Permission denied when read data after authentication Firebase
Question
I'm new in Firebase, the problem when i read data after authentication Firebase is PERMISSION DENIED. I research all topic and I found the same problem here: Firebase Permission denied when reading data after authentication . But Frank van Puffelen ' answer not work for me. Here is my Firebase rules:
{
"rules": {
"user": {
"$uid": {
"profile": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
},
"account": {
".read": false,
".write": false
},
"shared": {
"$sharedid": {
".read": "auth != null && auth.uid == $uid",
".write": false
}
},
"shared_user": {
".read": false,
".write": false
}
}
},
"node": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
}
},
"shared": {
"$sharedid": {
".read": "auth != null && root.child('user').child(auth.uid).child('shared').child($sharedid).child('read').val() === true",
".write": "auth != null && root.child('user').child(auth.uid).child('shared').child($sharedid).child('write').val() === true"
}
}
}
}
I found many way but still get PERMISSION DENIED. Please help me!
Edit: Here my authen:
mFirebaseRef= new Firebase("https://my-dashboard.firebaseio.com");
mFirebaseRef.authWithPassword(Constants.EMAIL, Constants.PASSWORD, new AuthResultHandler("password"));
Authen handle:
private class AuthResultHandler implements Firebase.AuthResultHandler{
private final String provider;
public AuthResultHandler(String provider){
this.provider=provider;
}
@Override
public void onAuthenticated(AuthData authData) {
Log.i(TAG, provider + " auth successful");
getData(mFirebaseRef.child("node"));
}
@Override
public void onAuthenticationError(FirebaseError firebaseError) {
Log.i(TAG, provider+ " auth unsuccessful");
}
}
Finally, get data: ==> Permission denied ?
private void getData(Query ref){
ref.addValueEventListener(new ValueEventListener() {
@Override
public void onDataChange(DataSnapshot dataSnapshot) {
Log.i(TAG, " onDataChange");
}
@Override
public void onCancelled(FirebaseError firebaseError) {
Log.i(TAG, firebaseError.getMessage());
}
});
}
1 answers
solution1
2 2016-04-05 17:55:43
You are doing wrong. Your code suggests that you don't have read and write permissions at 'node' child in your security rules. You have read and write permissions for the child of 'node', which is '$uid'.
So change :
getData(mFirebaseRef.child("node"));
To :
getData( mFirebaseRef.child("node").child(authData.getUid()) );
Remember : Firebase security rules work with top to bottom approach, and if you don't mention rule, by default read and write both are false. So, at child 'node' you have not mentioned read or write permission, so, by default, its false. But for an inner child '$uid', you have mentioned read and write security rules, and hence it can be read or written to, given client is authenticated with the same uid.
Also, remember that if you specify read write permission at top level, then, inner definitions has no meaning, eg, say you have rules like :
.
.
"node" : {
".read" : true,
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
}
}
.
.
In the above example, anyone can read 'node' child as well as all its children, which includes '$uid' child, because the parent of '$uid' has read-all security rule defined, all its children's security rules will be overriden. So, be careful with rules definitions.
Hope this solves your problem :)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.