angularFire and Authentication

Question

Taking the TodoMVC example into consideration (https://github.com/firebase/angularFire/tree/gh-pages/examples/todomvc), if I were to add authentication to this app, how could I handle the visibility of a user - i.e. if User1 adds todo items, I'd like to make sure that it's only visible to them and if User2 logs in, he doesn't see User1's items. How can I achieve this?

On top of this - I guess this second question is somewhat relevant to the previous one - what is the best way to store todos and users and the visibility of each todo?

Answer 1

Assuming that we're talking about Simple Login for authentication, the user object will contain an ID (with custom login, you will determine the contents). Split the todos up by user id, storing them in separate paths.

/todos/user_id/...

Then in security rules, after login, the auth object contains the user's id, so you can secure each path by user:

"todos": {
   "$user_id": {
       ".read": "auth.id === $user_id",
       ".write": "auth.id === $user_id",
   }
}

Keep in mind that if you are going to use multiple providers, then you will also want to split this up by provider, since ids are only unique for a given provider.

/todos/provider_id/user_id
"todos": {
   "$provider_id": {
       "$user_id": {
           ".read": "auth.id === $user_id && auth.provider === $provider_id",
           ".write": "auth.id === $user_id && auth.provider === $provider_id",
       }
   }
}