stackoom
  简体   繁体   中英

How does $uid node works on firebase-realtime-database rules?

 原文  2019-07-04 03:04:52       javascript/ firebase/ firebase-realtime-database/ firebase-authentication/ firebase-security

Question

I'm working on firebase-realtime-database on ionic, I am a bit confuse about how to "read" and "write" inside the $uid node. Which i am currently dealing with denied access.

the node looks like this

rules {
"info": {     
   "$uid": {
      ".read": true,
      ".write": "$uid === auth.uid"
   }     
 }
}

while my json database looks like this


{
  info: {
     01: {
     name:jay
     age:16
     }
  }
}

I am a bit confuse what steps to take in order to access the data inside the $uid node. I did try to update my json database node to this.


{
  info: {
    f3de4734-8fb2-42bd-971d-8e693f8aab3b: {  // auth.uid of dummy@gmail.com
            01: {
            name:jay
            age:16
            }
    }
  }
}

and my "getafdData() function" path directory to "'info/'+ getuser".

the above updates work only if the "getuser" is the owner of the file or the node that holds the data, however i want it to be read by other authenticated users as well which i can't understand with $uid.

I have already Authenticate the login using "signInWithEmailAndPassword()" function by firebase

this is the code i use to authenticate

 try {
      var r = await this.fAuth.auth.signInWithEmailAndPassword(
        "dummy@gmail.com",
        "123456"
      );
      if (r) {
        console.log("Successfully logged in!");
        await this.getafdData(); \\\ get the data when login

      }

    } catch (err) {
      console.error(err);
    }

async getafdData(){

var firebaseRef = this.afd.database.ref();
let data = await new Promise(function(resolve,reject){
   return firebaseRef.child('info/')
      .on("child_added", function(snapshot) {
         console.log(snapshot.val());
         //resolve(data);


       }, function(err) {
         console.log(err);
         reject(err);
       })
    }); 
return data;
}

Can you advise what i am doing wrong? or rather correct steps i should do in order to access the $uid node?

1 answers

solution1
 2 ACCPTED  2019-07-04 18:07:15

The ".read": true rule allow any user to read data from /info/$uid if they know the UID of the user whose data they want to read . In your code you are however attaching a listener to /info and nobody has read permission on that node, so the read is rejected.

If you want everyone to be able to read all users nodes in one go, you should move the ".read": true, rule to the /info level of your rules:

{
  "rules": {
    "info": {     
      ".read": true,
      "$uid": {
        ".write": "$uid === auth.uid"
    }     
  }
}

Actually, since you say that you want to allow reading the user info by other authenticated users , that should probably be:

{
  "rules": {
    "info": {     
      ".read": "auth != null",
      "$uid": {
        ".write": "$uid === auth.uid"
    }     
  }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Firebase database rules how to check if node property value for comparison to uid How to fetch data from firebase-realtime-database using firebase cloud functions? Firebase realtime database rules prevent node deletion Set UID as Node Value in Firebase Realtime Database in Angular Firebase Realtime database security rules - check other node How to set firebase rules based on database user id (not uid) Firebase Realtime Database Dynamic Rules How to delete a node in firebase realtime database in javascript How to set a variable in firebase realtime-database rules How to access firebase realtime database according to the rules using http requests
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM