Permission denied for Firebase Realtime Database
Question
I have firebase database rules set up like this
"Users":{
"$user_id":{
"Name":{
".read":"auth != null",
".write":"auth.uid == $user_id"
},
"Email":{
".read":"auth != null",
".write":"auth.uid == $user_id"
},
"Address":{
".read":"auth != null",
".write":"auth.uid == $user_id"
},
"Photo":{
".read":"auth != null",
".write":"auth.uid == $user_id"
},
"Number":{
".read":"auth.uid == $user_id",
".write":"auth.uid == $user_id"
}
,
"Current":{
".read":"auth != null",
".write":"auth.uid == $user_id"
}
}
}
The code that makes the request
FirebaseAuth mAuth = FirebaseAuth.getInstance();
DatabaseReference userRef = FirebaseDatabase.getInstance().getReference().child(FirebaseConstants.USERS).child(mAuth.getCurrentUser().getUid());
if(mAuth.getCurrentUser() !=null)
{
Log.i("DetailsActivity","User id "+mAuth.getCurrentUser().getUid());
}
else
{
Log.i("DetailsActivity","User not authenticated");
}
userRef.addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot dataSnapshot) {
if(dataSnapshot.hasChild(FirebaseConstants.NAME))
{
Name = dataSnapshot.child(FirebaseConstants.NAME).getValue().toString();
UserNameEdittext.append(Name);
}
if(dataSnapshot.hasChild(FirebaseConstants.EMAIL))
{
Email = dataSnapshot.child(FirebaseConstants.EMAIL).getValue().toString();
UserEmailEdittext.append(Email);
}
userInfoProgressbar.setVisibility(View.INVISIBLE);
}
@Override
public void onCancelled(@NonNull DatabaseError databaseError) {
userInfoProgressbar.setVisibility(View.INVISIBLE);
Log.i("DetailsActivity","error "+databaseError);
}
});
Logged Results
I/DetailsActivity: User id KfiIFOEGWQZIc5UREqX8qo4Nmkn1
I/DetailsActivity: error DatabaseError: Permission denied
When an authenticated user is making a request to the $user_id node under users node, it results in Permission Denied error. Firebase database rules works atomically, but all the read permissions are checking whether he is an authenticated user or the user is accessing his own data. When the user reads his own data and all read conditions are satisfied but still getting Permission Denied error.
But when I try to read any of these fields individually there is no errors
userRef.child(FirebaseConstants.NAME).addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot dataSnapshot) {
if(dataSnapshot.exists())
{
Name = dataSnapshot.getValue().toString();
Log.i("DetailsActivity","Name "+Name);
}
}
@Override
public void onCancelled(@NonNull DatabaseError databaseError) {
userInfoProgressbar.setVisibility(View.INVISIBLE);
Log.i("DetailsActivity","error "+databaseError);
}
});
I get the log as
I/DetailsActivity: Name elsonjose
Any help is appreciated. Thanks in advance.
1 answers
solution1
1 2020-08-05 21:15:15
Assuming that you have a default set to:
"rules": {
".read": false,
".write": false,
You do have rules for single fields, but you are likely getting "Permission denied" when reading the whole user record because you don't have any rules set for the "$user_id" path itself. Try adding:
"Users": {
"$user_id": {
// Allow only authenticated content owners access to their data
".read": "auth != null && auth.uid == $user_id",
".write": "auth != null && auth.uid == $user_id"
}
...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.