I've been trying to understand the differences of one-to-many and many-to-one relationships in nosql databases. I purchased a few courses on this and Firestone security rules language and have a basic grasp of it all, but I can't think of an efficient way to make a document accessible with a group of people.
I'm trying to implement an application where a user can have a profile and add users to be able to visit the profile/page as well. The only way I know how to do this is to add a field of allowed users to a document and when a user pulls the document down if their ID isn't in that field of permitted users then the profile won't display. I understand this is horribly flawed in that the user was still able to read the document and could rewrite it if permissions aren't set correctly. The only security in this method is hoping that no malicious users no the file path to where documents are stored.
Does anyone know how to properly add a group of users to be able to access a document in firebase?
So far I've implemented UID authentication in Firestone rules to ensure that a user is authenticated, but still any authenticated user can read or write any document in the app I'm demoing around with right now.
I also know you can create custom user types in firebase. This doesn't seem a valid solution for my application since I want to create a custom 'group' for each user that has a profile. Any advice would be greatly appreciated.
