Read firebase realtime database with wildcard security in Android Studio

0
votes

I have created a Firebase Realtime database and an application with Android Studio (Java) to read and write in it. In Firebase, I have : a user folder with information a article folder with the data any user can create Here is the structure of the "Products" folder:

Products
    -MNywaQZrRqIgjQINbZK
        description: "A"
        members
            94cMm9pJ59a517aNgLijZV9HjGt1: "94cMm9pJ59a517aNgLijZV9HjGt1"
            admin: "pU4gGrq93fgcDZGX9QT95k3wOCB2"
        product_Location: "Loc A"
        product_Note: "q"
        quantity: "2"
    -MNzHkmEBnYDWQjYQJZq
        description: "B"
        members
            admin: "94cMm9pJ59a517aNgLijZV9HjGt1"
        product_Location: "Loc B"
        product_Note: "alpha"
        quantity: "2"

Here are the security rules. They are allowing any user to access what he created (admin = auth.uid) or what any other user shared with him (data.child('members').child(auth.uid).exists())

    {
  "rules": {
    "Products": {
      "$Product_id": {
        ".read": "data.child('members').child('admin').val() === auth.uid || data.child('members').child(auth.uid).exists()",
        ".write": "auth.uid != null"
        }
        }
    }
  }
}

With these, when I am identified as a user, I can access any child in the node "Products", I am allowed to.

The issue I am facing is that when I am extracting the data with Android Studio, I am reading the folder "Products" itself and as the rules are setup for "Products/$Product_id", it's not working and I am not authorized to read the data. Here is the code in Android Studio:

    mDatabase = FirebaseDatabase.getInstance();
mRef = mDatabase.getReference().child("Products");
mRef.addValueEventListener(new ValueEventListener() {
    @Override
    public void onDataChange(@NonNull DataSnapshot snapshot1) {
        mProducts.clear();
        for(DataSnapshot snapshot2:snapshot1.getChildren()) {
            Article info_from_Firebase = snapshot2.getValue(Article.class);
            mProducts.add(info_from_Firebase);
        }
        arrayAdapter.notifyDataSetChanged();
        scr2_listcontent = (ListView) findViewById(R.id.scr2_lv);
        arrayAdapter = new ArticleAdapter(getApplicationContext(), mProducts);
        scr2_listcontent.setAdapter(arrayAdapter);
    }

Of course, when I change the rules in Firebase to the following, I can read data but the access restriction I want to setup is not there anymore:

{
  "rules": {
    "Products": {
        ".write": "auth.uid != null",
        ".read": "auth.uid != null",
        }
    }
  }

Is there something I should do differently in Firebase or in Android Studio ?

Thanks a lot for your answer and Happy New Year 2021.

1
javafirebaseandroid-studiosecuritywildcard

1 Answers

0
votes

Actually, I believe I found a solution looking at the following post: stackoverflow.com/questions/48584390/… By setting authorizations in Firebase like explained in this post, I can then read list by list in Android without any authorization alert message. I will post later on some code to explain. Thanks