Firebase rules realtime database

Question

I try to return to the user the list of his chat with a rule. So I don't know the id of the conversations. I have tried several methods but none of them work because you have to know the chat id.

Database :

{
  "Chats" : {
    "-MPnCVZSVi5C3QbHnXl3" : {
      "messages" : [ {
        "createdAt" : 1609324431814,
        "text" : "Gggwdhj",
        "user" : "3Oi1atf8l2P4Vgsb8tZOGxpUg7q2"
      } ],
      "name" : "toto",
      "users" : {
        "3Oi1atf8l2P4Vgsb8tZOGxpUg7q2" : true
      }
    }
  }
}

Rules :

   {
      "rules": {
           
         "Chats": {
            
              ".read": "data.child('users').hasChild(auth.uid)",
              ".write": "true"
            
    
          }
      }
    }

Result :

But when I access from the react native application. Access to chats does not pass for an authenticated user(uid : 3Oi1atf8l2P4Vgsb8tZOGxpUg7q2)

*The read failed: Error: permission_denied at /Chats: Client doesn't have permission to access the desired data.

Rules :

{
  "rules": {
     "Chats": {
        "$uid":{
          ".read": "data.child('users').hasChild(auth.uid)",
          ".write": "true"
        }

      }
  }
}

Query :

 firebase.database().ref('Chats')
        .limitToLast(20)
        .on('child_added', snapshot => {
            callback(this.parse(snapshot))
        }, function (errorObject) {
            console.log("The read failed: " + errorObject);
        });

Answer 1

If you want to apply a certain rule/set of rules to all child nodes, you can use a $ wildcard like this:

{
  "rules": {           
     "Chats": {
        "$chatId": {
           ".read": "data.child('users').hasChild(auth.uid)",
           ".write": "true"
        }            
     }
  }
}

For more on this, see the Firebase documentation on $ wildcard variables. In general I'd recommend reading the Firebase docs on security rules end-to-end as they're not that long, and a few hours spent there now will save you much more time down the line.