this is my problem :
WARN: FIREBASE WARNING: Using an unspecified index. Consider adding ".indexOn": "id_logement" at /images/-KNx2y3mAkJZ-Poa7R03 to your security rules for better performance
I'm not really a master in firebase and rules so it doesn't really mean something to me ... but i know there is an issue !
This is my data structure :
And this are my rules !
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"accounts" : {
".read": true,
".write": true,
".indexOn": ["userId", "email", "lat",]
},
"geofire" : {
".read": true,
".write": true,
".indexOn": ["g"]
},
"logements" : {
".read": true,
".write": true,
".indexOn": ["id_account"]
}
}
}
I think it's because i don't know how to write this Unique id in rules ! Can you please help me for this ? Thank you
Answering your question what you are looking for to use in your rules is the $id notation that is a wildcard to represent a branch key.
{
"rules": {
".read": "auth != null",
".write": "auth != null",
...
"images": {
"$imageId1": {
".indexOn": "id_logement"
}
}
}
}
But, keep in mind that you should not be storing your imagesUrl inside a two level deep keys. Work your code to have images/imageUniqueKey/imageData structure instead of images/imageUniqueKey1/imageUniqueKey2/imageData. Then you would have your rules as bellow.
"images": {
".indexOn": "id_logement"
}
Related
I have a childnode in my database
Posts --> tapCount.
My default Firebase rules only allow someone to write to a node under 'Posts' when they are signed in. However I need write access to just this one node 'tapCount' even when they are not signed in.
I'm having trouble getting a rule to help me do this. Any thoughts ? Thanks
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"Posts": {
".indexOn": ["userId","category"],
"tapCount": {
".read": true,
".write": true
},
".read": true,
".write": "auth != null",
}
}
I have two mega parent nodes, but I am currently unable to write to the second one.
-users
uid
some other info
uid
-secondParent
child
uid
child
uid
I would like the user to be able to write to his own child of secondParent. Read and write permissions are working correctly for the users parent node, but I can't get it working for the secondParent.
The rule I have currently is:
{
"rules": {
"users": {
"$uid": {
".read": "auth != null",
".write": "$uid === auth.uid",
}
},
"parentdNode": {
"$childID":{
".read" : "auth != null",
"$uid":{
".write": "$uid === auth.uid",
}
}
}
}
}
Simulation failure below:
You have to write rules for each parents to enable permission
{
"rules": {
"users": {
"$uid": {
".read": "auth != null",
".write": "$uid === auth.uid",
}
},
"parentdNode": {
"$childID":{
"$uid":{
".read" : "auth != null",
".write": "$uid === auth.uid",
}
}
}
}
}
According to the screenshot, you are trying to write {"uid":"X","property":"Y"} to /parentNode/someNode. The rules give permission to write {"property":"Y"} to /parentNode/someNode/65ef..aa62.
JSON trees come with key/value pairs. There is no key uid in the scheme you presented, there is a $uid which is replaced by the a value from the path you are accessing.
It may still be a bit confusing, but I hope this points to clarifying ideas.
I have my rules set. Normally, all data can only be read by the person who is auth to do so. However, I want to make exceptions. These are my rules:
"rules": {
"users": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid",
"ForEveryone": {
".read": true,
".write": true
}
"NoWrite" : {
".read": true,
".write": false
}
}
}
So I let's say I have 3 string. String 1 is called private and can the auth person can read and write. String 2 is ForEveryone, so everyone can change and write data. String 3 is NoWrite, for everyone but you can not write to it.
I get an error, saying:Expecting a ; or " at the line NoWrite. So what am I doing wrong? Is it a wrong placed }? Thank you.
The approach you're taking to your rule structure won't work. Firebase security rules cascade, meaning that a permission given to any node will apply to any of its children and on down the tree. You cannot grant read or write access on a node and then revoke it further down. (But you can grant permissions not granted above.) See the docs on rule cascading.
In your case, you want to have some user data that be can written to by anyone and some that cannot. It's not clear from your example whether you want NoWrite to be written only by the authenticated user, or by nobody. Depending on how you will be reading this data, you will need to either separate these data into different collections, or make $uid inaccessible and define your rules only for ForEveryone and NoWrite.
The first approach might look like this:
"rules": {
"users-public": {
"$uid": {
".read": "true",
".write": "true",
},
"users-nowrite": {
"$uid": {
".read": "true",
".write": "$uid === auth.uid"
}
}
Or the second, like this:
"rules": {
"users": {
"$uid": {
"ForEveryone": {
".read": "true",
".write": "true"
},
"NoWrite" : {
".read": "true",
".write": "$uid === auth.uid"
}
}
}
As to your syntax error, you need a comma , after the closing brace before "NoWrite".
Here are your rules, properly spaced so you can see the relationship between the parent nodes and child nodes. It seems this is not what you want. So this isn't really an answer but will lead to a better question that we can answer. Will update once we know what the OP is after.
{
"rules": {
"users": {
"$uid": {
".read": "$uid === auth.uid",
".write": "$uid === auth.uid",
"ForEveryone": {
".read": true,
".write": true
},
"NoWrite" : {
".read": true,
".write": false
}
} //end uid
} //end users
} //end rules
} //outside closure
I would like to be able to reuse an expression in my Firebase Rules multiple times.
If I have the following rules:
{
"rules": {
".read": true,
".write": false,
"secretArea1": {
".read": "root.child('users').child(auth.uid).child('role').val() === 'admin'",
".write": "root.child('users').child(auth.uid).child('role').val() === 'admin'"
},
"secretArea2": {
".read": "root.child('users').child(auth.uid).child('role').val() === 'admin'",
".write": "root.child('users').child(auth.uid).child('role').val() === 'admin'"
}
}
}
Is there a way to store root.child('users').child(auth.uid).child('role').val() === 'admin' somewhere so it doesn't have to be repeated 4 times?
Something like:
{
"rules": {
".read": true,
".write": false,
"secretArea1": {
".read": "isAdmin",
".write": "isAdmin"
},
"secretArea2": {
".read": "isAdmin",
".write": "isAdmin"
}
}
}
Maybe I'm approaching this the wrong way. Any suggestions would be great!
I just discovered Blaze Compiler which was linked at Security & Rules Libraries. Not exactly what I was looking for and adds an extra compile step but seems to provide the functionality I was looking for. It would be nice if it was included as an option in the Firebase Dashboard.
So I have this application where anonymous users are allowed to write but not read a specific path. They are posting data to a moderated message board kind of thing.
But with my current security rules, they are allowed to overwrite existing data as well. How can I disallow updates and allow only new posts.
My current security rules:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"inbox" : {
".write": true,
},
"moderated" : {
".read": true,
},
}
}
Use data.exists() to determine if the object they're trying to write already exists:
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"inbox" : {
"$post" : {
".write": "!data.exists()",
}
},
"moderated" : {
".read": true,
},
}
}