I am trying to set the firebase database rules for my app. Essentially the app has a posts page that allow useres to interact with the diffrent posts.
The problem i have is that when i try to set rules under the "$post_id" branch no data loads in my app, i have a continuous loading screen. but if i remove this "$post_id" branch from the rules then my app loads correctly.
My database looks like this. as you can see the post are loaded under an auto-id node, which is why i tried to add the $post_id to reflect this.
{
"rules": {
"posts": {
// the key for each post is stored inside $post_id variable for reference
"$post_id": {
// general rules
".indexOn": ["timestamp", "likes"],
".read": "auth != null",
// enter the author branch
"author": {
".read": "auth != null",
"$user_id": {
".write": "$user_id === auth.uid"
}
},
//enter the comments branch
"comments": {
".indexOn": ["timestamp"]
}
}
}
Check that firebase.auth().currentUser != null
(for web).
It should allow you to read the /posts/XXX_some_post_id
paths because you have ".read": "auth != null"
under rules/posts/$post_id
.
P.S. You don't even need the second ".read": "auth != null"
under author
because the same rule from /posts/XXX_some_post_id
applies automatically to all its branches/descendants.
There is a good chance (I did the same mistake in the past) that you're trying to read from the upper posts
path rather than from posts/XXX_some_post_id
.
That will fail because no rules are specified for posts
. The rules are currently provided only for posts/$post_id
which is one level deeper. So you need to either
/posts/XXX_some_post_id
every time, or{
"rules": {
"posts": {
".read": "auth != null",
"$post_id": {
// other rules here
}
}
}
}