Fixes #62
You can view the security issue in this report.
Solution
I removed the rule ".write": "auth != null && newData.child('author').val() == auth.uid" from /books/$book_id/offers/$offer_id since it was useless and instead, added the author check to the validation rule, because validation rules are not cascading.
Fixes #62 You can view the security issue in this report.
Solution
I removed the rule
".write": "auth != null && newData.child('author').val() == auth.uid"
from/books/$book_id/offers/$offer_id
since it was useless and instead, added the author check to the validation rule, because validation rules are not cascading.An analysis on the fixed rules can be seen here.