firebase - Database rule allowing to list children with read access -

i have list of messages in app, , users retrieve list of own messages.

if i'm logged in "user1" can fetch /messages/message1 without problems, if want retrieve messages (without being able access other user's messages) /messages/ permission denied though have access of child elements

how can give users list of of child elements read permission without knowing ids of messages?

thank in advance.

below database:

{   "messages" : {     "message1" : {       "sender" : "user1_uid"       },     "message2" : {       "sender" : "user1_uid"     } } 

and here rule:

{     "messages": {         "$weddingid": {             ".read": "data.child('sender').val() == auth.uid"         }     } } 

adolfo has 1 valid approach. spreads message data under user-specific nodes. common in nosql databases, building many "mini-tables of messages" instead of 1 large one.

alternatively, can keep master list of messages now, create so-called index of messages each user:

{   "messages" : {     "message1" : {       "sender" : "user1_uid"       },     "message2" : {       "sender" : "user1_uid"     }   },   "user_messages": {     "user1_uid": {       "message1": true,       "message2": true     }   } 

you'd keep security rules messages have them now, add these new user_messages index:

"user_messages": {   "$userid":{     ".read": "$userid == auth.uid"   } } 

with these in place, you'd load message user first loading message ids /user_messages/<authdata.uid> , loading each individual message /messages/<messageid>.

see our guide on creating data scales more on technique (called fan-out).