I try to get my firebase realtime database rules running correct but have a problem with a single property rule.
My firebase object looks like this example
"products": {
"KUg68BknfYWuEjAKla5": {
"cat": "Pizzas",
"likes": 132,
"item_price": 39.9,
"item_price_single": 39.9,
"name": "Mussarela",
"observation": "",
"product_id": "-KUg68BknfYWuEjAKla5",
"product_image": "massapan-mussarela.jpg",
"quantity": 1
}
My rules for this object look right now like this
"products": {
".read": true,
".write": "root.child('users').child(auth.uid).child('admin').val() == 'user_is_admin'"
".indexOn": ["status", "categoryId"]
},
So basically I allow everybody to read the object but only the admin to write the object. My problem is that the single property "likes" need to be writeable by every authenticated user. Which I would normally do with ".read": "auth != null", but I dont know how to combine them in my rules. Can I set multiple lines with .write? do I need to combine them in one line? I tried all I can think of but without success.
thx in advance
You can specify access to specific child nodes within the rules. For example
rules that would only allow reading the likes node by all but limit writing to the admin would look something like this (not tested but something along these lines)
On the other hand the item_price node could be written to and read by all. None of the other child nodes would be accessible by anyone.