Permission denied when read data after authentication Firebase

Question

I'm new in Firebase, the problem when i read data after authentication Firebase is PERMISSION DENIED. I research all topic and I found the same problem here: Firebase Permission denied when reading data after authentication . But Frank van Puffelen' answer not work for me. Here is my Firebase rules:

{
"rules": {
  "user": {
    "$uid": {
      "profile": {
        ".read": "auth != null && auth.uid == $uid",
        ".write": "auth != null && auth.uid == $uid"
      },
      "account": {
        ".read": false,
        ".write": false
      },
      "shared": {
        "$sharedid": {
          ".read":  "auth != null && auth.uid == $uid",
          ".write": false
        }
      },
      "shared_user": {
        ".read": false,
        ".write": false
      }
    }
  },
  "node": {
    "$uid": {
      ".read": "auth != null && auth.uid == $uid",
      ".write": "auth != null && auth.uid == $uid"
    }
  },
 "shared": {
    "$sharedid": {
      ".read": "auth != null && root.child('user').child(auth.uid).child('shared').child($sharedid).child('read').val() === true",
      ".write": "auth != null && root.child('user').child(auth.uid).child('shared').child($sharedid).child('write').val() === true"
    }
  }
}

}

I found many way but still get PERMISSION DENIED. Please help me!

Edit: Here my authen:

mFirebaseRef= new Firebase("https://my-dashboard.firebaseio.com");
mFirebaseRef.authWithPassword(Constants.EMAIL, Constants.PASSWORD, new AuthResultHandler("password"));

Authen handle:

private class AuthResultHandler implements Firebase.AuthResultHandler{

    private final String provider;

    public AuthResultHandler(String provider){
        this.provider=provider;
    }
    @Override
    public void onAuthenticated(AuthData authData) {
        Log.i(TAG, provider + " auth successful");
        getData(mFirebaseRef.child("node"));
    }

    @Override
    public void onAuthenticationError(FirebaseError firebaseError) {
        Log.i(TAG, provider+ " auth unsuccessful");
    }
}

Finally, get data: ==> Permission denied ?

private void getData(Query ref){
    ref.addValueEventListener(new ValueEventListener() {
        @Override
        public void onDataChange(DataSnapshot dataSnapshot) {
            Log.i(TAG, " onDataChange");
        }

        @Override
        public void onCancelled(FirebaseError firebaseError) {
            Log.i(TAG, firebaseError.getMessage());
        }
    });
}

Answer 1

You are doing wrong. Your code suggests that you don't have read and write permissions at 'node' child in your security rules. You have read and write permissions for the child of 'node', which is '$uid'.

So change :

getData(mFirebaseRef.child("node"));

To :

getData( mFirebaseRef.child("node").child(authData.getUid()) );

Remember : Firebase security rules work with top to bottom approach, and if you don't mention rule, by default read and write both are false. So, at child 'node' you have not mentioned read or write permission, so, by default, its false. But for an inner child '$uid', you have mentioned read and write security rules, and hence it can be read or written to, given client is authenticated with the same uid.

Also, remember that if you specify read write permission at top level, then, inner definitions has no meaning, eg, say you have rules like :

.
.
"node" : {

    ".read" : true,

    "$uid": {
        ".read": "auth != null && auth.uid == $uid",
        ".write": "auth != null && auth.uid == $uid"
    }
}
.
.

In the above example, anyone can read 'node' child as well as all its children, which includes '$uid' child, because the parent of '$uid' has read-all security rule defined, all its children's security rules will be overriden. So, be careful with rules definitions.

Hope this solves your problem :)