javascriptfirebasefirebase-realtime-databasegoogle-cloud-functionsfirebase-security
Firebase preventing data fetch even though read rules are assigned
I'm trying to fetch data in the front-end using firebase. Here's how my rules are applied to the realtime database:
{
"rules": {
"users": {
".indexOn": "username",
"$userId": {
".indexOn": "username",
".read": "$userId==auth.uid",
".write": "$userId==auth.uid",
"favorites": {
".indexOn": "thumb"
}
}
},
"files": {
".indexOn": ["uploadId", "uploadedBy", "fileURL"],
"$fileId": {
".write": "newData.child('uploadedBy').val() == auth.uid",
".read": "data.child('uploadedBy').val() == auth.uid",
".indexOn": "fileURL"
}
},
"uploads": {
"$id": {
".write": "newData.child('createdBy').val() == auth.uid || data.child('assignedModeratorId').val() == auth.uid",
".read": "data.child('createdBy').val() == auth.uid || data.child('assignedModeratorId').val() == auth.uid"
},
".indexOn": ["createdBy", "status", "assignedModeratorId"]
}
}
}
And here's what one uploads document looks like:
I'm using this function:
const snapshot = await firebase.database().ref('uploads').orderByChild('createdBy').equalTo(uid).limitToLast(1000).once('value');
But I keep getting Error: permission_denied at /uploads: Client doesn't have permission to access the desired data. error in the front-end. It's working fine when I use admin in the cloud functions. What's wrong with my set rules?
Solution
Your code tries to read data from /uploads, but your rules don't grant anyone permission to read from that node - so it rejects the read.
If you want to allow the user to read the uploads they created, your rules should validate that query with something like:
"uploads": {
".read": "auth.uid !== null &&
query.orderByChild === 'createdBy' &&
query.equalTo === auth.uid"}
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices