Using angularFire, I am fetching data in my project:
angular.module('FireApp', ['firebase'])
.controller('Document', function($scope, $routeParams, angularFire){
var url = "https://my-account.firebaseio.com/test" + "/" + $routeParams.data;
angularFire(url, $scope, data);
});
The issue here is that the URL will load all the contents of '' including its nested elements.
The '/data' consists of an array of objects which may resemble the parent of "/data":
data: ["0" : {
"data" : [...],
"meta" : {
"active" : false
},
"sign" : [...]
},
"1" : {
"data" : [...],
"meta" : {
"active" : true
},
"sign" : {...}
},
"2" : {
"data" : [...],
"meta" : {
"active" : false
},
"sign" : {...}
}]
I aim to restrict unauthenticated angularFire clients to only receive elements from the data array where meta.active equals true. The active flag plays a crucial role in deciding what data should be sent upon angularFire request. Unauthenticated clients are not allowed to modify the data as per the rule I envision: "do not send the grandparent data if 'active = false' unless the client is authenticated". This rule must be relative and not absolute; authenticated clients can both retrieve and edit the entire dataset.
I'm exploring if such rules could be implemented using Firebase Simple Login and Security Rules.
If it's not possible for a grandparent, I can consider moving the 'active' flag one level up to affect its parent instead.
Thank you for your attention,
Jared