My basic question is how do you setup Firebase rules to only allow access certain leaf nodes from their parent?
Lets say I have data that looks like this:
root: {
posts: {
post1: {
user: "foo",
post: "this is a post",
restricted: false
},
post2: {
user: "bar",
post: "this is another post",
restricted: true
},
post3: {
user: "bar",
post: "this is my final post",
restricted: false
}
}
}
I want to $bind to the posts node and get all the posts which that user is allowed to get. I might want the admin to access all of the posts but non-admins to only be able to access post1 and post3.
Note: I'm using angularFire's $bind to synchronize nodes.
I don't believe this is possible but I would like to be able to set up my rules kinda like this:
{
"rules": {
"posts": {
".read": "auth.admin || $post.hasChild('restricted').val() !== true",
"$post": {
}
}
}
}
How are other users accomplishing this? Thanks.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
