data2
children are considered valid, but any other children (as indicated by the $other
rule) are invalid/rejected.