Security rules #34
Description
- a user should only be able to view their own workouts
What else?
Fabi's notes:
The people key contains the list of registered users, and we must ensure that a user should only be able to add their own entry. We'll also let them modify the entry if they wish, because we'll store some metadata about the user (such as the profile picture URL) here. Remember the authentication token we obtained earlier? The token also contains the user ID of the user to whom the token was issued, which we will refer to in our rules as auth.id:
{
people: {
$userid: {
".write": $userid == auth.id
}
}
}
[...]
source: https://firefeed.io/about.html