I'm struggling with understanding how I can allow users to create new records in the list, but only allow creators to update their own posts.
E.g. the following structure:
post {
post1: {
author: "user1"
text: "Some text"
}
post2: {
author: "user2"
text: "Some text 2"
}
}
Here, I want both users to be able to create new posts. But also protect, say, post2 from being edited by user1. Thus, only user1 can edit post1 and only user2 can edit post2.
You'd want to do something like this:
{"rules": {
"post": {
"$id": {
".write": "auth !== null && (!data.exists() || data.child('author').val() === auth.uid)"
}
}
}}
Here you're only allowing write if the user is logged in and a) the node attempting to be written is empty or b) the node attempting to be written was authored by the current user.
来源:https://stackoverflow.com/questions/41726937/firebase-rules-allow-push-but-not-allow-update