Reputation: 875
Permission denied with Firebase
I want users of my app to have access to see profile of other users that is accessed via real-time database. I'm referencing to db via
ref.once('users/'+uid, snapshot => snapshot.child('users/'+uid).val())
Rules i have:
{
"rules": {
"users": {
".read": true,
"$uid": {
".write": "$uid === auth.uid"
},
},
}
I don't get why i can't access users/:uid even though simulator gives success message by ticking read and running simulation on <firebaseURL>/users.
If i set ".read": true" under rules it does allow me to read the data, but that may bait me later on if i would want to implement stuff that i don't want to be available to unauthorized users.
Edit (solution):
The problem was with referencing to firebase. Instead of firebase.database.ref('users') I was referencing too root itself by firebase.database.ref().
That reference caused to apply default read/write rules.
Upvotes: 0
Views: 442
Answers (1)
Reputation:
You could give ".read": "auth != null" to allow all authorised users to read data under users object and prevent unauthorised users from reading it.
Upvotes: 1
Related Questions
- Firebase Permission Denied
- Permission denied for Firebase Realtime Database
- Firebase Permission denied Error
- DatabaseError: Permission denied firebase
- Permission_denied to access firebase datastore
- Can't get permission to firebase database IOS
- Getting Permission Denied for read and write
- Firebase error: Permission denied. Unable to read/write from Firebase Database
- Permission denied with Firebase Database rules
- Firebase Security Rules permission denied