How to constrain read/write rules to the users tha

2019-01-29 08:41发布


The goal is that the users are able to write to the buildings and depts node but only to the ones they create. I.E: if a user creates node A in buildings only him can read/write to node A.

This is essential the database structure:

  "buildings" : {
    "-L9HIbKu5fIe8rfoePgi" : {
      "address" : "",
      "hasDepts" : {
        "-L9HIdScisDItysCnMlm" : true
      "name" : "building 1",
      "ownerID" : "6hwNde08Wuaa9bfReR28niSbOsF3"
  "depts" : {
    "-L9HIdScisDItysCnMlm" : {
      "inBuilding" : "-L9HIbKu5fIe8rfoePgi",
      "name" : "dep 1",
      "ownerID" : "6hwNde08Wuaa9bfReR28niSbOsF3"
  "users" : {
    "6hwNde08Wuaa9bfReR28niSbOsF3" : {
      "isAdmin" : {
        "-L9HIbKu5fIe8rfoePgi" : true
      "name" : "João Alves Marrucho",
      "userEmail" : ""

I thought this rules would work but they don't:

"users": {
  "$uid": {
    ".read": "$uid === auth.uid",
    ".write": "$uid === auth.uid"
"buildings": {
  "$id": {
    ".read": "data.child('ownerID').val() == auth.uid" , 
    ".write": "data.child('ownerID').val() == auth.uid"  
"depts": {
  "$id": {
    ".read": "data.child('ownerID').val() == auth.uid" , 
    ".write": "data.child('ownerID').val() == auth.uid"  

Component code used to write the data:

addBuilding: function () {
  let userId = firebase.auth().currentUser.uid;
  let buildingKey = buildingsRef.push().key
  this.newBuilding.ownerID = userId;

addDept: function (building) {  
  let userId = firebase.auth().currentUser.uid;
  let ownerID = userId; 
  let deptKey = deptsRef.push().key
  let deptName =;
  this.newDept.inBuilding = building.pushKey; // grabbing the pushKey from a function in the Created hook
  this.newDept.ownerID = userId;
  let buildingHasDepts = buildingsRef.child(building.pushKey).child("hasDepts"); // declare the right building node

Component code user to read the data:

 <tr v-for="(building, index) in buildings">
        <input v-bind:title="" type="text" class="inputTablePlaceholder" ref="inputTablePlaceholder" v-on:keyup="showCancelSave($event)" v-bind:placeholder=''>
        <div class="inputTableButtons">
          <button class="tableButton" style="margin-right: 7px"  @click="keepCurrentBuildingName($event, building), hideCancelSave($event, building)">Cancel</button>
          <button class="tableButton" style="margin-right: 7px" @click="saveBuildingName($event, building), hideCancelSave($event)">Save</button>
        <template v-for="dept in depts" >
         <ul class="tableUl" v-if="dept.inBuilding == building['.key']" >
          <router-link  :to="`/rooms/${dept['.key']}.${}`">
            <li class="tableLi">{{}}</li>

Any idea on how to make this work?