dimanche 4 janvier 2015

Basic security rules with Firebase

I'm having issues implementing basic security rules with Firebase (I read documentation on Firebase and SackExchange but cannot make security rules work):


The model (Emberjs representation of the model):



App.User = DS.Model.extend({
  uid: DS.attr('string'),
  displayName: DS.attr('string'),
  books: DS.hasMany('statistic', { inverse: 'user', async: true}),
  actions: DS.hasMany('action', { inverse: 'user', async: true}),
});


App.Action = DS.Model.extend({
  date: DS.attr('date'),
  actionType: DS.attr('string'),
  comment: DS.attr('string'),
  user: DS.belongsTo('user', {inverse: 'actions', async: true} )
});


App.Book = DS.Model.extend({
  name: DS.attr('string'),
  description: DS.attr('string'),
  user: DS.belongsTo('user', { inverse: 'books', async: true} )
});


The 3 nodes (models) are stored directly in the root of the Firebase app. The Book and Action models have a user field (property).


What are the rules to writes so that:



  1. Only the user identified in the user field of the Book and Action models (nodes) can have read and write access to their own data? (The value of the user field in Book and Action must be equal to the value of auth.uid in Firebase for the user to be granted the read and write privileges.)

  2. That the users can only access the information of the User model (node) that pertain to them?


Thanks





Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)