堆栈内存溢出
  简体   繁体   English

验证Firebase后读取数据时权限被拒绝

[英]Permission denied when read data after authentication Firebase

 原文  2015-11-23 17:07:06       android/ firebase/ firebase-security/ firebase-realtime-database

问题描述

I'm new in Firebase, the problem when i read data after authentication Firebase is PERMISSION DENIED. 我是Firebase的新手,我在身份验证Firebase之后读取数据时遇到的问题是PERMISSION DENIED。 I research all topic and I found the same problem here: Firebase Permission denied when reading data after authentication . 我研究了所有主题,并在这里发现了相同的问题: 验证后读取数据时,Firebase权限被拒绝 But Frank van Puffelen ' answer not work for me. 但是弗兰克·范·普菲伦的回答对我不起作用。 Here is my Firebase rules: 这是我的Firebase规则: 

{
"rules": {
  "user": {
    "$uid": {
      "profile": {
        ".read": "auth != null && auth.uid == $uid",
        ".write": "auth != null && auth.uid == $uid"
      },
      "account": {
        ".read": false,
        ".write": false
      },
      "shared": {
        "$sharedid": {
          ".read":  "auth != null && auth.uid == $uid",
          ".write": false
        }
      },
      "shared_user": {
        ".read": false,
        ".write": false
      }
    }
  },
  "node": {
    "$uid": {
      ".read": "auth != null && auth.uid == $uid",
      ".write": "auth != null && auth.uid == $uid"
    }
  },
 "shared": {
    "$sharedid": {
      ".read": "auth != null && root.child('user').child(auth.uid).child('shared').child($sharedid).child('read').val() === true",
      ".write": "auth != null && root.child('user').child(auth.uid).child('shared').child($sharedid).child('write').val() === true"
    }
  }
}

} }

I found many way but still get PERMISSION DENIED. 我找到了很多方法,但仍然被拒绝。 Please help me! 请帮我!

Edit: Here my authen: 编辑:这是我的身份验证: 

mFirebaseRef= new Firebase("https://my-dashboard.firebaseio.com");
mFirebaseRef.authWithPassword(Constants.EMAIL, Constants.PASSWORD, new AuthResultHandler("password"));

Authen handle: 身份验证句柄: 

private class AuthResultHandler implements Firebase.AuthResultHandler{

    private final String provider;

    public AuthResultHandler(String provider){
        this.provider=provider;
    }
    @Override
    public void onAuthenticated(AuthData authData) {
        Log.i(TAG, provider + " auth successful");
        getData(mFirebaseRef.child("node"));
    }

    @Override
    public void onAuthenticationError(FirebaseError firebaseError) {
        Log.i(TAG, provider+ " auth unsuccessful");
    }
}

Finally, get data: ==> Permission denied ? 最后,获取数据:==> 权限被拒绝 

private void getData(Query ref){
    ref.addValueEventListener(new ValueEventListener() {
        @Override
        public void onDataChange(DataSnapshot dataSnapshot) {
            Log.i(TAG, " onDataChange");
        }

        @Override
        public void onCancelled(FirebaseError firebaseError) {
            Log.i(TAG, firebaseError.getMessage());
        }
    });
}

1 个解决方案

解决方案1
 2  2016-04-05 17:55:43

You are doing wrong. 你做错了 Your code suggests that you don't have read and write permissions at 'node' child in your security rules. 您的代码表明您在安全规则中对“节点”子节点没有读写权限。 You have read and write permissions for the child of 'node', which is '$uid'. 您具有“ node”子节点“ $ uid”的读写权限。

So change : 所以改变: 

getData(mFirebaseRef.child("node"));

To : 至 : 

getData( mFirebaseRef.child("node").child(authData.getUid()) );

Remember : Firebase security rules work with top to bottom approach, and if you don't mention rule, by default read and write both are false. 请记住:Firebase安全规则与自上而下的方法一起使用,并且如果您不提及规则,则默认情况下,读写都是错误的。 So, at child 'node' you have not mentioned read or write permission, so, by default, its false. 因此,在子节点“ node”上您没有提到读取或写入权限,因此默认情况下为false。 But for an inner child '$uid', you have mentioned read and write security rules, and hence it can be read or written to, given client is authenticated with the same uid. 但是对于内部子对象“ $ uid”,您提到了读取和写入安全规则,因此,如果客户端使用相同的uid进行身份验证,则可以读取或写入该安全规则。

Also, remember that if you specify read write permission at top level, then, inner definitions has no meaning, eg, say you have rules like : 另外,请记住,如果您在顶层指定了读写权限,那么内部定义就没有意义,例如,说您有如下规则: 

.
.
"node" : {

    ".read" : true,

    "$uid": {
        ".read": "auth != null && auth.uid == $uid",
        ".write": "auth != null && auth.uid == $uid"
    }
}
.
.

In the above example, anyone can read 'node' child as well as all its children, which includes '$uid' child, because the parent of '$uid' has read-all security rule defined, all its children's security rules will be overriden. 在上面的示例中,任何人都可以读取“节点”子级及其所有子级,其中包括“ $ uid”子级,因为“ $ uid”的父级已定义了全部安全性规则,因此其所有子级的安全性规则均为覆盖。 So, be careful with rules definitions. 因此,请注意规则定义。

Hope this solves your problem :) 希望这能解决您的问题:)

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 身份验证后读取数据时,Firebase 权限被拒绝 - Firebase Permission denied when reading data after authentication 使用身份验证拒绝Firebase权限(读写) - Firebase Permission denied (read and write) with Authentication 在Firebase数据库中写入数据时,权限被拒绝 - Permission denied when writing data in firebase database 读写权限被拒绝的Firebase - Read Write Permission Denied Firebase 身份验证后Firebase权限被拒绝 - Firebase Permission denied after auth 权限被拒绝,在Firebase中检索数据 - Permission denied, retrieving data in firebase Firebase数据库身份验证电话权限被拒绝 - Firebase database Authentication phone Permission denied Firebase - 如何在身份验证后为每个用户写入/读取数据 - Firebase - How to write/read data per user after authentication Android打开失败:尝试读取数据/数据中的文件时EACCES(权限被拒绝) - Android open failed: EACCES (Permission denied) when try to read a file in data/data Firebase 数据库权限被拒绝,读/写权限设置为 true - Firebase Database Permission denied with read/write permissions set to true
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM