Open withcenter-dev2 opened 3 months ago
Before:
After:
Removed the newData.hasChild(auth.uid) === false
Once the auth.uid in users, they can add uids in the users (this is how we invite/join in chat-room)
However, upon critical checking, this rule will allow anyone (who is in chat-room users), to remove other members as well. The only uid that can be removed should be auth.uid.
This is for review.
Questions: