firebase-rules.json

{
  "rules": {
    "facebook-users": {
      "$user_id": {
        ".read": "$user_id === auth.uid",
        ".write": "$user_id === auth.uid",
        "friends": {
          "$friend_id": {
            ".read": "$user_id === auth.uid || $friend_id === auth.uid",
            "inbox": {
              ".write": "$friend_id === auth.uid && root.child('facebook-users').child($user_id).child('friends').hasChild($friend_id)",
            }
          }
        },
        "clients": {
          ".read": "$user_id === auth.uid || root.child('facebook-users').child($user_id).child('friends').hasChild(auth.uid)"
        }
      }
    },
    "google-users": {
      "$user_id": {
        ".read": "$user_id === auth.uid",
        ".write": "$user_id === auth.uid",
        "friends": {
          "$friend_id": {
            ".read": "$user_id === auth.uid || $friend_id === auth.uid",
            "inbox": {
              ".write": "$friend_id === auth.uid && root.child('google-users').child($user_id).child('friends').hasChild($friend_id)",
            }
          }
        },
        "clients": {
          ".read": "$user_id === auth.uid || root.child('google-users').child($user_id).child('friends').hasChild(auth.uid)"
        }
      }
    },
    "simplelogin-users": {
      "$user_id": {
        ".read": "$user_id === auth.uid",
        ".write": "$user_id === auth.uid",
        "friends": {
          "$friend_id": {
            ".read": "$user_id === auth.uid || $friend_id === auth.uid",
            "inbox": {
              ".write": "$friend_id === auth.uid && root.child('simplelogin-users').child($user_id).child('friends').hasChild($friend_id)",
            }
          }
        },
        "clients": {
          ".read": "$user_id === auth.uid || root.child('simplelogin-users').child($user_id).child('friends').hasChild(auth.uid)"
        },
        "friendRequestsWithToken": {
          "$permission_token": {
            ".write": "root.child('simplelogin-users').child(auth.uid).child('receivedInviteTokens').hasChild($permission_token) && root.child('simplelogin-users').child($user_id).child('generatedInviteTokens').hasChild($permission_token)"
          }
        },
        "receivedFriendRequests": {
          "$friend_id": {
            ".write": "$friend_id === auth.uid"
          }
        },
        "acceptedFriendRequests": {
          "$friend_id": {
            ".write": "$friend_id === auth.uid && root.child('simplelogin-users').child($user_id).child('sentFriendRequests').hasChild($friend_id)"
          }
        },
        "profile": {
          ".read": "root.child('simplelogin-users').child($user_id).child('friends').hasChild(auth.uid)"
        }
      }
    },
    "simplelogin-user-mapping": {
        ".read": "true",
        ".write": "true"
    },
    "v2": {
      "facebook-users": {
        "$user_id": {
          ".read": "$user_id === auth.uid",
          ".write": "$user_id === auth.uid",
          "friends": {
            "$friend_id": {
              ".read": "$user_id === auth.uid || $friend_id === auth.uid",
              "inbox": {
                ".write": "$friend_id === auth.uid && root.child('v2/facebook-users').child($user_id).child('friends').hasChild($friend_id)",
              },
              "inviteResponses": {
                "$permission_token": {
                  ".write": "$friend_id === auth.uid && root.child('v2/facebook-users').child(auth.uid).child('receivedPermissionTokens').hasChild($permission_token) && root.child('v2/facebook-users').child($user_id).child('generatedPermissionTokens').hasChild($permission_token)"
                }
              }
            }
          },
          "clients": {
            ".read": "$user_id === auth.uid || root.child('v2/facebook-users').child($user_id).child('friends').hasChild(auth.uid)"
          },
          "profile": {
            ".read": "root.child('v2/facebook-users').child($user_id).child('friends').hasChild(auth.uid)"
          }
        }
      },
      "google-users": {
        "$user_id": {
          ".read": "$user_id === auth.uid",
          ".write": "$user_id === auth.uid",
          "friends": {
            "$friend_id": {
              ".read": "$user_id === auth.uid || $friend_id === auth.uid",
              "inbox": {
                ".write": "$friend_id === auth.uid && root.child('v2/google-users').child($user_id).child('friends').hasChild($friend_id)",
              },
              "inviteResponses": {
                "$permission_token": {
                  ".write": "$friend_id === auth.uid && root.child('v2/google-users').child(auth.uid).child('receivedPermissionTokens').hasChild($permission_token) && root.child('v2/google-users').child($user_id).child('generatedPermissionTokens').hasChild($permission_token)"
                }
              }
            }
          },
          "clients": {
            ".read": "$user_id === auth.uid || root.child('v2/google-users').child($user_id).child('friends').hasChild(auth.uid)"
          },
          "profile": {
            ".read": "root.child('v2/google-users').child($user_id).child('friends').hasChild(auth.uid)"
          }
        }
      }
    }
  }
}