CODEWITHSUNDEEP
firebasefirebase-realtime-databasefirebase-security
Clicksurfer
Clicksurfer

Reputation: 146

How to write Rules condition based on input data in Firebase Realtime Database

I have a Firebase Realtime Database which gets written to in a predicted structure.

Is there a way to verify using rules that the authenticated user's UID matches one of the data input values?

I know it is possible to validate this using values from the tree structure, but in my case I want to compare the UID to data in the input JSON.

For example, in my case, the input data is in the following JSON data structure:

{ "UserID": "SOME_UID", "UserName": "SOME_USERNAME", "CompletionMoves": 3, "CompletionTime": 12.345 }

And it is posted to a location which includes a level name and then the user's UID, akin to /Level3/SOME_UID.

I want to verify the user's UID equals the value of UserID in the data.

I thought of trying the following rule logic, but it fails on tests for some reason on the uid comparison line:

{
  "rules": {
    "$level": {
      "$uid" : {
            ".read": "auth != null",
                    ".write": "auth != null 
                    && newData.child($level).child($uid).child('UserID').val() == auth.uid",
      }
    }
  }
}

Does anybody know what I am missing? Thanks in advance!

Upvotes: 0

Views: 650

Answers (2)

Frank van Puffelen
Frank van Puffelen

Reputation: 598857

The newData and data variables in security are snapshots of the (new) data at the node where the rule is declared. So you don't need to build the entire path to UserID, and can instead refer to it directly.

So instead of:

&& newData.child($level).child($uid).child('UserID').val() == auth.uid",

Use:

&& newData.child('UserID').val() == auth.uid",

Upvotes: 1

Warren Harding
Warren Harding

Reputation: 23

Instead of '.child($uid)', try '.child(auth.uid)'.

This works for me (if I've understood your question correctly).

Upvotes: 0

Related Questions