Firebase set security and rules for current user

2
votes

I am trying to let the authorized current user read and write to his own data to the Firebase database. My security data looks like this:

{
  "features" : {
    "-KDUBJIPwvLCK-1lV4bM" : {
      "e1fd0ccb-370a-4a6f-86af-87fdf97d25a0" : "een"
    },
    "-KDUBLUr6K_PMxWkgcof" : {
      "e1fd0ccb-370a-4a6f-86af-87fdf97d25a0" : "twee"
    }
  },
  "users" : {
    "e1fd0ccb-370a-4a6f-86af-87fdf97d25a0" : {
      "email" : "[email protected]",
      "image" : "iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAYAAAB5fY51AAAAAXNSR0IArs4c6QAA\r\nABxpRE9UAAAA",
      "name" : "tjalling dijkstra",
      "telephone number" : "06580055"
    }
  }
}

-KDUBJIPwvLCK-1lV4bM is an autoId gotten from childByAutoId() method

e1fd0ccb-370a-4a6f-86af-87fdf97d25a0 is a uid (unique user id).

een is the value of a certain feature.

My security rules are:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "auth != null && auth.uid == $uid",
        ".write": "auth != null && auth.uid == $uid"
      }
    },
    "features": {
      "$autoId" : { 
      "$uid": {
        ".read": "auth != null && auth.uid == $uid",
        ".write": "auth != null && auth.uid == $uid"
      }
    }
  }
}
}

If I write Firebase rules like this, permission to setValue() is denied on the features part.

2016-03-22 17:51:27.077 Herodus[884:228445] [Firebase] setValue: or removeValue: at /features/-KDUEEZ4z-FCAoUci-rW failed: permission_denied.

A new feature is added with this code snippet: 

let featureContents = addFeatureTextField.text 
if featureContents != "" { 
  let newFeature: String = featureContents! 
  let featureDict = [ uid: newFeature] 
  let ref = DataService.dataService.FEATURE_REF.childByAutoId()
  ref.setValue(featureDict)

Somebody, any clue what I am doing wrong here?

1
iosswiftfirebasefirebase-securityfirebase-realtime-database
You've included a picture of the JSON tree and security rules in your question. Please replace that with the actual JSON and security rules as text. You can get the JSON easily by clicking the Export button in your Firebase database. Having the JSON and security rules as text makes them searchable, allows us to easily use them to test with your actual data and use them in our answer and in general is just a Good Thing to do.Frank van Puffelen
There's an edit link right under your question that allows you to put it into your question.Frank van Puffelen
Hope you can help me to the answer Frank, as an engineer at Firebase ;-)Tjalling Dijkstra
OK. You've added the parts and I've edited it into something more readable. Now can you add a code snippet of an operation that fails? Be sure to include the necessary details of what data you're writing and what location you're writing it to.Frank van Puffelen
Thanks Frank! Much appreciated. At first, this is the error message: 2016-03-22 17:51:27.077 Herodus[884:228445] [Firebase] setValue: or removeValue: at /features/-KDUEEZ4z-FCAoUci-rW failed: permission_denied. A new feature is added with this code snippet: let featureContents = addFeatureTextField.text if featureContents != "" { let newFeature: String = featureContents! let featureDict = [ uid: newFeature] let ref = DataService.dataService.FEATURE_REF.childByAutoId() ref.setValue(featureDict)Tjalling Dijkstra

1 Answers

1
votes

You're writing to this path:

/features/-KDUEEZ4z-FCAoUci-rW

Your rules only give write permission on this path:

/features/$autoId/$uid

You'll want to write the data using something like:

ref.childByAppendingPath(authData.uid).setValue(featureDict)