I have wrote on below rules for Get the value form chats with key createdAt But i cant able to get the values from Firebase DB. Rules are Below
"chats": {
".read" : true,
".write" : "auth !== null",
"messages" : {
".indexOn": ["userName", "createdAt", "userId"]
}
},
chats/messages.json?orderBy="createdAt"&startAt=1485920224250&print=pretty
You're missing a level in your rules:
"chats": {
".read" : true,
".write" : "auth !== null",
"$chatId": {
"messages" : {
".indexOn": ["userName", "createdAt", "userId"]
}
}
},
Related
How to set security rules for Firebase realtime database structure as below:
users: {
...
...
...
},
books: {
...
...
...
},
sales: {
...
...
...
}
Condition: Firebase auth is set to email/password and only user logged-in with emails ending with domain [mydomain.co.in] must be able to read or write to parent node. Without using custom claims.
Adding below security rules is applied/working only for the the first parent node [users] and not to all, what is a miss here?
{
"rules": {
".read": false,
".write": false,
"users": {
".read": "auth.token.email.matches(/.*#mydomain.co.in$/)",
".write": "auth.token.email.matches(/.*#mydomain.co.in$/)",
".indexOn": "name"
},
"books": {
".read": "auth.token.email.matches(/.*#mydomain.co.in$/)",
".write": "auth.token.email.matches(/.*#mydomain.co.in$/)",
".indexOn": "title"
},
"sales": {
".read": "auth.token.email.matches(/.*#mydomain.co.in$/)",
".write": "auth.token.email.matches(/.*#mydomain.co.in$/)",
".indexOn": "price"
},
}
}
Try below enclosed within uid field?
Reference https://firebase.google.com/docs/reference/security/database
same code works with auth.token.email.matches(/.*#mydomain.co.in$/)
{
"rules":{
".read": "false",
".write": "false",
"users":{
"$uid":{
".read":" auth.token.email.endsWith('#mydomain.co.in')",
".write":" auth.token.email.endsWith('#mydomain.co.in')",
".indexOn":"name"
}
},
"books":{
"$uid":{
".read":" auth.token.email.endsWith('#mydomain.co.in')",
".write":" auth.token.email.endsWith('#mydomain.co.in')",
".indexOn":"title"
}
},
"sales":{
"$uid":{
".read":" auth.token.email.endsWith('#mydomain.co.in')",
".write":" auth.token.email.endsWith('#mydomain.co.in')",
".indexOn":"price"
}
}
}
}
Auth Token payload
{
"token":{
"email": "test#mydomain.co.in"
}
}
I get PERMISSION_DENIED: Permission denied when try to create an user:
{
"rules": {
".read": true,
".write": "auth != null",
"users": {
"$uid": {
".read": true,
".write": "auth.uid == $uid",
".validate": "
newData.child('user').isString() &&
newData.child('user').val().length > 3
"
}
}
}
}
user is string, has more than 3 letters. But I think it has something to do with the id.
I create an user with createUserWithEmailAndPassword and try to insert it on database:
firebase.database().ref('users/' + userID).set({
username: username,
email: email
});
The userID is the id createUserWithEmailAndPassword returns...
Any ideas what is wrong?
You problem comes from the .validate part: with your rules you need to write a node as follows
firebase.database().ref('users/' + userID).set({
user: username, // <-- see here we have a user sub-node
email: email
});
Or you need to change your rules as follows:
{
"rules": {
".read": true,
".write": "auth != null",
"users": {
"$uid": {
".read": true,
".write": "auth.uid == $uid",
".validate": "
newData.child('username').isString() &&
newData.child('username').val().length > 3
"
}
}
}
}
I want to check if there exists a user that have email = someemail#gmai.com in the Firebase database.
I use this function and is download 50MB of data in my PC after 10 minute I get a response that exists. There is any way that I can get that less than 5 second I don't want to wait 10 minute.
in PHP is like the
SELECT FROM ALL USERS WERE EMAIL = 'george#gmail.com'
This is the database:
"users" : {
user: {
"email" : "george#gmail.com",
"custom_id" : 534253,
"description" : "some small description"
},
1754: {
"email" : "natassa#gmail.com", <---- i want to find if this email from 5000 users exist in database and if exist i want to return true
"custom_id" : 110571,
"description" : "some small description"
},
1755: {
"email" : "george#gmail.com",
"custom_id" : dsgfsdfds,
"description" : "some small description"
},
}
This function give me response after 10 min:
check_if_email_exist(email: string) {
this.users = this.db.list('/user', { query: {
orderByChild: 'email',
equalTo: x,
limitToLast: 10,
}} ) as FirebaseListObservable<Product[]>;
console.log(this.users);
return this.users;
}
OMG I find the problem thanx to https://stackoverflow.com/users/209103/frank-van-puffelen is say something about index and when I look in my chrome console I find warning that says something about index and when I look in the database rules I understand what is missing
I add this inside database rules
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"needs": {
".read": "true",
".write": "auth != null",
".indexOn": "name"
},
"brands": {
".read": "true",
".write": "auth != null",
".indexOn": "name"
},
"products": {
".read": "true",
".write": "auth != null",
".indexOn": "custom_id" <========== This line you want
}
}
}
this is my problem :
WARN: FIREBASE WARNING: Using an unspecified index. Consider adding ".indexOn": "id_logement" at /images/-KNx2y3mAkJZ-Poa7R03 to your security rules for better performance
I'm not really a master in firebase and rules so it doesn't really mean something to me ... but i know there is an issue !
This is my data structure :
And this are my rules !
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"accounts" : {
".read": true,
".write": true,
".indexOn": ["userId", "email", "lat",]
},
"geofire" : {
".read": true,
".write": true,
".indexOn": ["g"]
},
"logements" : {
".read": true,
".write": true,
".indexOn": ["id_account"]
}
}
}
I think it's because i don't know how to write this Unique id in rules ! Can you please help me for this ? Thank you
Answering your question what you are looking for to use in your rules is the $id notation that is a wildcard to represent a branch key.
{
"rules": {
".read": "auth != null",
".write": "auth != null",
...
"images": {
"$imageId1": {
".indexOn": "id_logement"
}
}
}
}
But, keep in mind that you should not be storing your imagesUrl inside a two level deep keys. Work your code to have images/imageUniqueKey/imageData structure instead of images/imageUniqueKey1/imageUniqueKey2/imageData. Then you would have your rules as bellow.
"images": {
".indexOn": "id_logement"
}
So I have this application where anonymous users are allowed to write but not read a specific path. They are posting data to a moderated message board kind of thing.
But with my current security rules, they are allowed to overwrite existing data as well. How can I disallow updates and allow only new posts.
My current security rules:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"inbox" : {
".write": true,
},
"moderated" : {
".read": true,
},
}
}
Use data.exists() to determine if the object they're trying to write already exists:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"inbox" : {
"$post" : {
".write": "!data.exists()",
}
},
"moderated" : {
".read": true,
},
}
}