angularjs - How do I specify read and write permissions for a certain object property in Firebase? -

So, I'm using a thin and simple login to make users an app, and each user has different Properties are Everything works fine on the front end - I am able to register a user, I can repeat the users, I can edit the user's properties. However, the problem is that people who are logged in can also edit the properties of all the Eels.

Now, I'm trying to understand the firebase security rules.

Here's my data structure:

  {"users": {"simplelogin: 1": {"color": "yellow", "date": 1426324169995, "Email": "test@test.com", "firstname": "James", "Image": "http://telehealth.org/wp-content/images/user-placeholder.jpg", "Project Description" : "Color:" "Color": "Orange", "Simple": "Possible", "Upcoming": "PTO / WFH / OOO", "Yahoo": "Yahoo", "Simple Login: 2" Date ": 1410328158691," email ":" qa@qa.com "," Firstname ":" Jane "," Image ":" http://telehealth.org/wp-content/images/user-placeholder.jpg " , "Project Description": "Currently Working ...", "Upcoming Here are my firebase protection rules:  
  
 
  
 
 
 
 Code> {"rules": {"user": {".read": true, ".write": true}, "$ uid": {"color": {".read": true, ".write ":" Auth! = Null & amp; Auth.uid == $ uid "}}}}  
 
 In this example, what am I trying to do is to get the new user Seen and made (which works), and also  my question is : how can I fix my firebase security rules so that a logged in user The subject can only edit their properties, such as $ $ 
 
 Thank you! 
 

correct.

• You have rules for $ uid user .
  • In that case, you can & lt; Your-firebase & gt; .firebaseio.com / $ uid , & lt; Your-firebase & gt; Firebaseio.com / users / $ uid
  • Which means that / user has unrestricted read and write access, even if Auth's
  • The W hat you want to define for the read / write rule in the / user for the user code, which you do Can accomplish something with:

    {"rules": {"users": {"$ user_id": { // Grant writes the record for the owner of this user account, whose UID key ($ User_id) is ".write": "$ user_id === auth.uid"}}}}  

  Source:

  • This will allow any Allows the yogi to write read to be enabled in a / user / $ uid ref, but with only a specific $ uid In addition, you should keep in mind that the guide uses the === , not == no.

  Resource

• This section explains allowing specific users to read / write.

• "Part of a safe guide", the documentation says:

  rule cascade

  This security And the Firebase rule is an important concept to understand. The rules of the child can only give additional privileges to parents who have already declared parental nodes. They can not take back a reading or privilege.

  With the exception of definitions, security and firebase rules work from a top-down model. If a parent nodes read or writes a grant, then it also gives access to all the hair nodes under it.

• Shows the implementation of these rules.