Currently I have a simple todo app whereby users can create a list then tick off items as done. The data is structured as follows: '/acc_' + USER_ID +'/done' and '/acc_' + USER_ID +'/todo'. As items are "done" they are moved to the done list.
What I'd like is for a user to be able to share a list with another authenticated user.
The rules currently look like the following which seem to work.
{
  "rules": {
        "$userPath": {
            ".read": "auth != null",
            ".write": "auth != null",
            ".validate": "$userPath === 'acc_' + auth.id"
        }
    }
}
What I think I need to do is have each user having an array of approved email addresses have somehow hook that into the security rules.
Alternatively I could make a list in the root and have only the creator and shared users access it.
Any guidance?
Since the user decides who'd they like to share the list with, I'd store that information in the user data itself. For example:
{
  "rules": {
    "$userPath": {
      ".write": "$userPath == 'acc_' + auth.id",
      ".read": "$userPath == 'acc_' + auth.id || root.child($userPath).child('shared').hasChild(auth.id)"
    }
  }
}
And then store the list of users the data is shared with in acc_userid/shared/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With