I am working on a simple react-native To-do app with sharing features. I am using Firebase Storage for storage and sharing. However, I am a beginner to Firebase and couldn't understand how to proceed. My requirements are as follows
- Each user can add/remove/edit their own database entry.
- User A should be able to share some of their To-dos with User B. The share can be in either
vieworeditmode (exactly like a Google Drive file). - An option to permanently allow User B to see all future
vieworeditmode for any new to-dos. Basically, an option to allow or disallow User B to see the data.
My attempt: Bullet 1 can be achieved simply by
// These rules grant access to a node matching the authenticated
// user's ID from the Firebase auth token
{
"rules": {
"users": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
}
}
}
}
For Point 2 and Point 3, I plan to have a separate JSON file accessible by all the users. So when user A gives edit access to some of its data to User B, the JSON file for user B should be updated with A's uid. I am not able to write security rules for this because I am not aware if we can write rules to get data from a JSON file. Also, this method is not very good in my opinion, as some attacker may flood User B's JSON file with garbage entries and in fact can delete the existing entries also.
Any help to achieve this Google Drive-like sharing feature for Firebase storage will be appreciated. Thanks!
from Firebase Security Rules for a data sharing app
No comments:
Post a Comment