Firebase simple user auth rule

Question

I'm just starting out with Firebase.

I am using one of the quickstart-js templates.

I'm trying to add a .read security rule so users can only read posts that the created.

I am a bit confused as the rule is passing if I test against auth.id but failing if I test against auth.uid (I understand that auth.uid is correct).

In the simulator, this rule is failing:

{
  "rules": {
   // ".read": "auth != null",
    ".write": "auth != null",
        "posts": {
      "$post": {
          ".read": "data.child('uid').val() === auth.uid",
      }
    }
  }
}

Here's the database structure:

{
  "posts" : {
    "-KL6ecPO67H5B8SmPHJr" : {
      "body" : "Just testing out the firebase system.",
      "starCount" : 0,
      "title" : "Camp Se has it's first blog post",
      "uid" : "vaZrC0sSdYTiou587IuePVw9uRT2"
    },
    "-KL6fUBOhsc4zosJbwjb" : {
      "body" : "Another post ja ja ja
",
      "starCount" : 0,
      "title" : "Another post",
      "uid" : "vaZrC0sSdYTiou587IuePVw9uRT2"
    }
  },
  "user-posts" : {
    "vaZrC0sSdYTiou587IuePVw9uRT2" : {
      "-KL6ecPO67H5B8SmPHJr" : {
        "body" : "Just testing out the firebase system.",
        "starCount" : 0,
        "title" : "Camp Se has it's first blog post",
        "uid" : "vaZrC0sSdYTiou587IuePVw9uRT2"
      },
      "-KL6fUBOhsc4zosJbwjb" : {
        "body" : "Another post ja ja ja
",
        "starCount" : 0,
        "title" : "Another post",
        "uid" : "vaZrC0sSdYTiou587IuePVw9uRT2"
      }
    }
  },
  "users" : {
    "vaZrC0sSdYTiou587IuePVw9uRT2" : {
      "email" : "user@gmail.com"
    }
  }
}

Simulation Results Details:

Simulation results
Type    read
Location    /posts/KL6ecPO67H5B8SmPHJr/
Data    null
Auth    { "provider": "google", "uid": "vaZrC0sSdYTiou587IuePVw9uRT2" }
Admin   false
edit Read denied
close
Line 7 (/posts/KL6ecPO67H5B8SmPHJr)
read: "data.child('uid').val() === auth.uid"

Firebase simple user auth rule

Answers (1)

Related Questions