Develop Reference

Attempting to get a key where value is equal to in Realtime Database

I have the following structure:
attendanceOptions:
uid: "specificemail#email.com",
uid: "anotherEmail#email.com",
I'm attempting to get the key and value where value is...
In example get where anotherEmail#email.com
Here is my attempt:
security rules:
{
"rules": {
".read": true,
".write": true,
"organization": {
"$uid": {
"attendanceOptions": {
".indexOn": ["$uid"]
},
"members": {
".indexOn": ["mStatus"]
}
}
}
}
}
The error I get is
Error saving rules - Line 9: Invalid key: $uid. Index must be either .value or declared on a valid path
Obviously I'm doing something wrong. How can I accomplish this?

If you want to define an index on attendanceOptions for the value of each child node, you can do that with:
"attendanceOptions": {
".indexOn": [".value"]
},
Also see the Firebase documentation on indexing by value.

Firebase your realtime database has insecure rules warning

I have a website that uses Firebase Realtime Database. It usually sends me e-mail about insecure rules warning. I searched about this here and Firebase Documantation, but when I write other rules, it gives me such error:
Error saving rules - Line 10: String can't contain ".", "#", "$", "/", "[", or "]"
{
// Allow anyone to read data, but only authenticated content owners can
// make changes to their data
"rules": {
"some_path/${uid}": {
".read": true,
// or ".read": "auth.uid != null" for only authenticated users
".write": "request.auth.uid == uid"
} SHOWS ME ERROR IS HERE.
}
}
I am using this rules for now:
{
"rules": {
".read": true,
".write": false
}
}
here is one picture that I try one of other rules called Mixed public and private access.
I will be very glad if anyone can help me.

The syntax does not seem correct to refer to a child resource, check below syntax to achieve the desired effect
{
"rules": {
"some_path": {
"$uid": {
".write": "$uid === auth.uid"
}
}
}
}
https://firebase.google.com/docs/database/security

Firebase Realtime Database rules check if string includes value

This is what my rules look like:
{
"rules": {
"users": {
"$uid": {
".write": "$uid === auth.uid",
".read": "$uid === auth.uid"
}
},
"classes": {
"$classid": {
".read": "root.child('users').child(auth.uid).child('memberOfClasses').child('val').val().matches(*$classid*) || root.child('users').child($uid).child('ownedClasses').child('val').val().matches(*$classid*)",
".write": "root.child('users').child(auth.uid).child('memberOfClasses').child('val').val().matches(*$classid*) || root.child('users').child($uid).child('ownedClasses').child('val').val().matches(*$classid*)"
}
}
}
}
I'm getting Simulation failed - Line 11: syntax error (line 11 is the classes/$classid.read). I'm guessing it has something to do with the regex in .matches(*$classid*)
I'm trying to get it so that if for example users/auth.uid/memberOfClasses or ownedClasses equals something like "154 321 ABC", I would be able to access classes/154, classes/321, and classes/ABC.
What am I doing wrong?

The value that you pass in to matches must be a string literal.
This might work: .matches("*"+$classid+"*")

Understanding Basic Firebase Security Rules on Firebase

I am using Firebase Auth and read a lot of documentation on security rules, custom claims, cloud functions, but I've really gotten more confused.
Consider the following data structure
{
"company": {
"idCompany1": {"data": "Restricted to Company1s users"},
"idCompany2": {"data": "Restricted to Company2s users"}
},
"users": {
"idUser1": {
"companies": {
"idCompany1": true
}
},
"idUser2": {
"companies": {
"idCompany1": true,
"idCompany2": true
}
}
}
}
I would like to implement a simple rule in the Firebase Console (Firebase Security Rule) without modifying my Data Structure.
The Rule I would like to configure is: A user can only read or write information in the companies to which it belongs (users/$idUser/companies/$idCompany === true on path company/$idCompany)
At this moment I have only configured:
{
"rules": {
"company" : {
".read": "auth != null",
".write": "auth != null",
}
}
},
"users" : {
"$user_id" : {
".read": "auth != null",
".write": "auth.uid === $user_id"
}
}
How can I configure this Firebase security Rule in the Firebase Console?

It sounds like you're looking for:
{
"rules": {
"company" : {
"$companyid": {
".read": "root.child('users').child(auth.uid).child('companies').child($companyid).val() === true"
}
}
}
}
This will allow the user to read /company/$companyid for any company where it is listed in their profile.
Note: you won't be able to read /company itself, as rules are not filters.

setting rules for a specific attribute in Firebase Realtime database

EDIT: this will also not work if I will set ".read": "true"
in any child or any sub-tree including the rules root (this is not showing here in the examples).
In my app, which manage user's wedding details such as guests, I want to let the guests write to the "arrive" field only if the "invited" field is exists (actually if it will be true , but I checked if it exists just for testing). However, I didn't manage to do this since in the Firebase console it's says that the simulated set is denied :
The rules in the Firebase console:
{
"rules": {
"Users": {
"$uid":{
".read": "$uid === auth.uid",
".write": "$uid === auth.uid"
},
".indexOn": "email"
},
"Guests":{
"$uid":{
"$guest_id":{
"arrive":{
".read": "$uid === auth.uid",
".write": "root.child('Guests/'+ $uid + '/' + $guest_id +'/invited').exists()"
}
}
}
}
}
}
The JSON example I wrote in the Rules Playground in the console:
{
"Guests": {
"user_1": {
"guest_1": {
"arrive": false,
"invited": true
}
}
}
}
The location path in the Rules Playground:
/Guests/user_1/guest_1/arrive
I tried several approaches and they didn't work. For example:
".write": "data.parent().child('invited').exists()"
or
".write": "root.child('Guests').child($uid).child($guest_id).child('invited').exists()"