I'm using Redux-Saga as a middle-ware. I'm passing a parameter via query to Firebase Database, but not able to access it on the Database end.
Query:::
database.ref("workouts")
.child(userId)
.once("value")
.then(snapshot => {
console.log("onSuccess:", snapshot.ref, snapshot.val());
resolve(snapshot.val());
})
.catch(function(error) {
console.log("Error fetching document: ", error);
reject(error);
});
UserId is a value I'm fetching from localStorage and sending to database via query using ".child(userId)"
Query::: (For Admin)
database.ref("workouts")
.once("value")
.then(snapshot => {
console.log("onSuccess:", snapshot.ref, snapshot.val());
resolve(snapshot.val());
})
.catch(function(error) {
console.log("Error fetching document: ", error);
reject(error);
});
Rules in database::::
{
"rules": {
"workouts": {
// grants write access to the owner of this user account || the user role is equal to admin
// grants read access to the owner of this user account || the user role is equal to admin
".read":"(data.exists() && auth.uid != null && data.child(auth.uid).exists()) ||root.child('users').child(auth.uid).child('role').val() == 'admin'",
".write":"data.exists() ||root.child('users').child(auth.uid).child('role').val() == 'admin'"
}
}
}
I've tried [query.equalTo] and [data.child(auth.uid).val()] methods to access the value, but didn't got any result.
JSON for Workouts:::::
"workouts" : {
"6OiasllKwVSjjRfrCarMAjhkKAH2" : {
"-LD3nNIKw9Yk3HcoAL0-" : {
"exercises" : [ {
"muscleGroup" : "Chest",
"name" : "Incline Dumbbell Fly",
"sets" : [ 0, 0, 0, 0, 0 ],
"type" : "reps"
} ],
"name" : "Force Set",
"reps" : [ "5", "5", "5", "5", "5" ],
"type" : "Weights"
}]
},
"workoutName" : "My Test workout"
}
JSON for users:::::
"users" : {
"6OiasllKwVSjjRfrCarMAjhkKAH2" : {
"email" : "testuser@gmail.com",
"role" : "user",
"uid" : "6OiasllKwVSjjRfrCarMAjhkKAH2"
}
}
Any kind of help is highly appreciated.
Thank you so much in Advance.
Edit:::: Added the query for admin. I want to fetch all the available data in the collection in the case of admin.
I think I see what's going wrong. Your JSON seems to have all workouts for a user, under /workouts/$uid
. Your rules try to give the user access to all of /workouts
, instead of just their own.
The solution is to move the rule one level lower into the tree:
{
"rules": {
"workouts": {
// grants access to the owner of this user account || the user role is equal to admin
"$uid": {
".read":"auth.uid == $uid || root.child('users').child(auth.uid).child('role').val() == 'admin'",
},
".write":"data.exists() || root.child('users').child(auth.uid).child('role').val() == 'admin'"
}
}
}
Also see the documentation on securing user data , which has a good simple sample of this.
Update : if you want to allow the admin to read /workouts
and each user to be able to read their own workouts under /workouts/$uid
, then you need these rules:
{
"rules": {
"workouts": {
// grants access to the owner of this user account
"$uid": {
"read": "auth.uid == $uid",
},
// grants access to the admin
".read": "root.child('users').child(auth.uid).child('role').val() == 'admin'",
".write": "data.exists() || root.child('users').child(auth.uid).child('role').val() == 'admin'"
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.