I had copied exactly as per the details provided in fire base document
enter link description here
for editing the rules as I received a mail from firebase that my clients will not be able to access data. But what ever I had done I am getting an error like "Error saving rules – Line 4: Expected ',' or '}'.
The code I had copied is shown below
{
"rules": {
"some_path/${uid}": {
".read": true,
// or ".read": "auth.uid != null"
".write": "request.auth.uid == uid"
}
}
}
I tried with some other codes in document also, but the result is same.. Will any one tell me what is wrong with this code
You have the syntax for wildcard rules wrong. The rule with a $ needs to be in a level of its own.
So:
{
"rules": {
"some_path": {
"$uid": {
".read": true,
".write": "request.auth.uid == $uid"
}
}
}
}
Note that I also added the $ in the write rule, as you're trying to use the variable named $uid. there.
{
"rules": {
"some_path/${uid}": {
".read": //Your Condition,
".write": //Your Condition
}
}
}
Related
I want to implement a rule to read data for the last say 5 or 10 minutes. My database is like this:
.
I want to allow user to read messages of last 10 minutes but the rule is not working and i am not able to make it work I tried different rules like this.
"Messages": {
"$messagekey": {
"$key": {
".read":"root.child('Users/Messages/'+$messagekey+'/'+$key+'/messageTime').val()> (now - 600000000)", }
},
".write":"auth!=null"
}
And this as well
"Messages": {
"$messagekey": {
"$key": {
".read": "data.child('messageTime').val() > (now - 600000)"
}
},
".write": "auth!=null"
}
Any help or suggestions please.
Error message
Edit 2
Using this rule I am still unable to make it work
{
"rules": {
"Messages": {
"$messagekey": {
"$key": {
".read": "data.child('messageTime').val() > (now - 90000000)"
}
},
".write": "auth!=null"
}
}
}
and here is my data
Users
Messages
WZTDdZslJrMFqgDLNWo4jXehsF02_nUVrJthSqHXH8Ur0stRz2tihxdg1
-LPFPTBx7BA6urp-CSbZ
messageText: "Hello"
messageTime: 1540059028779
messageUser: "Joker's Grin"
messageUserId: "WZTDdZslJrMFqgDLNWo4jXehsF02"
-LPFPUB5efDAIVu_AxP0
messageText: "how are you"
messageTime: 1540059028779
messageUser: "Crazy Eights"
messageUserId:"nUVrJthSqHXH8Ur0stRz2tihxdg1"
I am using two wildcards "messagekey" and "key" to reach messageId. Also tried these rules as well none of these work except read: true.
".read": "data.child('messageTime').val() >0"
".read": "data.child('messageTime').val() !==null"
".read": "data.exists()"
".read": "data.hasChild('MessageId')"
Here are the screenshots
I just added this value to a database of my own:
"52903949": {
"messageTime": 1540054472392
}
Where 52903949 is the ID of your question, and 1540054472392 is the value returned by Date.now() when I added it.
Then I added these rules:
{
"rules": {
"52903949": {
".read": "data.child('messageTime').val() > (now - 600000)"
}
}
}
And was able to access the data in the simulator with this result:
If I make the 600000 shorter, the read fails since that time has already expired.
Updated screenshot with nested children:
I have rules set up like this:
{
"rules": {
".read": true,
".write": true,
"ares": {
"user":{
"$user_id": {
".write": "$user_id === auth.uid"
},
"admin":{
"owner":{
".indexOn": ".value",
}
}
}
}
}
}
I want to get owner data by owner_id, but I get this warning:
FIREBASE WARNING: Using an unspecified index. Your data will be downloaded and filtered on the client. Consider adding ".indexOn": "owner_id" at /ares/user/admin/owner/ares/user/admin/owner/bD1kYczs51bdFbJKPxOTKPpQR6i2 to your security rules for better performance.
Seems to me that are nothing wrong with the index itself, but the value you ar trying to query.
Pay attention that the entire path /ares/user/admin/owner appears to be duplicated. You are appending this to the firebase reference.
I think that the correct reference/query should be something like this /ares/user/admin/owner/bD1kYczs51bdFbJKPxOTKPpQR6i2.
I am trying to set Firebase security rules as:
No one can read the data
Anyone can write data, new record is under
unique identifier
No one can overwrite current data
No one can delete data
The structure of the database is:
<db_name>
users
-L09I7kaAYExzzxB3N82 // this is unique ID generated by push()
....
My current rules are:
{
"rules": {
".read": "auth != null",
".write": "auth == null"
}
}
How to set it up?
Thanks!
Something like this:
{
"rules": {
".read": false,
"users": {
"$uid": {
".write": "newData.exists() && !data.exists()"
}
}
}
}
I'd recommend reading the Firebase documentation, specifically the section on new data vs existing data.
I want to create a firebase rule where people can use the database without having to login. But I also want to make a private user node where only the user can acces it by authenticating so far I have something like this. But this trows an error
Error saving rules - Line 6: Expected '}'.
{
"rules": {
".read": true,
".write": "newData.exists()"
},
"test": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
}
}
}
I do not understand why the above is not possible
But if I do only:
{
"rules": {
".read": true,
".write": "newData.exists()"
}
}
This wil work so that anyone can use the current data but I want to have something private like "Test" where the people who authenticated themself only have access to
So to be clear I want everyone to use the current database but I also want to have some private parts like test only accesable for registered users
Have a look at https://firebase.google.com/docs/database/security/securing-data
You cannot add an element after "rules". It should be like:
{
"rules": {
...
}
}
and not like
{
"rules": {
....
},
....
}
In my Firebase security rules, I want anonymous users to be able to read anything except one field (secret_field):
{
"rules": {
".read": true,
".write": "auth != null",
"stuff" : {
"$stuffID" : {
"secret_field" : {
".read" : "auth != null"
}
}
}
}
}
However, in Firebase, if any read rule on the way to secret_field evaluates as true, read access on secret field is granted.
Is there a way to reverse that behavior? (If any read rule on the way to secret_field evaluates to false, disallow read access)
You can't reverse the behavior, but you can solve this by introducing a "container" for the public fields and setting .read to true for it. For example:
{
"rules": {
"stuff" : {
"$stuffID" : {
"public" : {
".read": true
},
"secret_field" : {
".read" : "auth != null"
}
}
}
}
}
And then everything under .../public/ is accessible to everybody but .../secret_field is only accessible for authenticated users.