CODEWITHSUNDEEP
firebasefirebase-realtime-databasefirebase-security
Smeet
Smeet

Reputation: 4116

Firebase realtime database rules simulation failed

This is my firebase json data.

{
    "Users": {
        "MyData": {
            "002ab7bUmab1CgQsw53abB3g1Ab1": { //UID
                "-A3ABlabkflA_ABabABA": { //this is the databaseReference.child(DBHelper.FIREBASE_POSTS).push().getKey();
                    "display": "123",
                    "result": {
                        "format": "1",
                        "id": 1,
                        "numBits": 0,
                        "syncFirebaseId": "-A3ABlqmkflA_AVabABA",
                        "syncStatus": -1,
                        "text": "1234567",
                        "timestamp": 1514496903005
                    }
                },
                "-A2ABlabkf2A_ABabABA": { //this is the databaseReference.child(DBHelper.FIREBASE_POSTS).push().getKey();
                    "display": "123",
                    "result": {
                        "format": "1",
                        "id": 1,
                        "numBits": 0,
                        "syncFirebaseId": "-A3ABlqmkflA_AVabABA",
                        "syncStatus": -1,
                        "text": "1234567",
                        "timestamp": 1514496903005
                    }
                }
            }
        }
    }
}

Rules:

{
  "rules": {
    "Users": {
      "MyData": {
        "$uid": {
          ".read": "auth != null && auth.uid == $uid"
        }
      }
    }
  }
}

But when I simulate, read operation is denied. I want to allow only authenticated user to update data node that is relevant to his/her own. That user should not be able to edit other's data node (UID).

Here is the result of read simulation:

enter image description here

Upvotes: 0

Views: 223

Answers (3)

Frank van Puffelen
Frank van Puffelen

Reputation: 598817

You're trying to read the root of your database. Since your rules grant nobody access to the entire database, the read is rejected. If you simulate reading from /Users/MyData/$theUidThatYouStruckOut it will be allowed.

Upvotes: 1

Tutor ClassD
Tutor ClassD

Reputation: 21

You have change Rules

{
  "rules": {
    "Users": { *** This Line
      "MyData": {
        "$uid": {
          ".read": "auth != null && auth.uid == $uid"
        }
      }
    }
  }
}

Upvotes: 0

Wimukthi Rajapaksha
Wimukthi Rajapaksha

Reputation: 1019

I think auth.uid == $uid" should be auth.uid === $uid". For more information go through this

Upvotes: 0

Related Questions