0

Here's what I have so far:

var ref = new Firebase('https://url.firebaseio.com/');

ref.authWithPassword({
  "email": "email@gmail.com",
  "password": "******"
}, function(err, authData) {
  if (err) {
    console.log(err);
  } else {
    console.log("Authenticated successfully with payload:", authData);
  }
})

I get a message confirming my authentication was successful. However, if I run something like ref.update({}), I get an error saying permission denied. My Firebase security rules look like this: 

{
  "rules": {
    "users": {
      "$user_id": {
        ".read": "auth != null && auth.uid == $user_id",
        ".write": "auth != null && auth.uid == $user_id"
      }
    }
  }
}

Any advice is appreciated, thanks!

EDIT: Here is the code that I run that giving me the error.

ref.on('value', function(snapshot){
            hsObject = snapshot.val();  //hsObject is the entire Firebase document
        }, function(err){
            hsObject = null;
            console.log('error:', err); //prints "error: Error: permission_denied at /: Client doesn't have permission to access the desired data."
        });
sdfsdf
  • 5,052
  • 9
  • 42
  • 75
  • Can you add the code that actually read from/writes to the database? That's the code that's raising the error and without seeing that it'll be hard to say much. – Frank van Puffelen Feb 27 '16 at 06:31
  • I updated the question. ref.on() is called after authWithPassword(); maybe it could be something related to latency? – sdfsdf Feb 27 '16 at 08:10

1 Answers1

1

From the error message:

error: Error: permission_denied at /: Client doesn't have permission to access the desired data.

It seems like you're trying to read the root of your Firebase. Firebase validates permissions at the locations where you read. Since you don't have read permission at the root, it rejects the read operation.

This is a common source of confusion for developers, who assume that Firebase will filter the data and return only what the user has access to. But that is simply not how Firebase's security model works.

This is covered in the Firebase documentation under rules are not filters and also comes up on StackOverflow regularly:

I highly recommend reading that page of the docs (again), because it's easy to misunderstand how Firebase works and those mistakes can lead you to a data model you'll have to update later.

Community
  • 1
  • 1
Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807