Here is my example database:
{
"referrals" : {
"Nr7sS4xV1fO59wjCqbEabLlK8RF3" : {
"16-10-2020" : {
"-MJhjQddWdWDImj98Sov" : {
"city" : "hyhy",
"name" : "mmmm",
"number" : "03058852844",
"remarks" : "pg"
},
"-MJhmeRiqeXskncHJF61" : {
"city" : "vsva",
"name" : "yhyh",
"number" : "02089453882",
"remarks" : "pg"
}
},
"total_referrals" : 2
},
"jpeoZQAPdZY4yEt8yGifGZi4U4r1" : {
"16-10-2020" : {
"-MJlzrS8xX8MGN1ar9uw" : {
"city" : "lahore",
"name" : "khursand",
"number" : "03014181394",
"remarks" : "paid"
},
"-MJm-LFhEEMBzBPRftlC" : {
"city" : "lahore",
"name" : "khursand",
"number" : "03014141111",
"remarks" : "pg"
}
},
"total_referrals" : 2
}
},
"users" : {
"Nr7sS4xV1fO59wjCqbEabLlK8RF3" : {
"account_status" : "Level 1",
"current_balance" : "0",
"isBan" : false,
"paid_referrals" : "0",
"total_balance" : "0",
"total_withdraw" : "0"
},
"jpeoZQAPdZY4yEt8yGifGZi4U4r1" : {
"account_status" : "Level 1",
"current_balance" : "0",
"paid_referrals" : "0",
"total_balance" : "0",
"total_withdraw" : "0"
}
},
"withdraw_details" : {
"Nr7sS4xV1fO59wjCqbEabLlK8RF3" : {
"-MJMgVd3TuWYjdGSd-FY" : {
"amount" : "600",
"date" : "11/10/2020",
"method" : "Easypaisa",
"number" : "03058853833",
"tid" : "90124678573"
}
},
"jpeoZQAPdZY4yEt8yGifGZi4U4r1" : {
"-MJm7SfTwWafae85ayRq" : {
"amount" : "600",
"date" : "11/10/2020",
"method" : "Easypaisa",
"number" : "03494628929",
"tid" : "90124678573"
}
}
}
}
And here are my database rules that I've tried to set in console:
{
"rules": {
"users":{
"$user_id":{
".read": "$user_id == auth.uid && auth != null", // only owner or authenticated user can read
".write": false // No-one can write
}
},
"withdraw_details":{
"$user_id":{
".read": "$user_id == auth.uid && auth != null",// only owner or authenticated user can read
".write": false // No-one can write
}
},
"referrals": {
"$user_id": {
".read": "$user_id == auth.uid && auth != null", // same as above
".write": "$user_id == auth.uid && auth != null", // owner and authenticated can write
"$date": {
// children should be only these
".validate": "newData.hasChildren(['name', 'number', 'city', 'remarks'])",
// you can see further validation rules below
"name": {".validate": "newData.isString() && newData.val().length <= 30"},
"number": {".validate": "newData.isNumber() && newData.val().length == 11"},
"city": {".validate": "newData.isString() && newData.val().length <= 20"},
"remarks": {".validate": "newData.isString() && newData.val().length <= 15"},
// any other child should be rejected
"$other": {".validate": false}
}
}
}
}
Now I don't know what I am doing wrong here because every time I try to read any child it throws a "Permission denied" error.
Like a user details request below
private void getDetails() {
databaseReference.child("users").addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@NonNull DataSnapshot snapshot) {
if (snapshot.hasChild(mAuth.getCurrentUser().getUid())) {
AccountDetails accountDetails = snapshot
.child(mAuth.getCurrentUser().getUid())
.getValue(AccountDetails.class);
setValuesToTextViews(
accountDetails.getTotal_balance(),
accountDetails.getTotal_withdraw(),
accountDetails.getCurrent_balance(),
accountDetails.getAccount_status(),
accountDetails.getPaid_referrals(),
accountDetails.getTotal_referrals()
);
}
}
}
@Override
public void onCancelled(@NonNull DatabaseError error) {
Log.w(TAG, "onCancelled: " + error.toException());
Toast.makeText(getActivity(), error.getMessage(), Toast.LENGTH_SHORT).show();
}
});
}
Moreover, on further clarification, I want the /users/uid/ && /withdraw_details/uid/ to be read only by it's owner and auth shouldn't be null. and write access to these locations should be denied.
The /referrals/uid/ location should have read and write access to its owner and with certain criteria and validations as you can see in the database rules above.
