[AngularFire 2] Protect Write Access Using Security Rules

We cannot allow un-auth user to change the database data as they want, for Firebase, it is easy just need to overwirte the rules:

{
  "rules": {
    ".read": "true",
    ".write": "auth != null",
      "courses": {
        ".indexOn": ["url"]
       },
    "lessons": {
      ".indexOn": ["url"]
    }
  }
}

Here we set "write" needs auth, read dones't need auth.