Firebase security rules getting a value from another node and comparing it with auth.uid
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
I am having difficulties with setting up the Firebase security rules by taking the value of another node and comparing it with auth.uid
My structure is as follows:
/$environment
/$environment/data/$client_id
/$environment/users/$uid/client_id
I would like to make sure that the authenticated user with auth.uid
can only view the data at $client_id
if $uid/client_id
is equivalent.
I tried the following but in the simulator it says access denied:
{
/* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
"rules": {
".write": false,
"$environment": {
/* Data */
"data": {
"$client_id": {
".read": "$client_id === root.child($environment+'/users/'+auth.uid+'/client_id').val()"
}
},
/* Account settings */
"users": {
"$uid": {
".read": "$uid === auth.uid"
}
}
/* --------------------------------*/
/* end environment, rules and json */
}
}
}
firebase firebase-realtime-database firebase-authentication firebase-security-rules
add a comment |
I am having difficulties with setting up the Firebase security rules by taking the value of another node and comparing it with auth.uid
My structure is as follows:
/$environment
/$environment/data/$client_id
/$environment/users/$uid/client_id
I would like to make sure that the authenticated user with auth.uid
can only view the data at $client_id
if $uid/client_id
is equivalent.
I tried the following but in the simulator it says access denied:
{
/* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
"rules": {
".write": false,
"$environment": {
/* Data */
"data": {
"$client_id": {
".read": "$client_id === root.child($environment+'/users/'+auth.uid+'/client_id').val()"
}
},
/* Account settings */
"users": {
"$uid": {
".read": "$uid === auth.uid"
}
}
/* --------------------------------*/
/* end environment, rules and json */
}
}
}
firebase firebase-realtime-database firebase-authentication firebase-security-rules
You're missing a/
beforeusers
inroot.child($environment+'users/'...
.
– Frank van Puffelen
Jan 3 at 17:21
Corrected. Still not working
– JohnAndrews
Jan 3 at 18:53
Can you update your question to include the actual (relevant) JSON (as text, no screenshots). You can get this by clicking the "Export JSON" link in the overflow menu (⠇) on your Firebase Database console. Also please provide the code of a read operation that is failing against that JSON/rules. Also: since you're testing in the simulator, a screenshot containing the relevant details would also go a long way.
– Frank van Puffelen
Jan 3 at 19:03
add a comment |
I am having difficulties with setting up the Firebase security rules by taking the value of another node and comparing it with auth.uid
My structure is as follows:
/$environment
/$environment/data/$client_id
/$environment/users/$uid/client_id
I would like to make sure that the authenticated user with auth.uid
can only view the data at $client_id
if $uid/client_id
is equivalent.
I tried the following but in the simulator it says access denied:
{
/* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
"rules": {
".write": false,
"$environment": {
/* Data */
"data": {
"$client_id": {
".read": "$client_id === root.child($environment+'/users/'+auth.uid+'/client_id').val()"
}
},
/* Account settings */
"users": {
"$uid": {
".read": "$uid === auth.uid"
}
}
/* --------------------------------*/
/* end environment, rules and json */
}
}
}
firebase firebase-realtime-database firebase-authentication firebase-security-rules
I am having difficulties with setting up the Firebase security rules by taking the value of another node and comparing it with auth.uid
My structure is as follows:
/$environment
/$environment/data/$client_id
/$environment/users/$uid/client_id
I would like to make sure that the authenticated user with auth.uid
can only view the data at $client_id
if $uid/client_id
is equivalent.
I tried the following but in the simulator it says access denied:
{
/* Visit https://firebase.google.com/docs/database/security to learn more about security rules. */
"rules": {
".write": false,
"$environment": {
/* Data */
"data": {
"$client_id": {
".read": "$client_id === root.child($environment+'/users/'+auth.uid+'/client_id').val()"
}
},
/* Account settings */
"users": {
"$uid": {
".read": "$uid === auth.uid"
}
}
/* --------------------------------*/
/* end environment, rules and json */
}
}
}
firebase firebase-realtime-database firebase-authentication firebase-security-rules
firebase firebase-realtime-database firebase-authentication firebase-security-rules
edited Jan 3 at 18:52
JohnAndrews
asked Jan 3 at 16:16
JohnAndrewsJohnAndrews
1,64333581
1,64333581
You're missing a/
beforeusers
inroot.child($environment+'users/'...
.
– Frank van Puffelen
Jan 3 at 17:21
Corrected. Still not working
– JohnAndrews
Jan 3 at 18:53
Can you update your question to include the actual (relevant) JSON (as text, no screenshots). You can get this by clicking the "Export JSON" link in the overflow menu (⠇) on your Firebase Database console. Also please provide the code of a read operation that is failing against that JSON/rules. Also: since you're testing in the simulator, a screenshot containing the relevant details would also go a long way.
– Frank van Puffelen
Jan 3 at 19:03
add a comment |
You're missing a/
beforeusers
inroot.child($environment+'users/'...
.
– Frank van Puffelen
Jan 3 at 17:21
Corrected. Still not working
– JohnAndrews
Jan 3 at 18:53
Can you update your question to include the actual (relevant) JSON (as text, no screenshots). You can get this by clicking the "Export JSON" link in the overflow menu (⠇) on your Firebase Database console. Also please provide the code of a read operation that is failing against that JSON/rules. Also: since you're testing in the simulator, a screenshot containing the relevant details would also go a long way.
– Frank van Puffelen
Jan 3 at 19:03
You're missing a
/
before users
in root.child($environment+'users/'...
.– Frank van Puffelen
Jan 3 at 17:21
You're missing a
/
before users
in root.child($environment+'users/'...
.– Frank van Puffelen
Jan 3 at 17:21
Corrected. Still not working
– JohnAndrews
Jan 3 at 18:53
Corrected. Still not working
– JohnAndrews
Jan 3 at 18:53
Can you update your question to include the actual (relevant) JSON (as text, no screenshots). You can get this by clicking the "Export JSON" link in the overflow menu (⠇) on your Firebase Database console. Also please provide the code of a read operation that is failing against that JSON/rules. Also: since you're testing in the simulator, a screenshot containing the relevant details would also go a long way.
– Frank van Puffelen
Jan 3 at 19:03
Can you update your question to include the actual (relevant) JSON (as text, no screenshots). You can get this by clicking the "Export JSON" link in the overflow menu (⠇) on your Firebase Database console. Also please provide the code of a read operation that is failing against that JSON/rules. Also: since you're testing in the simulator, a screenshot containing the relevant details would also go a long way.
– Frank van Puffelen
Jan 3 at 19:03
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54026037%2ffirebase-security-rules-getting-a-value-from-another-node-and-comparing-it-with%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54026037%2ffirebase-security-rules-getting-a-value-from-another-node-and-comparing-it-with%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You're missing a
/
beforeusers
inroot.child($environment+'users/'...
.– Frank van Puffelen
Jan 3 at 17:21
Corrected. Still not working
– JohnAndrews
Jan 3 at 18:53
Can you update your question to include the actual (relevant) JSON (as text, no screenshots). You can get this by clicking the "Export JSON" link in the overflow menu (⠇) on your Firebase Database console. Also please provide the code of a read operation that is failing against that JSON/rules. Also: since you're testing in the simulator, a screenshot containing the relevant details would also go a long way.
– Frank van Puffelen
Jan 3 at 19:03