What's wrong with this? It says
Error saving rules - Line 12: Expected '{'.
Which regards the .body line, right after the :
{
"rules": {
".read": "auth != null",
".write": "auth != null",
"v1": {
"v2": {
"$v3": {
"v4": {
"$v5": {
".body": "newData.isString() && newData.val().length > 0 && newData.val().length < 10"
}
}
}
}
}
}
}
I got it.
The last part should have been
"body": {
".validate": "newData.isString() && newData.val().length > 0 && newData.val().length < 10"
}
Related
I have added new security rules for my Firebase database, here they are:
{
"rules": {
"Users" : {
"$uid" : {
".read" : "auth != null && auth.uid == $uid",
"numberOfConnections" : {
".write" : "(auth != null && auth.uid == $uid) && (newData.val() - data.val() == 1 || newData.val() == 0)",
},
"mail" : {
".write" : "auth != null && auth.uid == $uid",
},
"numberOfFeedBack" : {
".write" : "auth != null && auth.uid == $uid",
},
"username" : {
".write" : "auth != null && auth.uid == $uid",
}
}
},
"Feedback" : {
"$uid" : {
".read" : "auth != null && auth.uid == $uid",
".write" : "auth != null && auth.uid == $uid",
}
},
}
}
When I write with updateChildValues in FeedBack it works, but when I write in Users I get a denied permission.
Here is the code:
// This don't work -> Permission Denied
static func createNewUsersDb(userId : String, username : String, mail : String) {
let update : [String : Any] = [
"/Users/\(userId)/username" : username,
"/Users/\(userId)/mail" : mail,
"/Users/\(userId)/numberOfConnections" : 0,
"/Users/\(userId)/numberOfFeedBack" : 0
]
dbRef.updateChildValues(update)
}
//This work
private static func createNewFeedBackDb(_ informationForFeedback : String){
let now = DateFormatter()
now.dateStyle = .medium
now.timeStyle = .medium
now.locale = Locale(identifier: "EN-en")
let update : [String : Any] = [
"/Users/\(userId!)/numberOfFeedBack" : ServerValue.increment(NSNumber(value : 1)),
"/FeedBack/\(userId!)" : [
"date" : now.string(from: Date()),
"information" : informationForFeedback
]
]
dbRef.updateChildValues(update)
}
It seems that it's because I didn't write a ".write" rule for Users.uid but I don't understand why it's blocking since I don't write when in the child nodes for which I did set a ".write" rule.
Also, if I write a ".write" rule in Users.uid, Firebase's rule handling would cause my sub-rule for numberOfConnections to be ignored.
That's why I specified the same ".write" rule for all child nodes of Users.uid except numberOfConnections, it seems a bit overkill but it's the only way I found.
I'm not exactly sure why your write rules don't work, since you're only writing to allowed paths/values as far as I can see. However, I'd typically implement the case differently, which may solve your problem anyway:
"Users" : {
"$uid" : {
".read" : "auth != null && auth.uid == $uid",
".write" : "auth != null && auth.uid == $uid",
"numberOfConnections" : {
".validate" : "(newData.val() - data.val() == 1 || newData.val() == 0)",
},
"mail" : {
".validate" : true
},
"numberOfFeedBack" : {
".validate" : true
},
"username" : {
".validate" : true
},
"$other" : {
".validate" : false
}
}
So now you only check for authorization once (on /Users/$uid) and then use validation checks to:
Allow mail, numberOfFeedBack, and username.
Allow numberOfConnections based on the value written.
Reject any other child nodes - the $other rule matches all child nodes that are not matched by another/named rules already.
This is my node Jason:
{
"Users' Input History" : {
"TdtIwvAPewRr1l9HY67PfkLBPbn2" : {
"-M-eylUaQcCpoyTLwbhk" : "fate"
}
},
"Users' Vocabulary List" : {
"TdtIwvAPewRr1l9HY67PfkLBPbn2" : {
"-M-eyxRLoCpDftWQ4cDn" : "hardliner"
}
}
}
This "TdtIwvAPewRr1l9HY67PfkLBPbn2" is the uid for a user who can read and write his own value (here, it is "fate") under the "Users' Input History" node, and value (here, it is "hardliner") under the "Users' Vocabulary List" node.
This Jason will go on and on to have multiple users (uids) and their own multiple values. Each new user (uid) will populate under both the "Users' Input History" node and the "Users' Vocabulary List" node, and new values from that new user will populate under the new uid.
For example, I want user A (uid A) to able to read and write only his own values, and cannot read and write values from other users (uid B, C, D and so on), so I wrote my database rule like so:
{
"rules": {
"Users' Input History": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
}
},
"Users' Vocabulary List": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
}
}
However, as in the image below, I'm getting this error saying Simulation failed at line 12: Expected '}'. Note that there's a red mark on line 12 and a ^ mark on line 13.
What I tried:
I added '}' right before "Users' Vocabulary List". That didn't work and then I added right before "$uid". Both led me to the same error message saying: Parse error. I don't know what else I can try. Is my rule wrong and how can I correct it?
Your nested child for "Users' Vocabulary List" looks to be in the wrong place. Move it up inside the "rules" object.
{
"rules": {
"Users' Input History": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
},
"Users' Vocabulary List": {
"$uid": {
".read": "auth.uid == $uid",
".write": "auth.uid == $uid"
}
}
}
}
I have a database tree like so
users
-UID
--items
---all the data
I would like to add something under UID like shared:another-UID and allow the other UID to read and write everything under items.
For example:
users
-UID
--shared:different_UID
--items
---all the data
My current rules are like this
{
"rules": {
"users": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
}
}
}
}
How would I change my rules to allow this?
In that case your rules would become:
{
"rules": {
"users": {
"$uid": {
".read": "auth != null && (auth.uid == $uid || data.child('shared').val() === auth.uid)",
".write": "auth != null && (auth.uid == $uid || data.child('shared').val() === auth.uid)"
}
}
}
}
So in words: the user can read/write this data if the key is the same as their user ID, or if their user ID is stored in the shared property under the data.
I have the following case, how can I deny access to update (overwrite) the node if it already exists? For example, the request for additions to friends, I want that, this feature was executed once because it set rules in the database, but they do not work. How can this be fixed?
Rules
// friends
"friends": {
"$ownerID": {
"friendIncomingRequests": {
"$secondUserID": {
".write": "!data.exists()" // Only allow new nominations to be created
}
},
"friendOutgoingRequests": {
"$secondUserID": {
".write": "!data.exists()" // Only allow new nominations to be created
}
}
}
}
Data
"friends" : {
"8OdvaGQfMVdJrlCxdc5pOaj09hy2" : {
"friendOutgoingRequests" : {
"mp9pfsfVQKavwYddjYYPC5Ja9N93" : {
"timeStamp" : 1.495514876872129E9,
"userID" : "mp9pfsfVQKavwYddjYYPC5Ja9N93",
"userName" : "Tim C."
}
}
},
"mp9pfsfVQKavwYddjYYPC5Ja9N93" : {
"friendIncomingRequests" : {
"8OdvaGQfMVdJrlCxdc5pOaj09hy2" : {
"senderID" : "8OdvaGQfMVdJrlCxdc5pOaj09hy2",
"senderName" : "Alexsander K.",
"timeStamp" : 1.495514876872129E9
}
}
}
},
Update
I think the problem is in this code, since I have this code also in the rules. But how can I fix it?
"rules": {
".read": "auth != null",
".write": "auth != null",
}
Update 1: Here are all the rules. I need to make a specific write rule (updates) only in friends. I saw examples that for each individual branch of their rules, but if I need to do some specific rules for one branch, and for the rest of the database you need standard rules how should I do this better?
{
"rules": {
".read": "auth != null",
".write": "auth != null",
// card location
"cardLocation": {
// Allow anyone to read the GeoFire index
//".read": true,
// Index each location's geohash for faster querying
".indexOn": "g",
},
"cards": {
".indexOn": "ownerID"
},
"userListEvents": {
"$uid": {
".indexOn": "isConfirmed"
}
},
"userImages": {
"$uid": {
"userProfileImages": {
".indexOn": "isoDate"
}
}
},
// tags
"userTags": {
"$uid": {
".indexOn": "isSelected"
}
},
// people search
//
"userLocations": {
".indexOn": "g"
},
// friends
"friends": {
"$ownerID": {
"friendIncomingRequests": {
"$secondUserID": {
".write": "!data.exists()"
}
},
"friendOutgoingRequests": {
"$secondUserID": {
".write": "!data.exists()"
}
}
}
}
}
}
I think the problem is in this code, since I have this code also in the rules. But how can I fix it?
"rules": {
".read": "auth != null",
".write": "auth != null",
}
Yes, your thought is correct. Firebase .read and .write rules cascade. So you should put every .read and .write on each child node of your data structure. Something like that:
{
"rules": {
//skip this
"someNode": {
".read": "auth != null",
".write": "auth != null"
},
// friends
"friends": {
"$ownerID": {
"friendIncomingRequests": {
"$secondUserID": {
".write": "!data.exists()"
}
},
"friendOutgoingRequests": {
"$secondUserID": {
".write": "!data.exists()"
}
}
}
}
//...
}
}
Need help understanding what wrong with the "Tracking" rule. I'm able to read that data even though it's marked as .read : false.
{
"rules": {
"User": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
}
},
"Purchase": {
"$uid": {
".read": "auth != null && auth.uid == $uid",
".write": "auth != null && auth.uid == $uid"
}
},
"Parm": {
".read": true,
".write": false
},
"Tracking": {
".read": false,
".write": true
}
}
}
This is being done on an IOS app. Here’s the code:
Firebase *ref = [FBase referenceForTrackingDeviceId:sysparm.deviceId];
[ref observeSingleEventOfType:FEventTypeValue withBlock:^(FDataSnapshot *snapshot) {
if (snapshot.exists) {
DLog(#"got it");
} else {
DLog(#"No data");
}
}];
From the debugger:
(lldb) po ref https://<My-Firebase>/Tracking/E8C0C8FB-DE20-4017-9C74-3A6DAD6D4DC7 (lldb) po snapshot.exists YES