0

I'm having issues reading and writing data from my database on the client (my iOS app) using the following database rules:

// Checks auth uid equals database node uid
// In other words, the User can only access their own data

{


"rules": {
    "posts": {
       "$uid": {
         ".read": "$uid === auth.uid",
         ".write": "$uid === auth.uid"
       }
     }
   }
}

However, I have no issues reading and writing my data when using the following rule:

{
  "rules": {
    ".read": "auth != null",
    ".write": "auth != null"
  }
}

My goal is to have each user only have the ability to read/write their own data. Any suggestions/help would be appreciated.

EDIT:

When attempting to post I use the following (iOS):

let key = ref?.childByAutoId().key
                    let post = ["uid": key,                           
                        "title": titleField.text,                    
                        "description": descField.text]    
ref?.child(key!).setValue(post)

When I want to retrieve those data entries, currently I am attempting to retrieve the data entries by looking at the reference point ("task") (in iOS, my database reference is the following):

ref = Database.database().reference().child("task")
ref.observe(.childAdded, with: { (snapshot) in                
            print(snapshot)
            guard let dictionary = snapshot.value as? [String : AnyObject]
                else {
                    return
heyylateef
  • 76
  • 1
  • 10
  • 2
    Please edit the question to show the specific queries that are not working the way you expect with these rules. Rules and queries always go together. Your queries might not match your rules. – Doug Stevenson Jul 17 '19 at 18:25
  • @DougStevenson I'm fairly new to using databases so I'm going to make the assumption that by "query" you mean how is my data structured. I'm going to edit the op with an example of my data structure – heyylateef Jul 17 '19 at 18:41
  • By query he means the code you are using (try) to read/write to the database. – André Kool Jul 17 '19 at 18:44
  • @AndréKool thanks, just updated the op on how I read/write the data – heyylateef Jul 17 '19 at 18:57

2 Answers2

0

Your rules don't match your queries. Your query is accessing documents at a node called "task", but your rules are protecting a node called "posts". You should edit your rules to match the queries you intend to protect.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
0

There are a couple things going on here.

First as Doug answered, your rules have to match your query.

Second, when using childByAutoId() you are creating a random key. Instead you should be using the UID of the logged in user.

And third when reading from the database you have to make sure to read from the location where you have placed your rules. Currently you are trying to read the entire list were there are no rules defined. (When no rules are defined Firebase defaults to false) Instead you should read the child of the list.

You can also take a look at my answer here for some more explenation and links to relevant docs.

André Kool
  • 4,880
  • 12
  • 34
  • 44
  • Thanks, you answer really helped. I fixed my issue by pointing my reference to a node that matches the user ID of the current user, which now matches the security rules. Thanks! – heyylateef Jul 18 '19 at 15:22