0

I'm trying to create a rule for create/access the FRD data based on authenticated user. But am getting an error where running the Rules Playground

What I want is, Users are creating the categories. So Users is able to only read their categories and update those categories.

Rule:

{
  "rules": {
    "users": {
      "$uid": {
        ".write": "auth != null && $uid === auth.uid",
        ".read": "auth != null && $uid === auth.uid"
      }
    },
    "categories": {
      "$uid": {
        ".write": "auth != null && $uid === auth.uid",
        ".read": "auth != null && $uid === auth.uid"
      }
    }
  }
}

Auth Users:

Here is authentication users to firebase

Realtime Database

Categories This is categories table

Users This is users table

Categories Write function in Flutter

String uId = await userId();
      final databaseRef = FirebaseDatabase.instance.ref('categories');
      var data = await databaseRef.get();
var index = data.children.length;
      await databaseRef.child('$index').set(<String, dynamic>{
        "name": categoryBody.name,
        "description": categoryBody.description,
        "uid": uId,
        "id": index,
      });

Error enter image description here enter image description here enter image description here

Is there anything wrong with the rules that am applying?

Improve this question
2
  • Can you share error you are facing? Commented Nov 4, 2022 at 11:21
  • Added error screenshot @RoopaM Commented Nov 4, 2022 at 12:25

2 Answers 2

Reset to default
1

I tried to replicate your issue, but I can able to successfully test rules without errors.

The rules you are using are for authenticated users but you are testing for unauthenticated users. Means you have not enabled Authenticated field.

And you have to enter /categories/uid instead of /categories under the location and you should enter uid under Firebase UID field. You may have look at below screenshot.

enter image description here

You can refer this tutorial for more information.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Hi Roopa M, thanks for your answer. I tried your solution, but getting same simulation error. In my case Provider is password. passed the uid to Firebase UID field. Attached new screenshots to my question, kindly check. Thanks!
@rjkolli7 You are passing value of uid to firebase UID. Try passing just uid as shown in my screenshot
Thanks for the input Roopa M, it's working perfect. But when am trying to write categories and read categories from my app it is not working. It's throwing PERMISSION DENIED error. I attached the code to my question, kindly check. Thanks!
@rjkolli7, It could be a problem with plugins. Make sure, you have included the correct versions of plugin. if you are still facing the issue, Can you share the document or tutorial if you are following any?
I understand the structure for this @Roopa M. Actually my structure of categories is is starting with index. But am looking for the uid inside the child of categories. So for that I changed the structure from "categories":[ "index": {}, ] to "categories":[ "uid": {}, ] Now it is working.
|
1

When you're using the following security rules:

"categories": {
  "$uid": {
    ".write": "auth != null && $uid === auth.uid",
    ".read": "auth != null && $uid === auth.uid"
  }
}

It means that you allow the user to write/read to/from every child that exists under your categories/$uid node. So when you try to apply those rules to your actual database structure, it's the expected behavior to see that Firebase servers reject the operations since it doesn't find any $uid level in your database schema. To solve this, you have to remove that extra $uid level from rules like this:

"categories": {
  ".write": "auth != null",
  ".read": "auth != null"
}

And this is because those category objects exist directly under the categories node and not under categories/$uid.

Improve this answer

5 Comments

Hey rjkolli7. Have you tried my solution above, does it work?
Hi Alex Mamo, Thanks for your answer. I tried above solution, but $uid am unable to fetch. It's giving error Unknown Variable $uid
Oh, yes. That's correct. Sorry, my bad. The UID is not the document ID. So please check my updated answer. Does it work now?
Yes, the above one working Alex Mamo, This is every logged-in user able to read all categories. But my case is only authorised user's only able to read their data. So am using uid for that.
In that case, you should add an extra level to your database, which is the UID, and leave the rules exactly as they are, right? Give it a try and tell me if it works.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.