0

This is my firebase rules

{
  "rules": {
    ".read": "auth != null",
    ".write": "root.child('users/auth.id/user_type').val() == 'admin'"
  }
}

My users node. (Data is faked)

{
  "users" : {
    "2anxMpsdsxsd5K2" : {
      "user_email" : "dsds@gmail.com",
      "user_name" : "dsd",
      "user_photo_url" : "somepic.jpg",
      "user_roles" : {
        "writer" : true
      }
    },
    "z8uzffddelsSl1" : {
      "user_email" : "xcxc@gmail.com",
      "user_name" : "xcxc",
      "user_photo_url" : "fb-picture",
      "user_type" : "admin"
    }
  }
}

I tried with user roles but was still denied from writing. Would my rules be the one that's faulty?

KENdi
  • 7,576
  • 2
  • 16
  • 31
Justine M.
  • 359
  • 8
  • 24
  • 1
    Take a look at [this answer](https://stackoverflow.com/a/19524810/4916627). Or you can take a look at the rules in [my answer here](https://stackoverflow.com/a/39063833/4916627) – André Kool Aug 23 '18 at 11:41

1 Answers1

1

This is what I came up with.

{
  "rules": {

        "users": {
      ".read": "auth != null",
      "$user_id": {

        ".write": "auth.uid == $user_id || root.child('users').child(auth.uid).child('user_type').val() == 'admin'"
      }
    },
    // "news": {
    //   "$news_id": {
    //     ".read": "auth != null",
    //     ".write": "auth.uid == root.child('news').child($news_id).child('news_author_id').val() || root.child('users').child(auth.uid).child('user_type').val() == 'news_contributor' || root.child('users').child(auth.uid).child('user_type').val() == 'admin' "
    //   }
    // },

    "programs": {
      ".read": "auth != null",
      "courses": {
                "$course_id": {

          ".write": "auth.uid == root.child('programs').child('courses').child($course_id).child('program_author_id').val() || root.child('users').child(auth.uid).child('user_type').val() == 'admin'"
        }
      },
      "tracks": {
        ".read": "auth != null",
                "$track_id": {

          ".write": "auth.uid == root.child('programs').child('tracks').child($track_id).child('program_author_id').val() || root.child('users').child(auth.uid).child('user_type').val() == 'program_contributor' ||  root.child('users').child(auth.uid).child('user_type').val() == 'admin'"
        }
      }
    },

    "news": {
      ".read": "auth != null",
      "$news_id": {

        ".write": "root.child('users').child(auth.uid).child('user_type').val() == 'news_contributor' || auth.uid == root.child('news').child($news_id).child('news_author_id').val() == auth.uid || root.child('users').child(auth.uid).child('user_type').val() == 'admin'"
      }
    }
  }
}

One problem though.

this error pops up error TS7027: Unreachable code detected.

Justine M.
  • 359
  • 8
  • 24