best easy know
1、auth != null -- only auth pass user ( login success user)
2、$uid === auth.uid -- usually only data owner can read or modify
$userId === auth.uid
==========
1、only admins group can wirte data
a. Database data
add admins -> add uid:true (uid -> user in admins group)
b. Database rule
add
{
"rules": {
"admins":{
".read" : "auth != null && root.child('admins').hasChild(auth.uid)",
".write" : "auth != null && root.child('admins').hasChild(auth.uid)"
}
}
}
now uid in admis, can modify admins
If items only admis can add or modify, everyone can read.
{
"rules": {
"items":{
".read" : "auth != null ",
".write" : "auth != null && root.child('admins').hasChild(auth.uid)"
}
}
}
2、maybe your want user in admins group and some special oooooxxxx
{
"rules": {
"items":{
".read" : "auth != null ",
".write" : "auth != null && root.child('admins').hasChild(auth.uid) && root.child('admins').child(auth.uid).val()==="oooooxxxxxx" "
}
}
}
http://stackoverflow.com/documentation/firebase/3352/database-rules#t=201701110341085943147
https://gist.github.com/sararob/331760829a9dcb4be3e7 see HerRomero answer
http://stackoverflow.com/questions/21815229/is-there-a-way-to-restrict-registrations-in-firebase/21834842#21834842