0

Ok here is my problem I have object in firebase like this

dev : { persons : { "111" : { name : "name1", surname:"surname1", uid: "userUID_1" } "222" : { name : "name1", surname:"surname1", uid: "userUID_2" } } } prod : {...}

I want to read all persons whose uid must exactly match authenticated user id, I'm trying to make rules like this but it's not working ...

{ "rules": { ".read" : false, ".write" : false,
"dev": { "persons": { "$person_id" : { ".read" : "auth !== null && data.child('uid').val() == auth.uid ", }, }, }, } }

Also when I'm setting ".read" : true, without any filter, inside "$person_id" It's not working also. Can you guys tell me what is my mistake, what I'm doing wrong in rules.

This rule still gets read denied inside persons, but if I make ".read": true outside "$person_id" it works, but i need to filter with some keys also.

{ "rules": { ".read" : false, ".write" : false,
"dev": { "persons": { "$person_id" : { ".read" : true, }, }, }, "prod" : { ".read" : false, ".write" : false,
} } }

Beka Tomashvili
  • 2,171
  • 5
  • 21
  • 27
  • You cannot use security rules to filter data. If you run a query on `/persons` and you don't have read permission on `/persons`, the query will immediately fail. – Frank van Puffelen Sep 15 '16 at 21:15
  • Here is screen http://collabshot.com/show/sxcZ7W – Beka Tomashvili Sep 15 '16 at 21:28
  • Ok can you look at this link and tell me why they are saying this -> "only messages from the last ten minutes can be read" Here is link https://firebase.google.com/docs/database/security/securing-data – Beka Tomashvili Sep 15 '16 at 21:32
  • 1
    I know that documentation fairly well. Making a node unreadable after a time-out is not the same as trying to use security rules to filter data though. This is a common source of confusion for developers new to Firebase's security rules. To learn more, I recommend reading some of the [questions and answer in this list](https://www.google.com/search?q=site:stackoverflow.com+firebase+rules+are+not+filters). Also see this [section in the documentation](https://firebase.google.com/docs/database/security/securing-data#rules_are_not_filters) and this answer http://stackoverflow.com/a/14298525/209103 – Frank van Puffelen Sep 15 '16 at 22:15
  • Thanks for your response, it's useful comment. – Beka Tomashvili Sep 16 '16 at 15:28

0 Answers0