Reputation: 955
How can you use Firebase rules to allow user and admin write privileges?
I am using Firebase rules to set permissions and I am having trouble setting up rule to allow write permissions to include the user and any admin.
Below is the database I am trying to set permissions for:
'rules': {
'rankings': {
'user': {
'userShortenedAuthId': { //user's rankings },
'anotherShortenedAuthId': { //another user's rankings }
}
},
'admin': {
'adminAuthId': true
},
'users': {
'userAuthId': {
'rank': 'userShortenedAuthId'
},
'anotherAuthId': {
'rank': 'anotherShortenedAuthId'
}
}
}
These are the rules in place for this data:
"rankings":{
"user":{
"$rankId": {
".read": true,
".write": "auth != null && ((root.child('users/' + auth.uid + '/rank').val() == $rankId) || root.child('admin/' + auth.uid).exists())"
}
}
}
I am trying to write to a 'rankings/user/userShortenedId' while logged in under the admin, but I get a permission denied error from Firebase. (Logged in as the user works just fine). The error is somewhere in the 'rankings/user/$rankId/.write' rule. What is confusing for me, is I have been using the 'root.child('admin/' + auth.uid).exists())' rule elsewhere for admin privileges and that seems to work fine too.
Here is the code that produces the permission error.
firebase.database().ref('rankings/' + userShortenedAuthId).update({newPlayerKey:totalPlayers}))
.then(function(){
console.log('successfully updated user ranking');
})
.catch(function(err){
console.log('error updated user ranking', err);
});
Upvotes: 0
Views: 1462
Answers (1)
Reputation: 955
Found the answer to my own question. The firebase ref URL that was referenced when trying to update
firebase.database().ref('rankings/' + userShortenedAuthId).update({newPlayerKey:totalPlayers}))
should actually be
firebase.database().ref('rankings/user/' + userShortenedAuthId).update({newPlayerKey:totalPlayers}))
So the rules were actually working correctly. I was simply trying to write to the wrong place.
Upvotes: 1
Related Questions
- how can I read and write as an admin even if the rules set to false in Firebase Realtime Database
- How to allow one admin user to write Firebase Database? Without changing all the other rules below
- Allow only admins to write data - Firebase Realtime Database - Security Rules
- Firebase Rules Write Permissions
- Firebase Realtime Database rules to allow a single user Write access
- Add admin privilege to firebase rules
- How to grant write access to only a person within Rules?
- Allow delete and write with Firebase Rules
- Firebase Security rules for admin to write and read everything in database
- Firebase database rules: users permission