Firebase rules don't work properly

Question

Here's my firebase structure:

-posts
 -public
  -countryCode
   -US
    -KeJ9qrPZYWD-b0AdQ3I
     -timestamp:1488544558698
     -postAuthor:TT4l2xyIOFRXI3RZINffcSFs67O2
    -KeAVVwWQ-OuwyMRycI4
     -timestamp:1488544595373
     -postAuthor:TT4l2xyIOFRXI3RZINffcSFs67O2
-users
 -TT4l2xyIOFRXI3RZINffcSFs67O2

And I want allow users read posts from last 24h or if the user is an author of post then no limitation, so i made my firebase rules like this:

{
  "rules": {
    "users": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    },
    "posts":{
      ".write" : "auth != null",
      "public":{
        "countryCode":{
         "$countryCode_id":{
           "$post" :{
            ".read" : data.child('postAuthor').val() === auth.uid || data.child('timestamp').val() > (now - 86400000)
          }  
      }
  }
 }
}  
  }
}

but it's not working, i can write new ones but can't read anything even if posts are made in specified time or by the current author, what's wrong?

EDIT: ok, so i find out about rule of the rules: "rules are not filters" and it spoils my ideas a lil bit, cause i need read access to parents of my posts, but if i'll mark it as read my posts are going to be read no matter what author, or time will be, cause of cascade - so frustrating :(, so now i need to figure how to do this. MY first idea is to create another path with all posts, and fetch all posts from there, where all of them are going to be mark as read: true, then with observesingleevent(.value) take every single post's key and with it observe directly this current post on another branch where i could set my read and write permissions, am i thinking good?

from your edit it sounds like you need to read the docs on [structuring and denormalizing your data](https://firebase.google.com/docs/database/ios/structure-data#best_practices_for_data_structure) — Travis Christian, Mar 03 '17 at 15:34

score 0 · Answer 1 · edited May 23 '17 at 11:46

Without seeing the code that is giving problems it's hard to be certain. But most likely you're trying to read from a level where you don't have read permission. E.g.:

ref = FIRDatabase.database().reference("/posts/public/countryCode/US")
query = ref.queryOrdered(byChild: "postAuthor").queryEqual(toValue: "TT4l2xyIOFRXI3RZINffcSFs67O2")
query.observeEventType(.Value, withBlock: { snapshot in
    ...

This query will fail, since the user doesn't have read permission on /posts/public/countryCode/US. Contrary to what you might think, Firebase queries cannot be used to filter data. This is known in Firebase context as "rules are not filters" and I recommend checking out:

the section on rules are not filters in the Firebase documentation
this original answer about this behavior
many of the answers that mention that rules are not filters

yeah i already figured it out, i edited my post, could you take a look if i'm right there? — klapinski, Mar 03 '17 at 15:28

Firebase rules don't work properly

1 Answers1